· 6 years ago · Jan 18, 2020, 01:00 AM
1#######################################################################################################################################
2======================================================================================================================================
3Hostname www.e-kujira.or.jp ISP IDC Frontier Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 18 Jan 2020 08:50 JST
8City Unknown Postal Code Unknown
9IP Address 210.152.243.182 Latitude 35.69
10 Longitude 139.69
11=======================================================================================================================================
12#######################################################################################################################################
13> www.e-kujira.or.jp
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.e-kujira.or.jp
19Address: 210.152.243.182
20>
21#######################################################################################################################################
22Domain Information:
23a. [Domain Name] E-KUJIRA.OR.JP
24g. [Organization] THE INSTITUTE OF CETACEAN RESEARCH
25l. [Organization Type] Foundation
26m. [Administrative Contact] AS1865JP
27n. [Technical Contact] AS1866JP
28p. [Name Server] ns1.netassist.ne.jp
29p. [Name Server] ns2.netassist.ne.jp
30s. [Signing Key]
31[State] Connected (2020/01/31)
32[Registered Date] 2001/01/17
33[Connected Date] 2001/01/25
34[Last Update] 2019/02/01 01:03:39 (JST)
35#######################################################################################################################################
36[+] Target : www.e-kujira.or.jp
37
38[+] IP Address : 210.152.243.182
39
40[+] Headers :
41
42[+] Date : Fri, 17 Jan 2020 23:56:21 GMT
43[+] Server : Apache
44[+] X-Powered-By : PHP/5.1.6
45[+] Content-Language : ja
46[+] Connection : close
47[+] Transfer-Encoding : chunked
48[+] Content-Type : text/html; charset=EUC-JP
49
50[+] SSL Certificate Information :
51
52[+] commonName : www.e-kujira.or.jp
53[+] countryName : JP
54[+] organizationName : Japan Registry Services Co., Ltd.
55[+] commonName : JPRS Domain Validation Authority - G2
56[+] Version : 3
57[+] Serial Number : 52BBFC2245B6BDC00CD705679ABEA434
58[+] Not Before : Jun 4 03:40:06 2019 GMT
59[+] Not After : Aug 31 14:59:59 2020 GMT
60[+] OCSP : ('http://dv.g2.ocsp.pubcert.jprs.jp',)
61[+] subject Alt Name : (('DNS', 'www.e-kujira.or.jp'), ('DNS', 'e-kujira.or.jp'))
62
63[+] Whois Lookup :
64
65[+] NIR : {'query': '210.152.243.182', 'raw': None, 'nets': [{'cidr': '210.152.243.0/24', 'name': 'IDC Frontier Inc.', 'handle': 'IDCF-CLOUD', 'range': '210.152.243.1 - 210.152.243.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': ['ns01.idcfcloud.com', 'ns02.idcfcloud.com', 'ns03.idcfcloud.com'], 'created': None, 'updated': '2015-09-15T11:59:05', 'contacts': {'admin': {'name': 'Engineering, Dept', 'email': 'biz-eng@idcf.jp', 'reply_email': '', 'organization': 'IDC Frontier Inc.', 'division': '', 'title': '', 'phone': '03-4354-0000', 'fax': '', 'updated': '2010-11-18T02:36:59'}, 'tech': {'name': 'Engineering, Dept', 'email': 'biz-eng@idcf.jp', 'reply_email': '', 'organization': 'IDC Frontier Inc.', 'division': '', 'title': '', 'phone': '03-4354-0000', 'fax': '', 'updated': '2010-11-18T02:36:59'}}}]}
66[+] ASN Registry : apnic
67[+] ASN : 4694
68[+] ASN CIDR : 210.152.224.0/19
69[+] ASN Country Code : JP
70[+] ASN Date : 1996-12-30
71[+] ASN Description : IDCF IDC Frontier Inc., JP
72[+] cidr : 210.144.0.0/12
73[+] name : JPNIC-NET-JP
74[+] handle : JNIC1-AP
75[+] range : 210.144.0.0 - 210.159.255.255
76[+] description : Japan Network Information Center
77[+] country : JP
78[+] state : None
79[+] city : None
80[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
81Chiyoda-ku, Tokyo 101-0047, Japan
82[+] postal_code : None
83[+] emails : ['hostmaster@nic.ad.jp']
84[+] created : None
85[+] updated : None
86
87[+] Crawling Target...
88
89[+] Looking for robots.txt........[ Not Found ]
90[+] Looking for sitemap.xml.......[ Not Found ]
91[+] Extracting CSS Links..........[ 1 ]
92[+] Extracting Javascript Links...[ 3 ]
93[+] Extracting Internal Links.....[ 1 ]
94[+] Extracting External Links.....[ 1 ]
95[+] Extracting Images.............[ 22 ]
96
97[+] Total Links Extracted : 28
98
99[+] Dumping Links in /opt/FinalRecon/dumps/www.e-kujira.or.jp.dump
100[+] Completed!
101#######################################################################################################################################
102[i] Scanning Site: https://210.152.243.182
103
104
105
106B A S I C I N F O
107====================
108
109
110[+] Site Title: ������١�����ʤɷ�����Ȥä��������Υ쥷�Ԥ������Τޤǡ�������Τ��Ȥʤ餯���鲣���ޤǡ�
111[+] IP address: 210.152.243.182
112[+] Web Server: Apache
113[+] CMS: Could Not Detect
114[+] Cloudflare: Not Detected
115[+] Robots File: Could NOT Find robots.txt!
116
117
118
119
120W H O I S L O O K U P
121========================
122
123 % This is the RIPE Database query service.
124% The objects are in RPSL format.
125%
126% The RIPE Database is subject to Terms and Conditions.
127% See http://www.ripe.net/db/support/db-terms-conditions.pdf
128
129% Note: this output has been filtered.
130% To receive output for a database update, use the "-B" flag.
131
132% Information related to '209.251.254.0 - 211.255.255.255'
133
134% No abuse contact registered for 209.251.254.0 - 211.255.255.255
135
136inetnum: 209.251.254.0 - 211.255.255.255
137netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
138descr: IPv4 address block not managed by the RIPE NCC
139remarks: ------------------------------------------------------
140remarks:
141remarks: For registration information,
142remarks: you can consult the following sources:
143remarks:
144remarks: IANA
145remarks: http://www.iana.org/assignments/ipv4-address-space
146remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
147remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
148remarks:
149remarks: AFRINIC (Africa)
150remarks: http://www.afrinic.net/ whois.afrinic.net
151remarks:
152remarks: APNIC (Asia Pacific)
153remarks: http://www.apnic.net/ whois.apnic.net
154remarks:
155remarks: ARIN (Northern America)
156remarks: http://www.arin.net/ whois.arin.net
157remarks:
158remarks: LACNIC (Latin America and the Carribean)
159remarks: http://www.lacnic.net/ whois.lacnic.net
160remarks:
161remarks: ------------------------------------------------------
162country: EU # Country is really world wide
163admin-c: IANA1-RIPE
164tech-c: IANA1-RIPE
165status: ALLOCATED UNSPECIFIED
166mnt-by: RIPE-NCC-HM-MNT
167created: 2019-01-07T10:47:20Z
168last-modified: 2019-01-07T10:47:20Z
169source: RIPE
170
171% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
172
173
174
175
176
177
178G E O I P L O O K U P
179=========================
180
181[i] IP Address: 210.152.243.182
182[i] Country: Japan
183[i] State:
184[i] City:
185[i] Latitude: 35.69
186[i] Longitude: 139.69
187
188
189
190
191H T T P H E A D E R S
192=======================
193
194
195[i] HTTP/1.1 200 OK
196[i] Date: Fri, 17 Jan 2020 23:56:51 GMT
197[i] Server: Apache
198[i] X-Powered-By: PHP/5.1.6
199[i] Content-Language: ja
200[i] Connection: close
201[i] Content-Type: text/html; charset=EUC-JP
202
203
204
205
206D N S L O O K U P
207===================
208
209no records found
210
211
212
213S U B N E T C A L C U L A T I O N
214====================================
215
216Address = 210.152.243.182
217Network = 210.152.243.182 / 32
218Netmask = 255.255.255.255
219Broadcast = not needed on Point-to-Point links
220Wildcard Mask = 0.0.0.0
221Hosts Bits = 0
222Max. Hosts = 1 (2^0 - 0)
223Host Range = { 210.152.243.182 - 210.152.243.182 }
224
225
226
227N M A P P O R T S C A N
228============================
229
230Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-17 23:56 UTC
231Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
232Host is up (0.18s latency).
233
234PORT STATE SERVICE
23521/tcp open ftp
23622/tcp open ssh
23723/tcp filtered telnet
23880/tcp open http
239110/tcp open pop3
240143/tcp filtered imap
241443/tcp open https
2423389/tcp filtered ms-wbt-server
243
244Nmap done: 1 IP address (1 host up) scanned in 2.37 seconds
245#######################################################################################################################################
246[+] Starting At 2020-01-17 18:58:08.738223
247[+] Collecting Information On: https://www.e-kujira.or.jp/
248[#] Status: 200
249--------------------------------------------------
250[#] Web Server Detected: Apache
251[#] X-Powered-By: PHP/5.1.6
252[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
253- Date: Fri, 17 Jan 2020 23:58:05 GMT
254- Server: Apache
255- X-Powered-By: PHP/5.1.6
256- Content-Language: ja
257- Connection: close
258- Transfer-Encoding: chunked
259- Content-Type: text/html; charset=EUC-JP
260--------------------------------------------------
261[#] Finding Location..!
262[#] status: success
263[#] country: Japan
264[#] countryCode: JP
265[#] region: 13
266[#] regionName: Tokyo
267[#] city: Chiyoda
268[#] zip: 100-0001
269[#] lat: 35.6906
270[#] lon: 139.77
271[#] timezone: Asia/Tokyo
272[#] isp: IDC Frontier Inc.
273[#] org: IDCFNet
274[#] as: AS4694 IDC Frontier Inc.
275[#] query: 210.152.243.182
276--------------------------------------------------
277[x] Didn't Detect WAF Presence on: https://www.e-kujira.or.jp/
278--------------------------------------------------
279[#] Starting Reverse DNS
280[-] Failed ! Fail
281--------------------------------------------------
282[!] Scanning Open Port
283[#] 21/tcp open ftp
284[#] 22/tcp open ssh
285[#] 80/tcp open http
286[#] 110/tcp open pop3
287[#] 443/tcp open https
288[#] 587/tcp open submission
289--------------------------------------------------
290[+] Getting SSL Info
291{'OCSP': ('http://dv.g2.ocsp.pubcert.jprs.jp',),
292 'crlDistributionPoints': ('http://repo.pubcert.jprs.jp/sppca/jprs/dvca_g2/fullcrl.crl',),
293 'issuer': ((('countryName', 'JP'),),
294 (('organizationName', 'Japan Registry Services Co., Ltd.'),),
295 (('commonName', 'JPRS Domain Validation Authority - G2'),)),
296 'notAfter': 'Aug 31 14:59:59 2020 GMT',
297 'notBefore': 'Jun 4 03:40:06 2019 GMT',
298 'serialNumber': '52BBFC2245B6BDC00CD705679ABEA434',
299 'subject': ((('commonName', 'www.e-kujira.or.jp'),),),
300 'subjectAltName': (('DNS', 'www.e-kujira.or.jp'), ('DNS', 'e-kujira.or.jp')),
301 'version': 3}
302-----BEGIN CERTIFICATE-----
303MIIGEjCCBPqgAwIBAgIQUrv8IkW2vcAM1wVnmr6kNDANBgkqhkiG9w0BAQsFADBp
304MQswCQYDVQQGEwJKUDEqMCgGA1UEChMhSmFwYW4gUmVnaXN0cnkgU2VydmljZXMg
305Q28uLCBMdGQuMS4wLAYDVQQDEyVKUFJTIERvbWFpbiBWYWxpZGF0aW9uIEF1dGhv
306cml0eSAtIEcyMB4XDTE5MDYwNDAzNDAwNloXDTIwMDgzMTE0NTk1OVowHTEbMBkG
307A1UEAxMSd3d3LmUta3VqaXJhLm9yLmpwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
308MIIBCgKCAQEA9aU+ux6ot9ZTNLTtROknSvmxvIwsdpBZpZLvRRk2Ag35BSSmWtbw
309j0vCmdLhZ5Mf0SQMXNXAGaUx3L/fhW8Ep2p2urL5W0OS0/f0UyvHiaoz4QwUJ8/d
31038Ez2RsskX0QADDlXqr11g3Ru522+1HeuV5x442wEOOQxMsCh800PUZOI11RTNqV
311Oy9g2QJxTjcn/eyap8BFBC78If2WEAlpVIbftnzJQlEn4QIG1VtJVZ1xaoC6iNDn
3127n5hlxxTJNAb4cjtcEw6Lnm0QfFGCPFTHSTrbV05VfJEK7rKWI0ik9vurHCSnxEO
3136/Mf+BpcL1IeJWXEdwqo0q/qrLowrP2zZQIDAQABo4IDADCCAvwwHwYDVR0jBBgw
314FoAUuzrqV2J4DDKtH7J79h0GIpbhq/AwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUF
315BzABhiFodHRwOi8vZHYuZzIub2NzcC5wdWJjZXJ0LmpwcnMuanAwLQYDVR0RBCYw
316JIISd3d3LmUta3VqaXJhLm9yLmpwgg5lLWt1amlyYS5vci5qcDBZBgNVHSAEUjBQ
317MEQGCiqDCIybG26BUAMwNjA0BggrBgEFBQcCARYoaHR0cHM6Ly9qcHJzLmpwL3B1
318YmNlcnQvaW5mby9yZXBvc2l0b3J5LzAIBgZngQwBAgEwEwYDVR0lBAwwCgYIKwYB
319BQUHAwEwSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL3JlcG8ucHViY2VydC5qcHJz
320LmpwL3NwcGNhL2pwcnMvZHZjYV9nMi9mdWxsY3JsLmNybDAdBgNVHQ4EFgQUXYaz
321S2bbKSCKrA+a9OwpeBicWv4wDgYDVR0PAQH/BAQDAgWgMIIBfQYKKwYBBAHWeQIE
322AgSCAW0EggFpAWcAdgCkuQmQtBhYFIe7E6LMZ3AKPDWYBPkb37jjd80OyA3cEAAA
323AWsgm8NPAAAEAwBHMEUCIQDzuYESxpE1jrJd7zTBtoHW1PoLlpGZreNh7hURAtPU
324WAIgJMNaT43kwAygRiIzdf+NoubAnU9jOXDbiLoBE6vk7XcAdQDuS723dc5guuFC
325aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAWsgm8kCAAAEAwBGMEQCID6hC/jaXnmb
326w6UOQDpZL7/oyBXrYQI9AukqRB0SQnouAiAuzNrj1jOOHTbe+d4U15dMSG3YBNR2
327bNQ5hY2SsUFNgwB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAAB
328ayCb1K0AAAQDAEcwRQIgH3lCc3R7ftOlBL/T+mUBbioppeq51XmlbB35GRzidQsC
329IQCk27HkTLPvc3p2LZz+getL1Pjw4krZr7VQ6MsZCdReADANBgkqhkiG9w0BAQsF
330AAOCAQEAsHgDni9onOrvnc+0D08mijOeucBfMcpTSKgoo2EPQb83GftlovjRVeMg
331zPDFNNSEi357P7QHDjYgshS8gSDkqi4z2qMtI6OSljU4Lme4J2aEKZha2jVnN78e
332CXEdTtZhUbXPnFW33gC8ieaYnQyUa+Qsyu56voOmap4bx/u+i5Ujv7WXPK8nyegT
333JlR1kbsuv6jLZz2OwBOMT5TW02lB2v8eviBqMn5LjUb82O1qwe6Jfd4yJsrR3ifC
334hcVoKkfA9ab2/XmW1TWxace/Mkoe3xoK9qXrgdDZZVUBq6Vt1FlrouKZSwJsUfxa
335Ba18pQcs7fF22WajGv7KPehMQBUPfA==
336-----END CERTIFICATE-----
337
338--------------------------------------------------
339[+] Collecting Information Disclosure!
340[#] Detecting sitemap.xml file
341[-] sitemap.xml file not Found!?
342[#] Detecting robots.txt file
343[-] robots.txt file not Found!?
344[#] Detecting GNU Mailman
345[-] GNU Mailman App Not Detected!?
346--------------------------------------------------
347[+] Crawling Url Parameter On: https://www.e-kujira.or.jp/
348--------------------------------------------------
349[#] Searching Html Form !
350[+] Html Form Discovered
351[#] action: ./search
352[#] class: None
353[#] id: None
354[#] method: get
355--------------------------------------------------
356[!] Found 1 dom parameter
357[#] https://www.e-kujira.or.jp//#pTop
358--------------------------------------------------
359[!] 1 Internal Dynamic Parameter Discovered
360[+] http://www.e-kujira.or.jp/cooking/?id=1510728270-108692
361--------------------------------------------------
362[-] No external Dynamic Paramter Found!?
363--------------------------------------------------
364[!] 32 Internal links Discovered
365[+] https://www.e-kujira.or.jp//css/import.css
366[+] http://www.e-kujira.or.jp/rss.php
367[+] https://www.e-kujira.or.jp//./
368[+] https://www.e-kujira.or.jp//./shop
369[+] https://www.e-kujira.or.jp//./buy
370[+] https://www.e-kujira.or.jp//./picturebook
371[+] https://www.e-kujira.or.jp//./before
372[+] https://www.e-kujira.or.jp//./cooking
373[+] https://www.e-kujira.or.jp//./news
374[+] https://www.e-kujira.or.jp//./dictionary
375[+] https://www.e-kujira.or.jp//./kujirapedia
376[+] http://www.e-kujira.or.jp/whaletheory/
377[+] https://www.e-kujira.or.jp//./discovery
378[+] https://www.e-kujira.or.jp//./link
379[+] https://www.e-kujira.or.jp//./contact
380[+] https://www.e-kujira.or.jp//./rss.php
381[+] https://www.e-kujira.or.jp//./shop
382[+] https://www.e-kujira.or.jp//./buy
383[+] https://www.e-kujira.or.jp//./picturebook
384[+] https://www.e-kujira.or.jp/teaser/
385[+] https://www.e-kujira.or.jp//./shop
386[+] https://www.e-kujira.or.jp//./buy
387[+] https://www.e-kujira.or.jp//./picturebook
388[+] https://www.e-kujira.or.jp//./before
389[+] https://www.e-kujira.or.jp//./cooking
390[+] https://www.e-kujira.or.jp//./news
391[+] https://www.e-kujira.or.jp//./dictionary
392[+] https://www.e-kujira.or.jp//./kujirapedia
393[+] http://www.e-kujira.or.jp/whaletheory/
394[+] https://www.e-kujira.or.jp//./link
395[+] https://www.e-kujira.or.jp//./contact
396[+] https://www.e-kujira.or.jp//./contact
397--------------------------------------------------
398[!] 11 External links Discovered
399[#] http://www.kyodo-senpaku.co.jp/
400[#] http://www.mofa.go.jp/mofaj/gaiko/whale/jhoyaku.html
401[#] http://www.icrwhale.org/
402[#] https://twitter.com/tabetene
403[#] http://www.icrwhale.org/tomonokai.html
404[#] http://www.jfa.maff.go.jp/
405[#] http://www.kyodo-senpaku.co.jp/wordpress/blog
406[#] http://www.kyodohanbai.co.jp/
407[#] http://www.nogeinshoku.com/kujira%20ryouri%20teikyouten1.html
408[#] http://www.kyodo-senpaku.co.jp/
409[#] http://www.all-internet.jp/
410--------------------------------------------------
411[#] Mapping Subdomain..
412[!] Found 2 Subdomain
413- mail.e-kujira.or.jp
414- www.e-kujira.or.jp
415--------------------------------------------------
416[!] Done At 2020-01-17 18:58:35.661910
417#######################################################################################################################################
418[INFO] ------TARGET info------
419[*] TARGET: https://www.e-kujira.or.jp/
420[*] TARGET IP: 210.152.243.182
421[INFO] NO load balancer detected for www.e-kujira.or.jp...
422[*] DNS servers: nsm.netassist.ne.jp.
423[*] TARGET server: Apache
424[*] CC: JP
425[*] Country: Japan
426[*] RegionCode: 13
427[*] RegionName: Tokyo
428[*] City: Chiyoda
429[*] ASN: AS4694
430[*] BGP_PREFIX: 210.152.0.0/16
431[*] ISP: IDCF IDC Frontier Inc., JP
432[INFO] SSL/HTTPS certificate detected
433[*] Issuer: issuer=C = JP, O = "Japan Registry Services Co., Ltd.", CN = JPRS Domain Validation Authority - G2
434[*] Subject: subject=CN = www.e-kujira.or.jp
435[INFO] DNS enumeration:
436[*] ftp.e-kujira.or.jp 210.152.243.182
437[*] mail.e-kujira.or.jp 210.152.243.182
438[*] old.e-kujira.or.jp 210.168.72.54
439[INFO] Possible abuse mails are:
440[*] abuse@e-kujira.or.jp
441[*] abuse@www.e-kujira.or.jp
442[INFO] NO PAC (Proxy Auto Configuration) file FOUND
443[INFO] Starting FUZZing in http://www.e-kujira.or.jp/FUzZzZzZzZz...
444[INFO] Status code Folders
445[*] 200 http://www.e-kujira.or.jp/news
446[ALERT] Look in the source code. It may contain passwords
447
448Recherche 210.152.243.182
449Connexion HTTP à 210.152.243.182
450Envoi de la requête HTTP.
451Requête HTTP envoyée. Attente de réponse.
452HTTP/1.1 302 Found
453Transfert de données terminé
454HTTP/1.1 302 Found
455Utilisation de https://210.152.243.182/
456Recherche 210.152.243.182
457Connexion HTTPS à 210.152.243.182
458
459lynx : accès impossible au fichier de départ http://210.152.243.182/
460[INFO] Links found from https://www.e-kujira.or.jp/ http://210.152.243.182/:
461[*] https://twitter.com/tabetene
462[*] https://www.e-kujira.or.jp/
463[*] https://www.e-kujira.or.jp/before
464[*] https://www.e-kujira.or.jp/buy
465[*] https://www.e-kujira.or.jp/contact
466[*] https://www.e-kujira.or.jp/cooking
467[*] https://www.e-kujira.or.jp/dictionary
468[*] https://www.e-kujira.or.jp/discovery
469[*] https://www.e-kujira.or.jp/#id_h_txt
470[*] https://www.e-kujira.or.jp/kujirapedia
471[*] https://www.e-kujira.or.jp/link
472[*] https://www.e-kujira.or.jp/#map_news
473[*] https://www.e-kujira.or.jp/news
474[*] https://www.e-kujira.or.jp/news/#1352337918-603679
475[*] https://www.e-kujira.or.jp/news/#1352425448-574929
476[*] https://www.e-kujira.or.jp/news/#1352682361-331395
477[*] https://www.e-kujira.or.jp/news/#1352698107-231554
478[*] https://www.e-kujira.or.jp/news/#1352705956-272110
479[*] https://www.e-kujira.or.jp/news/#1353552538-870812
480[*] https://www.e-kujira.or.jp/news/#1354263748-216149
481[*] https://www.e-kujira.or.jp/news/#1355987318-501322
482[*] https://www.e-kujira.or.jp/news/#1357267100-058207
483[*] https://www.e-kujira.or.jp/news/#1357784235-819337
484[*] https://www.e-kujira.or.jp/news/#1358298692-281015
485[*] https://www.e-kujira.or.jp/news/#1358385613-953652
486[*] https://www.e-kujira.or.jp/news/#1359425259-954032
487[*] https://www.e-kujira.or.jp/news/#1359518687-362776
488[*] https://www.e-kujira.or.jp/news/#1360637118-516194
489[*] https://www.e-kujira.or.jp/news/#1360899200-648932
490[*] https://www.e-kujira.or.jp/news/#1361755869-907542
491[*] https://www.e-kujira.or.jp/news/#1362111722-055579
492[*] https://www.e-kujira.or.jp/news/#1362384021-015673
493[*] https://www.e-kujira.or.jp/news/#1362629585-623006
494[*] https://www.e-kujira.or.jp/news/#1362714241-196344
495[*] https://www.e-kujira.or.jp/news/#1362963619-672249
496[*] https://www.e-kujira.or.jp/news/#1364871330-924912
497[*] https://www.e-kujira.or.jp/news/#1364950061-546687
498[*] https://www.e-kujira.or.jp/news/#1365057069-295199
499[*] https://www.e-kujira.or.jp/news/#1365467813-409444
500[*] https://www.e-kujira.or.jp/news/#1365555522-306632
501[*] https://www.e-kujira.or.jp/news/#1366333261-628218
502[*] https://www.e-kujira.or.jp/news/#1366602890-311494
503[*] https://www.e-kujira.or.jp/news/#1368002781-967498
504[*] https://www.e-kujira.or.jp/news/#1368686326-977734
505[*] https://www.e-kujira.or.jp/news/#1369368048-686943
506[*] https://www.e-kujira.or.jp/news/#1370238078-510179
507[*] https://www.e-kujira.or.jp/news/#1370327806-519476
508[*] https://www.e-kujira.or.jp/news/#1370408650-289417
509[*] https://www.e-kujira.or.jp/news/#1370480435-868539
510[*] https://www.e-kujira.or.jp/news/#1370564247-693661
511[*] https://www.e-kujira.or.jp/news/#1370832899-123493
512[*] https://www.e-kujira.or.jp/news/#1370921491-720728
513[*] https://www.e-kujira.or.jp/news/#1372207974-324083
514[*] https://www.e-kujira.or.jp/news/#1372729870-951616
515[*] https://www.e-kujira.or.jp/news/#1372902494-894468
516[*] https://www.e-kujira.or.jp/news/#1373418525-337043
517[*] https://www.e-kujira.or.jp/news/#1373621086-124096
518[*] https://www.e-kujira.or.jp/news/#1374200395-737372
519[*] https://www.e-kujira.or.jp/news/#1374813270-851160
520[*] https://www.e-kujira.or.jp/news/#1375232356-014468
521[*] https://www.e-kujira.or.jp/news/#1375338029-896232
522[*] https://www.e-kujira.or.jp/news/#1376035163-879335
523[*] https://www.e-kujira.or.jp/news/#1376885467-117358
524[*] https://www.e-kujira.or.jp/news/#1377568547-304377
525[*] https://www.e-kujira.or.jp/news/#1377584887-619695
526[*] https://www.e-kujira.or.jp/news/#1377826901-044630
527[*] https://www.e-kujira.or.jp/news/#1378091198-456437
528[*] https://www.e-kujira.or.jp/news/#1378093802-457181
529[*] https://www.e-kujira.or.jp/news/#1378112236-122496
530[*] https://www.e-kujira.or.jp/news/#1378349376-802067
531[*] https://www.e-kujira.or.jp/news/#1378368492-725739
532[*] https://www.e-kujira.or.jp/news/#1378694711-842907
533[*] https://www.e-kujira.or.jp/news/#1380598395-066747
534[*] https://www.e-kujira.or.jp/news/#1380679860-104068
535[*] https://www.e-kujira.or.jp/news/#1380680750-560974
536[*] https://www.e-kujira.or.jp/news/#1380760730-108497
537[*] https://www.e-kujira.or.jp/news/#1380762045-965316
538[*] https://www.e-kujira.or.jp/news/#1380846033-595541
539[*] https://www.e-kujira.or.jp/news/#1381206802-889365
540[*] https://www.e-kujira.or.jp/news/#1381279564-684957
541[*] https://www.e-kujira.or.jp/news/#1381911162-881912
542[*] https://www.e-kujira.or.jp/news/#1381969222-982424
543[*] https://www.e-kujira.or.jp/news/#1382058921-861878
544[*] https://www.e-kujira.or.jp/news/#1382402974-435407
545[*] https://www.e-kujira.or.jp/news/#1382425666-424944
546[*] https://www.e-kujira.or.jp/news/#1383010228-663934
547[*] https://www.e-kujira.or.jp/news/#1383183355-457351
548[*] https://www.e-kujira.or.jp/news/#1383294006-546166
549[*] https://www.e-kujira.or.jp/news/#1383625013-766193
550[*] https://www.e-kujira.or.jp/news/#1383699197-887055
551[*] https://www.e-kujira.or.jp/news/#1384149300-549937
552[*] https://www.e-kujira.or.jp/news/#1384928754-516663
553[*] https://www.e-kujira.or.jp/news/#1386211240-269439
554[*] https://www.e-kujira.or.jp/news/#1386290197-269789
555[*] https://www.e-kujira.or.jp/news/#1386291387-971084
556[*] https://www.e-kujira.or.jp/news/#1386747377-194037
557[*] https://www.e-kujira.or.jp/news/#1387935371-851430
558[*] https://www.e-kujira.or.jp/news/#1388970336-760342
559[*] https://www.e-kujira.or.jp/news/#1388970671-442338
560[*] https://www.e-kujira.or.jp/news/#1389240611-014214
561[*] https://www.e-kujira.or.jp/news/#1389675040-808395
562[*] https://www.e-kujira.or.jp/news/#1389679622-723854
563[*] https://www.e-kujira.or.jp/news/#1391403247-054627
564[*] https://www.e-kujira.or.jp/news/#1391735081-335566
565[*] https://www.e-kujira.or.jp/news/#1394071517-050203
566[*] https://www.e-kujira.or.jp/news/#1394589054-342402
567[*] https://www.e-kujira.or.jp/news/#1395625340-423115
568[*] https://www.e-kujira.or.jp/news/#1396329160-055936
569[*] https://www.e-kujira.or.jp/news/#1398662745-337599
570[*] https://www.e-kujira.or.jp/news/#1398910885-737799
571[*] https://www.e-kujira.or.jp/news/#1400639765-293526
572[*] https://www.e-kujira.or.jp/news/#1401943287-159117
573[*] https://www.e-kujira.or.jp/news/#1404093608-931172
574[*] https://www.e-kujira.or.jp/news/#1404706248-013020
575[*] https://www.e-kujira.or.jp/news/#1404782271-767954
576[*] https://www.e-kujira.or.jp/news/#1404959474-876862
577[*] https://www.e-kujira.or.jp/news/#1405042039-619688
578[*] https://www.e-kujira.or.jp/news/#1406601088-459231
579[*] https://www.e-kujira.or.jp/news/#1406699602-963354
580[*] https://www.e-kujira.or.jp/news/#1407462833-079147
581[*] https://www.e-kujira.or.jp/news/#1408345409-019790
582[*] https://www.e-kujira.or.jp/news/#1408423970-246825
583[*] https://www.e-kujira.or.jp/news/#1408930537-742318
584[*] https://www.e-kujira.or.jp/news/#1408932218-642370
585[*] https://www.e-kujira.or.jp/news/#1409111648-888808
586[*] https://www.e-kujira.or.jp/news/#1409123492-030855
587[*] https://www.e-kujira.or.jp/news/#1409211504-867495
588[*] https://www.e-kujira.or.jp/news/#1409278408-196214
589[*] https://www.e-kujira.or.jp/news/#1409547446-683693
590[*] https://www.e-kujira.or.jp/news/#1409632783-302777
591[*] https://www.e-kujira.or.jp/news/#1409811074-358904
592[*] https://www.e-kujira.or.jp/news/#1411522921-673313
593[*] https://www.e-kujira.or.jp/news/#1411531011-947912
594[*] https://www.e-kujira.or.jp/news/#1411607807-780613
595[*] https://www.e-kujira.or.jp/news/#1411698401-209823
596[*] https://www.e-kujira.or.jp/news/#1412038889-657722
597[*] https://www.e-kujira.or.jp/news/#1412039578-928971
598[*] https://www.e-kujira.or.jp/news/#1412302155-758687
599[*] https://www.e-kujira.or.jp/news/#1413262631-895626
600[*] https://www.e-kujira.or.jp/news/#1413420637-266031
601[*] https://www.e-kujira.or.jp/news/#1413508503-638987
602[*] https://www.e-kujira.or.jp/news/#1413773483-508113
603[*] https://www.e-kujira.or.jp/news/#1413854368-054384
604[*] https://www.e-kujira.or.jp/news/#1413856116-664240
605[*] https://www.e-kujira.or.jp/news/#1413939613-560660
606[*] https://www.e-kujira.or.jp/news/#1414048571-219352
607[*] https://www.e-kujira.or.jp/news/#1415582221-613728
608[*] https://www.e-kujira.or.jp/news/#1416893705-677543
609[*] https://www.e-kujira.or.jp/news/#1417136563-066890
610[*] https://www.e-kujira.or.jp/news/#1417740323-828212
611[*] https://www.e-kujira.or.jp/news/#1418091836-011687
612[*] https://www.e-kujira.or.jp/news/#1418346053-540772
613[*] https://www.e-kujira.or.jp/news/#1418696499-427301
614[*] https://www.e-kujira.or.jp/news/#1419558738-618175
615[*] https://www.e-kujira.or.jp/news/#1420417811-189314
616[*] https://www.e-kujira.or.jp/news/#1422319790-902192
617[*] https://www.e-kujira.or.jp/news/#1422927350-907768
618[*] https://www.e-kujira.or.jp/news/#1424331475-131119
619[*] https://www.e-kujira.or.jp/news/#1425261510-447014
620[*] https://www.e-kujira.or.jp/news/#1425442884-267056
621[*] https://www.e-kujira.or.jp/news/#1426480620-723082
622[*] https://www.e-kujira.or.jp/news/#1427078292-254863
623[*] https://www.e-kujira.or.jp/news/#1427256967-966596
624[*] https://www.e-kujira.or.jp/news/#1427766886-705721
625[*] https://www.e-kujira.or.jp/news/#1427852053-962611
626[*] https://www.e-kujira.or.jp/news/#1429494704-348463
627[*] https://www.e-kujira.or.jp/news/#1429763611-876840
628[*] https://www.e-kujira.or.jp/news/#1430099692-732853
629[*] https://www.e-kujira.or.jp/news/#1430100282-494144
630[*] https://www.e-kujira.or.jp/news/#1431308558-861866
631[*] https://www.e-kujira.or.jp/news/#1432518503-471508
632[*] https://www.e-kujira.or.jp/news/#1432865719-012525
633[*] https://www.e-kujira.or.jp/news/#1432882559-308452
634[*] https://www.e-kujira.or.jp/news/#1433389823-876865
635[*] https://www.e-kujira.or.jp/news/#1433991223-680274
636[*] https://www.e-kujira.or.jp/news/#1434083076-517968
637[*] https://www.e-kujira.or.jp/news/#1434086944-074342
638[*] https://www.e-kujira.or.jp/news/#1434329827-513773
639[*] https://www.e-kujira.or.jp/news/#1434335723-636841
640[*] https://www.e-kujira.or.jp/news/#1434413810-617275
641[*] https://www.e-kujira.or.jp/news/#1434420799-071423
642[*] https://www.e-kujira.or.jp/news/#1435042783-827533
643[*] https://www.e-kujira.or.jp/news/#1435305266-448450
644[*] https://www.e-kujira.or.jp/news/#1436760385-779367
645[*] https://www.e-kujira.or.jp/news/#1436835328-184095
646[*] https://www.e-kujira.or.jp/news/#1440118132-870721
647[*] https://www.e-kujira.or.jp/news/#1440390595-906606
648[*] https://www.e-kujira.or.jp/news/#1440466661-685106
649[*] https://www.e-kujira.or.jp/news/#1440476348-329936
650[*] https://www.e-kujira.or.jp/news/#1440553626-142222
651[*] https://www.e-kujira.or.jp/news/#1440639227-639299
652[*] https://www.e-kujira.or.jp/news/#1441000449-242178
653[*] https://www.e-kujira.or.jp/news/#1441088629-227156
654[*] https://www.e-kujira.or.jp/news/#1441159822-799497
655[*] https://www.e-kujira.or.jp/news/#1441845724-712934
656[*] https://www.e-kujira.or.jp/news/#1443146896-650576
657[*] https://www.e-kujira.or.jp/news/#1443491345-255052
658[*] https://www.e-kujira.or.jp/news/#1443761360-480641
659[*] https://www.e-kujira.or.jp/news/#1444710346-184325
660[*] https://www.e-kujira.or.jp/news/#1444958544-066191
661[*] https://www.e-kujira.or.jp/news/#1445232725-260473
662[*] https://www.e-kujira.or.jp/news/#1445995144-790823
663[*] https://www.e-kujira.or.jp/news/#1446081571-242215
664[*] https://www.e-kujira.or.jp/news/#1446684969-886703
665[*] https://www.e-kujira.or.jp/news/#1447119259-303974
666[*] https://www.e-kujira.or.jp/news/#1448418634-424418
667[*] https://www.e-kujira.or.jp/news/#1448606297-409096
668[*] https://www.e-kujira.or.jp/news/#1452561211-475445
669[*] https://www.e-kujira.or.jp/news/#1453858581-932110
670[*] https://www.e-kujira.or.jp/news/#1455509132-335390
671[*] https://www.e-kujira.or.jp/news/#1455521091-112207
672[*] https://www.e-kujira.or.jp/news/#1455586389-511808
673[*] https://www.e-kujira.or.jp/news/#1456109888-598592
674[*] https://www.e-kujira.or.jp/news/#1456466137-422169
675[*] https://www.e-kujira.or.jp/news/#1459819180-701590
676[*] https://www.e-kujira.or.jp/news/#1459831295-668724
677[*] https://www.e-kujira.or.jp/news/#1459904769-106852
678[*] https://www.e-kujira.or.jp/news/#1459927283-391936
679[*] https://www.e-kujira.or.jp/news/#1459987962-061329
680[*] https://www.e-kujira.or.jp/news/#1461741050-405738
681[*] https://www.e-kujira.or.jp/news/#1462512297-579517
682[*] https://www.e-kujira.or.jp/news/#1464069820-461941
683[*] https://www.e-kujira.or.jp/news/#1464163252-130656
684[*] https://www.e-kujira.or.jp/news/#1465964147-886227
685[*] https://www.e-kujira.or.jp/news/#1466040042-399085
686[*] https://www.e-kujira.or.jp/news/#1466389578-002776
687[*] https://www.e-kujira.or.jp/news/#1466747652-633473
688[*] https://www.e-kujira.or.jp/news/#1467250474-560995
689[*] https://www.e-kujira.or.jp/news/#1467772870-054078
690[*] https://www.e-kujira.or.jp/news/#1468206309-536860
691[*] https://www.e-kujira.or.jp/news/#1468370892-682958
692[*] https://www.e-kujira.or.jp/news/#1468905070-876893
693[*] https://www.e-kujira.or.jp/news/#1469059946-321768
694[*] https://www.e-kujira.or.jp/news/#1469149625-195417
695[*] https://www.e-kujira.or.jp/news/#1470016741-761375
696[*] https://www.e-kujira.or.jp/news/#1470185494-137953
697[*] https://www.e-kujira.or.jp/news/#1470269356-281850
698[*] https://www.e-kujira.or.jp/news/#1470800298-521989
699[*] https://www.e-kujira.or.jp/news/#1471314163-417759
700[*] https://www.e-kujira.or.jp/news/#1471395481-011576
701[*] https://www.e-kujira.or.jp/news/#1471482814-353245
702[*] https://www.e-kujira.or.jp/news/#1471568459-796610
703[*] https://www.e-kujira.or.jp/news/#1471842445-935792
704[*] https://www.e-kujira.or.jp/news/#1472180559-614332
705[*] https://www.e-kujira.or.jp/news/#1473040606-666468
706[*] https://www.e-kujira.or.jp/news/#1473753599-344885
707[*] https://www.e-kujira.or.jp/news/#1474857792-290544
708[*] https://www.e-kujira.or.jp/news/#1475112280-314965
709[*] https://www.e-kujira.or.jp/news/#1475223378-209366
710[*] https://www.e-kujira.or.jp/news/#1475466770-575615
711[*] https://www.e-kujira.or.jp/news/#1475555476-627463
712[*] https://www.e-kujira.or.jp/news/#1476237145-839943
713[*] https://www.e-kujira.or.jp/news/#1476411513-897676
714[*] https://www.e-kujira.or.jp/news/#1476687046-101612
715[*] https://www.e-kujira.or.jp/news/#1476929238-382213
716[*] https://www.e-kujira.or.jp/news/#1477286578-083551
717[*] https://www.e-kujira.or.jp/news/#1477359755-919793
718[*] https://www.e-kujira.or.jp/news/#1477532602-836467
719[*] https://www.e-kujira.or.jp/news/#1477965613-464968
720[*] https://www.e-kujira.or.jp/news/#1478053515-170409
721[*] https://www.e-kujira.or.jp/news/#1478497282-746410
722[*] https://www.e-kujira.or.jp/news/#1478578485-249191
723[*] https://www.e-kujira.or.jp/news/#1479708334-116387
724[*] https://www.e-kujira.or.jp/news/#1480667345-729678
725[*] https://www.e-kujira.or.jp/news/#1481004764-841469
726[*] https://www.e-kujira.or.jp/news/#1481606391-851209
727[*] https://www.e-kujira.or.jp/news/#1481680955-365658
728[*] https://www.e-kujira.or.jp/news/#1481765302-895470
729[*] https://www.e-kujira.or.jp/news/#1481861170-254338
730[*] https://www.e-kujira.or.jp/news/#1482107719-091046
731[*] https://www.e-kujira.or.jp/news/#1482380276-144805
732[*] https://www.e-kujira.or.jp/news/#1482380617-736814
733[*] https://www.e-kujira.or.jp/news/#1484007558-002557
734[*] https://www.e-kujira.or.jp/news/#1484886751-235887
735[*] https://www.e-kujira.or.jp/news/#1485477928-396953
736[*] https://www.e-kujira.or.jp/news/#1485752486-473464
737[*] https://www.e-kujira.or.jp/news/#1486431381-717138
738[*] https://www.e-kujira.or.jp/news/#1486954547-334323
739[*] https://www.e-kujira.or.jp/news/#1487643439-801183
740[*] https://www.e-kujira.or.jp/news/#1489386348-819938
741[*] https://www.e-kujira.or.jp/news/#1490750614-201922
742[*] https://www.e-kujira.or.jp/news/#1491284009-417650
743[*] https://www.e-kujira.or.jp/news/#1491892911-345618
744[*] https://www.e-kujira.or.jp/news/#1492489564-418857
745[*] https://www.e-kujira.or.jp/news/#1493173733-398570
746[*] https://www.e-kujira.or.jp/news/#1493179088-134327
747[*] https://www.e-kujira.or.jp/news/#1494224921-977399
748[*] https://www.e-kujira.or.jp/news/#1494228355-715973
749[*] https://www.e-kujira.or.jp/news/#1495090644-415682
750[*] https://www.e-kujira.or.jp/news/#1495425743-121493
751[*] https://www.e-kujira.or.jp/news/#1495592756-153107
752[*] https://www.e-kujira.or.jp/news/#1496278651-974640
753[*] https://www.e-kujira.or.jp/news/#1497574313-699624
754[*] https://www.e-kujira.or.jp/news/#1497925902-671483
755[*] https://www.e-kujira.or.jp/news/#1498539545-782875
756[*] https://www.e-kujira.or.jp/news/#1498629949-658462
757[*] https://www.e-kujira.or.jp/news/#1499218091-842915
758[*] https://www.e-kujira.or.jp/news/#1500598940-546764
759[*] https://www.e-kujira.or.jp/news/#1500599256-202662
760[*] https://www.e-kujira.or.jp/news/#1501463127-331891
761[*] https://www.e-kujira.or.jp/news/#1501463361-103217
762[*] https://www.e-kujira.or.jp/news/#1501816113-222527
763[*] https://www.e-kujira.or.jp/news/#1501819696-459073
764[*] https://www.e-kujira.or.jp/news/#1502337162-677009
765[*] https://www.e-kujira.or.jp/news/#1504582490-145524
766[*] https://www.e-kujira.or.jp/news/#1504745793-046592
767[*] https://www.e-kujira.or.jp/news/#1505106480-507097
768[*] https://www.e-kujira.or.jp/news/#1505354251-153971
769[*] https://www.e-kujira.or.jp/news/#1505354707-720764
770[*] https://www.e-kujira.or.jp/news/#1505954341-368571
771[*] https://www.e-kujira.or.jp/news/#1506067328-347207
772[*] https://www.e-kujira.or.jp/news/#1506925337-671372
773[*] https://www.e-kujira.or.jp/news/#1507171787-840581
774[*] https://www.e-kujira.or.jp/news/#1508130802-242631
775[*] https://www.e-kujira.or.jp/news/#1508806675-828649
776[*] https://www.e-kujira.or.jp/news/#1508833965-618090
777[*] https://www.e-kujira.or.jp/news/#1508906514-969419
778[*] https://www.e-kujira.or.jp/news/#1508978800-429404
779[*] https://www.e-kujira.or.jp/news/#1509079207-805575
780[*] https://www.e-kujira.or.jp/news/#1509329055-101001
781[*] https://www.e-kujira.or.jp/news/#1509502130-216227
782[*] https://www.e-kujira.or.jp/news/#1509591242-477515
783[*] https://www.e-kujira.or.jp/news/#1510196805-460742
784[*] https://www.e-kujira.or.jp/news/#1510623439-061348
785[*] https://www.e-kujira.or.jp/news/#1511143532-364832
786[*] https://www.e-kujira.or.jp/news/#1515545894-684066
787[*] https://www.e-kujira.or.jp/news/#1518075208-387830
788[*] https://www.e-kujira.or.jp/news/#1519005984-177059
789[*] https://www.e-kujira.or.jp/news/#1519026568-212477
790[*] https://www.e-kujira.or.jp/news/#1519286662-622536
791[*] https://www.e-kujira.or.jp/news/#1519690285-910217
792[*] https://www.e-kujira.or.jp/news/#1521505153-522279
793[*] https://www.e-kujira.or.jp/news/#1522028216-262152
794[*] https://www.e-kujira.or.jp/news/#1525676736-659278
795[*] https://www.e-kujira.or.jp/news/#1525827237-622790
796[*] https://www.e-kujira.or.jp/news/#1526861989-261220
797[*] https://www.e-kujira.or.jp/news/#1526949711-369899
798[*] https://www.e-kujira.or.jp/news/#1527120526-491380
799[*] https://www.e-kujira.or.jp/news/#1528858032-670446
800[*] https://www.e-kujira.or.jp/news/#1530515102-522819
801[*] https://www.e-kujira.or.jp/news/#1530860155-403439
802[*] https://www.e-kujira.or.jp/news/#1532050329-638097
803[*] https://www.e-kujira.or.jp/news/#1532322957-659245
804[*] https://www.e-kujira.or.jp/news/#1533604269-492684
805[*] https://www.e-kujira.or.jp/news/#1533773064-640469
806[*] https://www.e-kujira.or.jp/news/#1534837524-124002
807[*] https://www.e-kujira.or.jp/news/#1536033340-505645
808[*] https://www.e-kujira.or.jp/news/#1536652324-399097
809[*] https://www.e-kujira.or.jp/news/#1536733190-527876
810[*] https://www.e-kujira.or.jp/news/#1537247102-733841
811[*] https://www.e-kujira.or.jp/news/#1537318622-384014
812[*] https://www.e-kujira.or.jp/news/#1538012855-136946
813[*] https://www.e-kujira.or.jp/news/#1538458331-723803
814[*] https://www.e-kujira.or.jp/news/#1538458738-827881
815[*] https://www.e-kujira.or.jp/news/#1539052733-646949
816[*] https://www.e-kujira.or.jp/news/#1539053526-707297
817[*] https://www.e-kujira.or.jp/news/#1539222778-118196
818[*] https://www.e-kujira.or.jp/news/#1539563505-767917
819[*] https://www.e-kujira.or.jp/news/#1539827383-334783
820[*] https://www.e-kujira.or.jp/news/#1540167526-331776
821[*] https://www.e-kujira.or.jp/news/#1541057097-207950
822[*] https://www.e-kujira.or.jp/news/#1541126121-171595
823[*] https://www.e-kujira.or.jp/news/#1541384779-170087
824[*] https://www.e-kujira.or.jp/news/#1541638737-075649
825[*] https://www.e-kujira.or.jp/news/#1544496177-919041
826[*] https://www.e-kujira.or.jp/news/#1545093086-762104
827[*] https://www.e-kujira.or.jp/news/#1546585227-341838
828[*] https://www.e-kujira.or.jp/news/#1547020219-329849
829[*] https://www.e-kujira.or.jp/news/#1547172201-629854
830[*] https://www.e-kujira.or.jp/news/#1550018763-485868
831[*] https://www.e-kujira.or.jp/news/#1550634900-900729
832[*] https://www.e-kujira.or.jp/news/#1551247523-582891
833[*] https://www.e-kujira.or.jp/news/#1552004303-125279
834[*] https://www.e-kujira.or.jp/news/#1552464729-832347
835[*] https://www.e-kujira.or.jp/news/#1552616550-393367
836[*] https://www.e-kujira.or.jp/news/#1553649941-942043
837[*] https://www.e-kujira.or.jp/news/#1553737648-959008
838[*] https://www.e-kujira.or.jp/news/#1556082567-954362
839[*] https://www.e-kujira.or.jp/news/#1556241663-084603
840[*] https://www.e-kujira.or.jp/news/#1557204193-736176
841[*] https://www.e-kujira.or.jp/news/#1557813825-001582
842[*] https://www.e-kujira.or.jp/news/#1559534341-288965
843[*] https://www.e-kujira.or.jp/news/#1559621402-989522
844[*] https://www.e-kujira.or.jp/news/#1560390050-569527
845[*] https://www.e-kujira.or.jp/news/#1561088402-193187
846[*] https://www.e-kujira.or.jp/news/#1561430910-270042
847[*] https://www.e-kujira.or.jp/news/#1567498827-922605
848[*] https://www.e-kujira.or.jp/news/#1567995191-972998
849[*] https://www.e-kujira.or.jp/news/#1569914460-883290
850[*] https://www.e-kujira.or.jp/news/#1571116312-621048
851[*] https://www.e-kujira.or.jp/news/#1571793268-759939
852[*] https://www.e-kujira.or.jp/news/#1572324834-719194
853[*] https://www.e-kujira.or.jp/news/#1573463355-880286
854[*] https://www.e-kujira.or.jp/news/#1576051947-496124
855[*] https://www.e-kujira.or.jp/picturebook
856[*] https://www.e-kujira.or.jp/#pTop
857[*] https://www.e-kujira.or.jp/shop
858[*] https://www.e-kujira.or.jp/teaser/
859[*] https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/%E3%82%AF%E3%82%B8%E3%83%A9%E6%A8%AA%E4%B8%81/127798327370756&width=250&height=395&colorscheme=light&show_faces=false&border_color&stream=true&header=false
860[*] http://www.all-internet.jp/
861[*] http://www.e-kujira.or.jp/cooking/?id=1510728270-108692
862[*] http://www.e-kujira.or.jp/rss.php
863[*] http://www.e-kujira.or.jp/whaletheory/
864[*] http://www.icrwhale.org/tomonokai.html
865[*] http://www.jfa.maff.go.jp/
866[*] http://www.kyodohanbai.co.jp/
867[*] http://www.kyodo-senpaku.co.jp/
868[*] http://www.kyodo-senpaku.co.jp/wordpress/blog
869[*] http://www.nogeinshoku.com/kujira ryouri teikyouten1.html
870cut: intervalle de champ incorrecte
871Saisissez « cut --help » pour plus d'informations.
872[INFO] Shodan detected the following opened ports on 210.152.243.182:
873[*] 0
874[*] 1
875[*] 110
876[*] 21
877[*] 22
878[*] 25
879[*] 3
880[*] 443
881[*] 587
882[*] 6
883[*] 64
884[*] 7
885[*] 80
886[*] 9
887[INFO] ------VirusTotal SECTION------
888[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
889[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
890[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
891[INFO] ------Alexa Rank SECTION------
892[INFO] Percent of Visitors Rank in Country:
893[INFO] Percent of Search Traffic:
894[INFO] Percent of Unique Visits:
895[INFO] Total Sites Linking In:
896[*] Total Sites
897[INFO] Useful links related to www.e-kujira.or.jp - 210.152.243.182:
898[*] https://www.virustotal.com/pt/ip-address/210.152.243.182/information/
899[*] https://www.hybrid-analysis.com/search?host=210.152.243.182
900[*] https://www.shodan.io/host/210.152.243.182
901[*] https://www.senderbase.org/lookup/?search_string=210.152.243.182
902[*] https://www.alienvault.com/open-threat-exchange/ip/210.152.243.182
903[*] http://pastebin.com/search?q=210.152.243.182
904[*] http://urlquery.net/search.php?q=210.152.243.182
905[*] http://www.alexa.com/siteinfo/www.e-kujira.or.jp
906[*] http://www.google.com/safebrowsing/diagnostic?site=www.e-kujira.or.jp
907[*] https://censys.io/ipv4/210.152.243.182
908[*] https://www.abuseipdb.com/check/210.152.243.182
909[*] https://urlscan.io/search/#210.152.243.182
910[*] https://github.com/search?q=210.152.243.182&type=Code
911[INFO] Useful links related to AS4694 - 210.152.0.0/16:
912[*] http://www.google.com/safebrowsing/diagnostic?site=AS:4694
913[*] https://www.senderbase.org/lookup/?search_string=210.152.0.0/16
914[*] http://bgp.he.net/AS4694
915[*] https://stat.ripe.net/AS4694
916[INFO] Date: 17/01/20 | Time: 18:59:48
917[INFO] Total time: 1 minute(s) and 21 second(s)
918#######################################################################################################################################
919Trying "e-kujira.or.jp"
920;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31999
921;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 2
922
923;; QUESTION SECTION:
924;e-kujira.or.jp. IN ANY
925
926;; ANSWER SECTION:
927e-kujira.or.jp. 600 IN MX 10 mail.e-kujira.or.jp.
928e-kujira.or.jp. 600 IN A 210.152.243.182
929e-kujira.or.jp. 600 IN SOA nsm.netassist.ne.jp. root.e-kujira.or.jp. 2016041403 7200 3600 2419200 3600
930e-kujira.or.jp. 600 IN NS ns1.netassist.ne.jp.
931e-kujira.or.jp. 600 IN NS ns2.netassist.ne.jp.
932
933;; ADDITIONAL SECTION:
934ns1.netassist.ne.jp. 19111 IN A 210.168.17.234
935ns2.netassist.ne.jp. 19111 IN A 52.69.16.243
936
937Received 195 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 230 ms
938######################################################################################################################################
939; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace e-kujira.or.jp any
940;; global options: +cmd
941. 83632 IN NS m.root-servers.net.
942. 83632 IN NS k.root-servers.net.
943. 83632 IN NS i.root-servers.net.
944. 83632 IN NS b.root-servers.net.
945. 83632 IN NS d.root-servers.net.
946. 83632 IN NS g.root-servers.net.
947. 83632 IN NS f.root-servers.net.
948. 83632 IN NS j.root-servers.net.
949. 83632 IN NS a.root-servers.net.
950. 83632 IN NS l.root-servers.net.
951. 83632 IN NS e.root-servers.net.
952. 83632 IN NS c.root-servers.net.
953. 83632 IN NS h.root-servers.net.
954. 83632 IN RRSIG NS 8 0 518400 20200130170000 20200117160000 33853 . PRP9tZ+QyT3Vm2uvm5Z3NL191Dg5LGGRQSU+DVAp06UCTKKN6EIZml/N zOZIB7ocFLseMXqvrIf0z4dXagg2+Lt6gjFfL1FMPfvhfcgje9C2F/Z9 Q0wtr4BCmir/d1cM/8c3pNKdjn7xL641Mp6rNHz8MNn6S6cTXKJlQ7PV rYZoK/qMEU0Eg9mlzCX91cLGwIfeMJKtEpsqaEfGEILu6ut3QXBsoL8n m3LHwdIybp0NBTVINaPVo95xfaHm6Ddt3LVqFsk4xb6hARb24JbjikTo w0H2HuzHGpK9jPY8HSFs5yf2lmNDtMmqlyudstzWz5D2yb9rkj8rpSHU qG0/eA==
955;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 145 ms
956
957jp. 172800 IN NS g.dns.jp.
958jp. 172800 IN NS b.dns.jp.
959jp. 172800 IN NS c.dns.jp.
960jp. 172800 IN NS d.dns.jp.
961jp. 172800 IN NS e.dns.jp.
962jp. 172800 IN NS f.dns.jp.
963jp. 172800 IN NS a.dns.jp.
964jp. 172800 IN NS h.dns.jp.
965jp. 86400 IN DS 39595 8 1 1CC05D3654844B375BE8FDFB8933A21C9E9897DD
966jp. 86400 IN DS 39595 8 2 2871D562754FD45AC0452440D806ABB8E6BA967B2032B166FD2761E8 73553387
967jp. 86400 IN RRSIG DS 8 1 86400 20200130170000 20200117160000 33853 . Qv4KLiNBZ3/+rn2V+ORqC5VRvXcQKH0HiXc48pYA+rb3RsyrEANBQ+O1 MePct/qcM2d/HtAKogzpxk+Lj41P/I1O0eiboQgNfetPgvtIoXFe7O4X q4ZL6xuXnQFaN1jMln7WqSc2ZBe/3dcmqwG2iowMdkQwagmf/9hHYAiP 9zI+QGmRfI9vKFTgypA5W1004tW6+6h1qqGYKbLbdIDrY5YpEHEz67hw sVF53iHxqZ9K0jyS8kI0NtKpAejoPPOYQ01DLn9dp4XfPmbtfZSfxv7C BMYfwKvO8w/3cM0wnNCPyEkGFXHhLF786+tvcfWQ3435cEjK/Q6fPIvf AQzJtw==
968;; Received 870 bytes from 2001:500:a8::e#53(e.root-servers.net) in 31 ms
969
970e-kujira.or.jp. 86400 IN NS ns2.netassist.ne.jp.
971e-kujira.or.jp. 86400 IN NS ns1.netassist.ne.jp.
9727V3FEEJTMT790AKML5RP6KDFN3S0O2LC.jp. 900 IN NSEC3 1 1 5 F07F38698C 7VC7CHBKTUIAT1TI696U09J4OAV9EJC6 TXT RRSIG
9737V3FEEJTMT790AKML5RP6KDFN3S0O2LC.jp. 900 IN RRSIG NSEC3 8 2 900 20200210174502 20200111174502 58203 jp. rXPoU+FmQp61WLnX0alyKzIUImY8qj1IST3eJfSLZ0eqpcZkkWbhM23/ wCQKEpygJy+cZoxllSsQ4lljpnpMXhIKYD/Sy6CvpHp0/Awp9deK76tC rGK/GwfRnr+mmV45uSkKrJhAWjV1CVgM8b95MfyCmppKAQYP8ihUHMQC qyo=
974AECRBPPHB77PF3J7C8FILHBFATOGI3B0.jp. 900 IN NSEC3 1 1 5 F07F38698C AEQA6SNNC6A8RTNIG97S1T1FA6N18CO3 TXT RRSIG
975AECRBPPHB77PF3J7C8FILHBFATOGI3B0.jp. 900 IN RRSIG NSEC3 8 2 900 20200210174502 20200111174502 58203 jp. vT6pPy5DXfVyb2qxL7XLygrBv+xRNM3CNALFmoRbYEFqD5bbveIf9jYA mnYiRE3rwi+GYmWMpPbOH25hpr1E905U3t3BTE4Ufa5mqy5TNgpEQWif 2/mGNO2oZa5aYT+gmLeclYISk3nHNVkBLaawMarSVJuUnsX4RcFaXlY3 rfA=
976;; Received 644 bytes from 202.12.30.131#53(b.dns.jp) in 292 ms
977
978e-kujira.or.jp. 600 IN SOA nsm.netassist.ne.jp. root.e-kujira.or.jp. 2016041403 7200 3600 2419200 3600
979e-kujira.or.jp. 600 IN NS ns1.netassist.ne.jp.
980e-kujira.or.jp. 600 IN NS ns2.netassist.ne.jp.
981e-kujira.or.jp. 600 IN A 210.152.243.182
982e-kujira.or.jp. 600 IN MX 10 mail.e-kujira.or.jp.
983;; Received 222 bytes from 210.168.17.234#53(ns1.netassist.ne.jp) in 275 ms
984#######################################################################################################################################
985[*] Processing domain e-kujira.or.jp
986[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
987[+] Getting nameservers
98852.69.16.243 - ns2.netassist.ne.jp
989210.168.17.234 - ns1.netassist.ne.jp
990[-] Zone transfer failed
991
992[+] MX records found, added to target list
99310 mail.e-kujira.or.jp.
994
995[*] Scanning e-kujira.or.jp for A records
996210.152.243.182 - e-kujira.or.jp
997210.152.243.182 - ftp.e-kujira.or.jp
998210.152.243.182 - mail.e-kujira.or.jp
999210.168.72.54 - old.e-kujira.or.jp
1000210.152.243.182 - www.e-kujira.or.jp
1001#######################################################################################################################################
1002
1003 AVAILABLE PLUGINS
1004 -----------------
1005
1006 SessionResumptionPlugin
1007 CertificateInfoPlugin
1008 SessionRenegotiationPlugin
1009 HeartbleedPlugin
1010 OpenSslCipherSuitesPlugin
1011 CompressionPlugin
1012 FallbackScsvPlugin
1013 HttpHeadersPlugin
1014 RobotPlugin
1015 EarlyDataPlugin
1016 OpenSslCcsInjectionPlugin
1017
1018
1019
1020 CHECKING HOST(S) AVAILABILITY
1021 -----------------------------
1022
1023 210.152.243.182:443 => 210.152.243.182
1024
1025
1026
1027
1028 SCAN RESULTS FOR 210.152.243.182:443 - 210.152.243.182
1029 ------------------------------------------------------
1030
1031 * SSLV2 Cipher Suites:
1032 Server rejected all cipher suites.
1033
1034 * OpenSSL CCS Injection:
1035 OK - Not vulnerable to OpenSSL CCS injection
1036
1037 * Session Renegotiation:
1038 Client-initiated Renegotiation: OK - Rejected
1039 Secure Renegotiation: OK - Supported
1040
1041 * OpenSSL Heartbleed:
1042 OK - Not vulnerable to Heartbleed
1043
1044 * TLS 1.2 Session Resumption Support:
1045 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1046 With TLS Tickets: OK - Supported
1047
1048 * TLSV1_3 Cipher Suites:
1049 Server rejected all cipher suites.
1050
1051 * SSLV3 Cipher Suites:
1052 Server rejected all cipher suites.
1053
1054 * Deflate Compression:
1055 OK - Compression disabled
1056
1057 * Certificate Information:
1058 Content
1059 SHA1 Fingerprint: 4ce9d98173d267d138911805883758407a30a61e
1060 Common Name: www.e-kujira.or.jp
1061 Issuer: JPRS Domain Validation Authority - G2
1062 Serial Number: 109972769049462146297389705602340398132
1063 Not Before: 2019-06-04 03:40:06
1064 Not After: 2020-08-31 14:59:59
1065 Signature Algorithm: sha256
1066 Public Key Algorithm: RSA
1067 Key Size: 2048
1068 Exponent: 65537 (0x10001)
1069 DNS Subject Alternative Names: ['www.e-kujira.or.jp', 'e-kujira.or.jp']
1070
1071 Trust
1072 Hostname Validation: FAILED - Certificate does NOT match 210.152.243.182
1073 Android CA Store (9.0.0_r9): OK - Certificate is trusted
1074 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1075 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
1076 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
1077 Windows CA Store (2019-05-27): OK - Certificate is trusted
1078 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
1079 Received Chain: www.e-kujira.or.jp --> JPRS Domain Validation Authority - G2
1080 Verified Chain: www.e-kujira.or.jp --> JPRS Domain Validation Authority - G2 --> countryName=JP, organizationName=SECOM Trust Systems CO.,LTD., organizationalUnitName=Security Communication RootCA2
1081 Received Chain Contains Anchor: OK - Anchor certificate not sent
1082 Received Chain Order: OK - Order is valid
1083 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1084
1085 Extensions
1086 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1087 Certificate Transparency: OK - 3 SCTs included
1088
1089 OCSP Stapling
1090 NOT SUPPORTED - Server did not send back an OCSP response
1091
1092 * TLSV1_1 Cipher Suites:
1093 Forward Secrecy OK - Supported
1094 RC4 OK - Not Supported
1095
1096 Preferred:
1097 None - Server followed client cipher suite preference.
1098 Accepted:
1099 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1100 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1101 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1102 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1103 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1104 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1105 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1106 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1107 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1108
1109 * Downgrade Attacks:
1110 TLS_FALLBACK_SCSV: OK - Supported
1111
1112 * TLSV1_2 Cipher Suites:
1113 Forward Secrecy OK - Supported
1114 RC4 OK - Not Supported
1115
1116 Preferred:
1117 None - Server followed client cipher suite preference.
1118 Accepted:
1119 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1120 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1121 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1122 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1123 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1124 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1125 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1126 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1127 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1129 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1130 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1131 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1132 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1133 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1134 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1135 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1136 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1137 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1138 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1139 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1140 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1141
1142 * TLSV1 Cipher Suites:
1143 Forward Secrecy OK - Supported
1144 RC4 OK - Not Supported
1145
1146 Preferred:
1147 None - Server followed client cipher suite preference.
1148 Accepted:
1149 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1150 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1151 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1152 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1153 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1154 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1155 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1156 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1157 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1158
1159 * ROBOT Attack:
1160 OK - Not vulnerable
1161
1162
1163 SCAN COMPLETED IN 26.46 S
1164 -------------------------
1165#######################################################################################################################################
1166Domains still to check: 1
1167 Checking if the hostname e-kujira.or.jp. given is in fact a domain...
1168
1169Analyzing domain: e-kujira.or.jp.
1170 Checking NameServers using system default resolver...
1171 IP: 52.69.16.243 (Japan)
1172 HostName: ns2.netassist.ne.jp Type: NS
1173 HostName: ec2-52-69-16-243.ap-northeast-1.compute.amazonaws.com Type: PTR
1174 IP: 210.168.17.234 (Japan)
1175 HostName: ns1.netassist.ne.jp Type: NS
1176
1177 Checking MailServers using system default resolver...
1178 IP: 210.152.243.182 (Japan)
1179 HostName: mail.e-kujira.or.jp Type: MX
1180 HostName: 210-152-243-182.jp-west.compute.idcfcloud.comType: PTR
1181
1182 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1183 No zone transfer found on nameserver 210.168.17.234
1184 No zone transfer found on nameserver 52.69.16.243
1185
1186 Checking SPF record...
1187 No SPF record
1188
1189 Checking 192 most common hostnames using system default resolver...
1190 IP: 210.152.243.182 (Japan)
1191 HostName: mail.e-kujira.or.jp Type: MX
1192 HostName: 210-152-243-182.jp-west.compute.idcfcloud.comType: PTR
1193 HostName: www.e-kujira.or.jp. Type: A
1194 IP: 210.152.243.182 (Japan)
1195 HostName: mail.e-kujira.or.jp Type: MX
1196 HostName: 210-152-243-182.jp-west.compute.idcfcloud.comType: PTR
1197 HostName: www.e-kujira.or.jp. Type: A
1198 HostName: ftp.e-kujira.or.jp. Type: A
1199 IP: 210.152.243.182 (Japan)
1200 HostName: mail.e-kujira.or.jp Type: MX
1201 HostName: 210-152-243-182.jp-west.compute.idcfcloud.comType: PTR
1202 HostName: www.e-kujira.or.jp. Type: A
1203 HostName: ftp.e-kujira.or.jp. Type: A
1204 HostName: mail.e-kujira.or.jp. Type: A
1205 IP: 210.168.72.54 (Japan)
1206 HostName: old.e-kujira.or.jp. Type: A
1207
1208 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1209 Checking netblock 210.168.17.0
1210 Checking netblock 210.168.72.0
1211 Checking netblock 210.152.243.0
1212 Checking netblock 52.69.16.0
1213
1214 Searching for e-kujira.or.jp. emails in Google
1215
1216 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1217 Host 210.168.17.234 is up (reset ttl 64)
1218 Host 210.168.72.54 is up (reset ttl 64)
1219 Host 210.152.243.182 is up (reset ttl 64)
1220 Host 52.69.16.243 is up (reset ttl 64)
1221
1222 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1223 Scanning ip 210.168.17.234 (ns1.netassist.ne.jp):
1224 53/tcp open domain syn-ack ttl 53 (unknown banner: no answer)
1225 | dns-nsid:
1226 |_ bind.version: no answer
1227 | fingerprint-strings:
1228 | DNSVersionBindReqTCP:
1229 | version
1230 | bind
1231 |_ answer
1232 Scanning ip 210.168.72.54 (old.e-kujira.or.jp.):
1233 Scanning ip 210.152.243.182 (mail.e-kujira.or.jp.):
1234 21/tcp open ftp syn-ack ttl 50 vsftpd 2.2.2
1235 80/tcp open http syn-ack ttl 50 Apache httpd
1236 | http-methods:
1237 |_ Supported Methods: GET HEAD POST OPTIONS
1238 |_http-server-header: Apache
1239 |_http-title: Did not follow redirect to https://210.152.243.182/
1240 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1241 110/tcp open pop3 syn-ack ttl 50 qmail pop3d
1242 443/tcp open ssl/http syn-ack ttl 50 Apache httpd (PHP 5.1.6)
1243 |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1244 | http-methods:
1245 |_ Supported Methods: GET HEAD POST OPTIONS
1246 |_http-server-header: Apache
1247 |_http-title: \xA4\xAF\xA4\xB8\xA4\xE9\xA5\xD9\xA1\xBC\xA5\xB3\xA5\xF3\xA4\xCA\xA4\xC9\xB7\xDF\xC6\xF9\xA4\xF2\xBB\xC8\xA4\xC3\xA4\xBF\xB7\xDF\xCE\xC1\xCD\xFD\xA4\xCE\xA5\xEC\xA5\xB7\xA5\xD4\xA4\xAB\xA4\xE9\xC4\xCC\xC8\xCE\xA4\xDE\xA4\xC7\xA1\xA2\xA5\xAF\xA5\xB8...
1248 | ssl-cert: Subject: commonName=www.e-kujira.or.jp
1249 | Subject Alternative Name: DNS:www.e-kujira.or.jp, DNS:e-kujira.or.jp
1250 | Issuer: commonName=JPRS Domain Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
1251 | Public Key type: rsa
1252 | Public Key bits: 2048
1253 | Signature Algorithm: sha256WithRSAEncryption
1254 | Not valid before: 2019-06-04T03:40:06
1255 | Not valid after: 2020-08-31T14:59:59
1256 | MD5: 72d4 0804 5c1a aca8 1dad fc61 d696 a69a
1257 |_SHA-1: 4ce9 d981 73d2 67d1 3891 1805 8837 5840 7a30 a61e
1258 |_ssl-date: 2020-01-18T00:10:08+00:00; -4s from scanner time.
1259 587/tcp open smtp syn-ack ttl 50 netqmail smtpd 1.04
1260 | smtp-commands: e-kujira.or.jp, PIPELINING, 8BITMIME,
1261 |_ netqmail home page: http://qmail.org/netqmail
1262 Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1263 Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1264 OS Info: Service Info: Host: geirui-20161130; OS: Unix
1265 |_clock-skew: -4s
1266 Scanning ip 52.69.16.243 (ec2-52-69-16-243.ap-northeast-1.compute.amazonaws.com (PTR)):
1267 WebCrawling domain's web servers... up to 50 max links.
1268
1269 + URL to crawl: http://ftp.e-kujira.or.jp.
1270 + Date: 2020-01-17
1271
1272 + Crawling URL: http://ftp.e-kujira.or.jp.:
1273 + Links:
1274 + Crawling http://ftp.e-kujira.or.jp.
1275 + Searching for directories...
1276 + Searching open folders...
1277
1278
1279 + URL to crawl: http://www.e-kujira.or.jp.
1280 + Date: 2020-01-17
1281
1282 + Crawling URL: http://www.e-kujira.or.jp.:
1283 + Links:
1284 + Crawling http://www.e-kujira.or.jp.
1285 + Searching for directories...
1286 + Searching open folders...
1287
1288
1289 + URL to crawl: http://mail.e-kujira.or.jp.
1290 + Date: 2020-01-17
1291
1292 + Crawling URL: http://mail.e-kujira.or.jp.:
1293 + Links:
1294 + Crawling http://mail.e-kujira.or.jp.
1295 + Searching for directories...
1296 + Searching open folders...
1297
1298
1299 + URL to crawl: http://mail.e-kujira.or.jp
1300 + Date: 2020-01-17
1301
1302 + Crawling URL: http://mail.e-kujira.or.jp:
1303 + Links:
1304 + Crawling http://mail.e-kujira.or.jp
1305 + Searching for directories...
1306 + Searching open folders...
1307
1308
1309 + URL to crawl: https://ftp.e-kujira.or.jp.
1310 + Date: 2020-01-17
1311
1312 + Crawling URL: https://ftp.e-kujira.or.jp.:
1313 + Links:
1314 + Crawling https://ftp.e-kujira.or.jp.
1315 + Searching for directories...
1316 + Searching open folders...
1317
1318
1319 + URL to crawl: https://www.e-kujira.or.jp.
1320 + Date: 2020-01-17
1321
1322 + Crawling URL: https://www.e-kujira.or.jp.:
1323 + Links:
1324 + Crawling https://www.e-kujira.or.jp.
1325 + Searching for directories...
1326 + Searching open folders...
1327
1328
1329 + URL to crawl: https://mail.e-kujira.or.jp.
1330 + Date: 2020-01-17
1331
1332 + Crawling URL: https://mail.e-kujira.or.jp.:
1333 + Links:
1334 + Crawling https://mail.e-kujira.or.jp.
1335 + Searching for directories...
1336 + Searching open folders...
1337
1338
1339 + URL to crawl: https://mail.e-kujira.or.jp
1340 + Date: 2020-01-17
1341
1342 + Crawling URL: https://mail.e-kujira.or.jp:
1343 + Links:
1344 + Crawling https://mail.e-kujira.or.jp
1345 + Searching for directories...
1346 + Searching open folders...
1347
1348--Finished--
1349Summary information for domain e-kujira.or.jp.
1350-----------------------------------------
1351
1352 Domain Ips Information:
1353 IP: 210.168.17.234
1354 HostName: ns1.netassist.ne.jp Type: NS
1355 Country: Japan
1356 Is Active: True (reset ttl 64)
1357 Port: 53/tcp open domain syn-ack ttl 53 (unknown banner: no answer)
1358 Script Info: | dns-nsid:
1359 Script Info: |_ bind.version: no answer
1360 Script Info: | fingerprint-strings:
1361 Script Info: | DNSVersionBindReqTCP:
1362 Script Info: | version
1363 Script Info: | bind
1364 Script Info: |_ answer
1365 IP: 210.168.72.54
1366 HostName: old.e-kujira.or.jp. Type: A
1367 Country: Japan
1368 Is Active: True (reset ttl 64)
1369 IP: 210.152.243.182
1370 HostName: mail.e-kujira.or.jp Type: MX
1371 HostName: 210-152-243-182.jp-west.compute.idcfcloud.comType: PTR
1372 HostName: www.e-kujira.or.jp. Type: A
1373 HostName: ftp.e-kujira.or.jp. Type: A
1374 HostName: mail.e-kujira.or.jp. Type: A
1375 Country: Japan
1376 Is Active: True (reset ttl 64)
1377 Port: 21/tcp open ftp syn-ack ttl 50 vsftpd 2.2.2
1378 Port: 80/tcp open http syn-ack ttl 50 Apache httpd
1379 Script Info: | http-methods:
1380 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1381 Script Info: |_http-server-header: Apache
1382 Script Info: |_http-title: Did not follow redirect to https://210.152.243.182/
1383 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1384 Port: 110/tcp open pop3 syn-ack ttl 50 qmail pop3d
1385 Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd (PHP 5.1.6)
1386 Script Info: |_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
1387 Script Info: | http-methods:
1388 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1389 Script Info: |_http-server-header: Apache
1390 Script Info: |_http-title: \xA4\xAF\xA4\xB8\xA4\xE9\xA5\xD9\xA1\xBC\xA5\xB3\xA5\xF3\xA4\xCA\xA4\xC9\xB7\xDF\xC6\xF9\xA4\xF2\xBB\xC8\xA4\xC3\xA4\xBF\xB7\xDF\xCE\xC1\xCD\xFD\xA4\xCE\xA5\xEC\xA5\xB7\xA5\xD4\xA4\xAB\xA4\xE9\xC4\xCC\xC8\xCE\xA4\xDE\xA4\xC7\xA1\xA2\xA5\xAF\xA5\xB8...
1391 Script Info: | ssl-cert: Subject: commonName=www.e-kujira.or.jp
1392 Script Info: | Subject Alternative Name: DNS:www.e-kujira.or.jp, DNS:e-kujira.or.jp
1393 Script Info: | Issuer: commonName=JPRS Domain Validation Authority - G2/organizationName=Japan Registry Services Co., Ltd./countryName=JP
1394 Script Info: | Public Key type: rsa
1395 Script Info: | Public Key bits: 2048
1396 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1397 Script Info: | Not valid before: 2019-06-04T03:40:06
1398 Script Info: | Not valid after: 2020-08-31T14:59:59
1399 Script Info: | MD5: 72d4 0804 5c1a aca8 1dad fc61 d696 a69a
1400 Script Info: |_SHA-1: 4ce9 d981 73d2 67d1 3891 1805 8837 5840 7a30 a61e
1401 Script Info: |_ssl-date: 2020-01-18T00:10:08+00:00; -4s from scanner time.
1402 Port: 587/tcp open smtp syn-ack ttl 50 netqmail smtpd 1.04
1403 Script Info: | smtp-commands: e-kujira.or.jp, PIPELINING, 8BITMIME,
1404 Script Info: |_ netqmail home page: http://qmail.org/netqmail
1405 Script Info: Device type: general purpose|storage-misc|broadband router|router|WAP|media device
1406 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (93%), HP embedded (90%), MikroTik RouterOS 6.X (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (89%), Infomir embedded (87%)
1407 Os Info: Host: geirui-20161130; OS: Unix
1408 Script Info: |_clock-skew: -4s
1409 IP: 52.69.16.243
1410 HostName: ns2.netassist.ne.jp Type: NS
1411 HostName: ec2-52-69-16-243.ap-northeast-1.compute.amazonaws.com Type: PTR
1412 Country: Japan
1413 Is Active: True (reset ttl 64)
1414
1415--------------End Summary --------------
1416-----------------------------------------
1417######################################################################################################################################
1418traceroute to www.e-kujira.or.jp (210.152.243.182), 30 hops max, 60 byte packets
1419 1 10.253.204.1 (10.253.204.1) 34.368 ms 84.410 ms 84.399 ms
1420 2 104.245.145.177 (104.245.145.177) 84.402 ms 84.339 ms 84.315 ms
1421 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 84.336 ms 84.335 ms 95.542 ms
1422 4 te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 84.234 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 84.206 ms 95.392 ms
1423 5 te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 84.068 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169) 84.054 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 84.003 ms
1424 6 be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 95.286 ms 60.309 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 79.934 ms
1425 7 be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 120.154 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 120.096 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 119.217 ms
1426 8 be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178) 120.072 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18) 149.755 ms 119.967 ms
1427 9 ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121) 119.901 ms 119.903 ms 119.846 ms
142810 ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191) 119.859 ms 119.778 ms 119.731 ms
142911 ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42) 179.189 ms 179.176 ms 179.095 ms
143012 ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61) 211.389 ms 233.648 ms 266.096 ms
143113 ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31) 266.035 ms 265.870 ms 265.899 ms
143214 ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232) 265.922 ms 265.897 ms 265.878 ms
143315 xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218) 265.714 ms 265.726 ms 265.656 ms
1434######################################################################################################################################
1435----- e-kujira.or.jp -----
1436
1437
1438Host's addresses:
1439__________________
1440
1441e-kujira.or.jp. 600 IN A 210.152.243.182
1442
1443
1444Name Servers:
1445______________
1446
1447ns2.netassist.ne.jp. 85216 IN A 52.69.16.243
1448ns1.netassist.ne.jp. 85693 IN A 210.168.17.234
1449
1450
1451Mail (MX) Servers:
1452___________________
1453
1454mail.e-kujira.or.jp. 195 IN A 210.152.243.182
1455
1456
1457Brute forcing with /usr/share/dnsenum/dns.txt:
1458_______________________________________________
1459
1460ftp.e-kujira.or.jp. 600 IN A 210.152.243.182
1461mail.e-kujira.or.jp. 150 IN A 210.152.243.182
1462old.e-kujira.or.jp. 600 IN A 210.168.72.54
1463www.e-kujira.or.jp. 171 IN A 210.152.243.182
1464
1465
1466Launching Whois Queries:
1467_________________________
1468
1469 whois ip result: 210.152.243.0 -> 210.152.243.0/24
1470 whois ip result: 210.168.72.0 -> 210.168.72.0/25
1471
1472
1473e-kujira.or.jp______________
1474
1475 210.152.243.0/24
1476 210.168.72.0/25
1477#######################################################################################################################################
1478WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1479Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:01 EST
1480Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1481Host is up (0.20s latency).
1482Not shown: 485 filtered ports, 5 closed ports
1483Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1484PORT STATE SERVICE
148521/tcp open ftp
148622/tcp open ssh
148780/tcp open http
1488110/tcp open pop3
1489443/tcp open https
1490587/tcp open submission
1491
1492Nmap done: 1 IP address (1 host up) scanned in 9.76 seconds
1493#######################################################################################################################################
1494Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:01 EST
1495Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1496Host is up (0.100s latency).
1497Not shown: 2 filtered ports
1498PORT STATE SERVICE
149953/udp open|filtered domain
150067/udp open|filtered dhcps
150168/udp open|filtered dhcpc
150269/udp open|filtered tftp
150388/udp open|filtered kerberos-sec
1504123/udp open|filtered ntp
1505139/udp open|filtered netbios-ssn
1506161/udp open|filtered snmp
1507162/udp open|filtered snmptrap
1508389/udp open|filtered ldap
1509500/udp open|filtered isakmp
1510520/udp open|filtered route
15112049/udp open|filtered nfs
1512
1513Nmap done: 1 IP address (1 host up) scanned in 2.92 seconds
1514#######################################################################################################################################
1515Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:01 EST
1516NSE: Loaded 55 scripts for scanning.
1517NSE: Script Pre-scanning.
1518Initiating NSE at 19:01
1519Completed NSE at 19:01, 0.00s elapsed
1520Initiating NSE at 19:01
1521Completed NSE at 19:01, 0.00s elapsed
1522Initiating Parallel DNS resolution of 1 host. at 19:01
1523Completed Parallel DNS resolution of 1 host. at 19:01, 0.02s elapsed
1524Initiating SYN Stealth Scan at 19:01
1525Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [1 port]
1526Discovered open port 21/tcp on 210.152.243.182
1527Completed SYN Stealth Scan at 19:01, 0.24s elapsed (1 total ports)
1528Initiating Service scan at 19:01
1529Scanning 1 service on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1530Completed Service scan at 19:01, 0.43s elapsed (1 service on 1 host)
1531Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1532Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1533Initiating Traceroute at 19:01
1534Completed Traceroute at 19:01, 3.19s elapsed
1535Initiating Parallel DNS resolution of 15 hosts. at 19:01
1536Completed Parallel DNS resolution of 15 hosts. at 19:01, 0.45s elapsed
1537NSE: Script scanning 210.152.243.182.
1538Initiating NSE at 19:01
1539NSE Timing: About 71.23% done; ETC: 19:03 (0:00:30 remaining)
1540Completed NSE at 19:03, 90.75s elapsed
1541Initiating NSE at 19:03
1542Completed NSE at 19:03, 0.05s elapsed
1543Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1544Host is up (0.24s latency).
1545
1546PORT STATE SERVICE VERSION
154721/tcp open ftp vsftpd 2.2.2
1548| vulscan: VulDB - https://vuldb.com:
1549| [43110] vsftpd up to 2.0.4 Memory Leak denial of service
1550|
1551| MITRE CVE - https://cve.mitre.org:
1552| [CVE-2011-2189] net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.
1553| [CVE-2011-0762] The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
1554| [CVE-2009-5029] Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
1555| [CVE-2008-4969] ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
1556| [CVE-2008-2375] Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
1557| [CVE-2007-5962] Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
1558| [CVE-2007-4322] BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
1559|
1560| SecurityFocus - https://www.securityfocus.com/bid/:
1561| [82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability
1562| [72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability
1563| [51013] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
1564| [48539] vsftpd Compromised Source Packages Backdoor Vulnerability
1565| [46617] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
1566| [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
1567| [30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
1568| [29322] vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
1569| [10394] Vsftpd Listener Denial of Service Vulnerability
1570| [7253] Red Hat Linux 9 vsftpd Compiling Error Weakness
1571|
1572| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1573| [68366] vsftpd package backdoor
1574| [65873] vsftpd vsf_filename_passes_filter denial of service
1575| [55148] VSFTPD-WEBMIN-MODULE unknown unspecified
1576| [43685] vsftpd authentication attempts denial of service
1577| [42593] vsftpd deny_file denial of service
1578| [16222] vsftpd connection denial of service
1579| [14844] vsftpd message allows attacker to obtain username
1580| [11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server
1581|
1582| Exploit-DB - https://www.exploit-db.com:
1583| [17491] VSFTPD 2.3.4 - Backdoor Command Execution
1584| [16270] vsftpd 2.3.2 - Denial of Service Vulnerability
1585| [5814] vsftpd 2.0.5 (CWD) Remote Memory Consumption Exploit (post auth)
1586|
1587| OpenVAS (Nessus) - http://www.openvas.org:
1588| [70770] Gentoo Security Advisory GLSA 201110-07 (vsftpd)
1589| [70399] Debian Security Advisory DSA 2305-1 (vsftpd)
1590|
1591| SecurityTracker - https://www.securitytracker.com:
1592| [1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
1593| [1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service
1594| [1020079] vsftpd Memory Leak in 'deny_file' Option Lets Remote Authenticated Users Deny Service
1595| [1008628] vsftpd Discloses Whether Usernames are Valid or Not
1596|
1597| OSVDB - http://www.osvdb.org:
1598| [73573] vsftpd on vsftpd.beasts.org Trojaned Distribution
1599| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
1600| [61362] Vsftpd Webmin Module Unspecified Issues
1601| [46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
1602| [45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS
1603| [36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation
1604| [28610] vsftpd SIGURG Handler Unspecified Issue
1605| [28609] vsftpd tunable_chroot_local_user Filesystem Root Access
1606| [6861] vsftpd Login Error Message Username Enumeration
1607| [6306] vsftpd Connection Handling DoS
1608| [4564] vsftpd on Red Hat Linux Restricted Access Failure
1609|_
1610Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1611Device type: general purpose|storage-misc|WAP|specialized
1612Running (JUST GUESSING): Linux 2.6.X|3.X (90%), Synology DiskStation Manager 5.X (89%), Ruckus embedded (87%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
1613OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/a:synology:diskstation_manager:5.2 cpe:/h:ruckus:zoneflex_r710 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
1614Aggressive OS guesses: Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%), Linux 2.6.32 (89%), Linux 3.10 (89%), Linux 3.4 - 3.10 (89%), Synology DiskStation Manager 5.2-5644 (89%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.32 - 3.1 (87%), Linux 2.6.39 (87%)
1615No exact OS matches for host (test conditions non-ideal).
1616Uptime guess: 6.151 days (since Sat Jan 11 15:25:04 2020)
1617Network Distance: 19 hops
1618TCP Sequence Prediction: Difficulty=249 (Good luck!)
1619IP ID Sequence Generation: All zeros
1620Service Info: OS: Unix
1621
1622TRACEROUTE (using port 21/tcp)
1623HOP RTT ADDRESS
16241 59.55 ms 10.253.204.1
16252 89.35 ms 104.245.145.177
16263 89.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
16274 89.40 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
16285 89.40 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
16296 162.24 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
16307 162.26 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
16318 89.41 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
16329 162.28 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
163310 89.46 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
163411 ...
163512 252.93 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
163613 282.77 ms ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31)
163714 282.79 ms ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232)
163815 282.78 ms xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218)
163916 ... 18
164019 302.36 ms 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1641
1642NSE: Script Post-scanning.
1643Initiating NSE at 19:03
1644Completed NSE at 19:03, 0.00s elapsed
1645Initiating NSE at 19:03
1646Completed NSE at 19:03, 0.00s elapsed
1647#######################################################################################################################################
1648# general
1649(gen) banner: SSH-2.0-OpenSSH_5.3
1650(gen) software: OpenSSH 5.3
1651(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+
1652(gen) compression: enabled (zlib@openssh.com)
1653
1654# key exchange algorithms
1655(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1656 `- [info] available since OpenSSH 4.4
1657(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1658 `- [warn] using weak hashing algorithm
1659 `- [info] available since OpenSSH 2.3.0
1660(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1661 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1662(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1663 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1664 `- [warn] using small 1024-bit modulus
1665 `- [warn] using weak hashing algorithm
1666 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1667
1668# host-key algorithms
1669(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1670(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1671 `- [warn] using small 1024-bit modulus
1672 `- [warn] using weak random number generator could reveal the key
1673 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1674
1675# encryption algorithms (ciphers)
1676(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1677(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1678(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1679(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1680 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1681 `- [warn] using weak cipher
1682 `- [info] available since OpenSSH 4.2
1683(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1684 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1685 `- [warn] using weak cipher
1686 `- [info] available since OpenSSH 4.2
1687(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1688 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1689 `- [warn] using weak cipher
1690 `- [info] available since OpenSSH 2.1.0
1691
1692# message authentication code algorithms
1693(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1694 `- [warn] using weak hashing algorithm
1695 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1696(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1697 `- [warn] using small 64-bit tag size
1698 `- [info] available since OpenSSH 4.7
1699(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1700 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1701
1702# algorithm recommendations (for OpenSSH 5.3)
1703(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1704(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1705(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1706(rec) -ssh-dss -- key algorithm to remove
1707(rec) -arcfour256 -- enc algorithm to remove
1708(rec) -arcfour -- enc algorithm to remove
1709(rec) -arcfour128 -- enc algorithm to remove
1710(rec) -hmac-sha1 -- mac algorithm to remove
1711(rec) -umac-64@openssh.com -- mac algorithm to remove
1712#######################################################################################################################################
1713Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:04 EST
1714NSE: Loaded 52 scripts for scanning.
1715NSE: Script Pre-scanning.
1716Initiating NSE at 19:04
1717Completed NSE at 19:04, 0.00s elapsed
1718Initiating NSE at 19:04
1719Completed NSE at 19:04, 0.00s elapsed
1720Initiating Parallel DNS resolution of 1 host. at 19:04
1721Completed Parallel DNS resolution of 1 host. at 19:04, 0.02s elapsed
1722Initiating SYN Stealth Scan at 19:04
1723Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [1 port]
1724Discovered open port 22/tcp on 210.152.243.182
1725Completed SYN Stealth Scan at 19:04, 0.29s elapsed (1 total ports)
1726Initiating Service scan at 19:04
1727Scanning 1 service on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1728Completed Service scan at 19:04, 0.49s elapsed (1 service on 1 host)
1729Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1730Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1731Initiating Traceroute at 19:04
1732Completed Traceroute at 19:04, 3.14s elapsed
1733Initiating Parallel DNS resolution of 16 hosts. at 19:04
1734Completed Parallel DNS resolution of 16 hosts. at 19:04, 0.60s elapsed
1735NSE: Script scanning 210.152.243.182.
1736Initiating NSE at 19:04
1737NSE: [ssh-run 210.152.243.182:22] Failed to specify credentials and command to run.
1738Completed NSE at 19:04, 9.07s elapsed
1739Initiating NSE at 19:04
1740Completed NSE at 19:04, 0.00s elapsed
1741Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
1742Host is up (0.23s latency).
1743
1744PORT STATE SERVICE VERSION
174522/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1746| ssh-auth-methods:
1747| Supported authentication methods:
1748| publickey
1749| gssapi-keyex
1750|_ gssapi-with-mic
1751|_ssh-brute: Password authentication not allowed
1752| ssh-hostkey:
1753| 1024 32:f5:43:98:e4:79:26:84:a6:cf:e6:f9:0c:53:ae:fa (DSA)
1754| ssh-dss AAAAB3NzaC1kc3MAAACBALUMraZHxApa4De5uDgrSl/qVuftYEIV7npEzkfjtj7v5pLihx8M8UGy0tu08GUKqZayLSevxbaywSFyRiCajqQlYgAkgzR7EyrunqeLupeSOUdl0ovASOqyFBmh0AhsHMMOPjoo/wL2e5M+7/4FSyVipO1hDLTeVRyczKGZB08pAAAAFQC8Ca+wajoHDzZwpbjU5z887pJkKwAAAIBGyjUCJbEc1FmSgKxFPNnw+EtTo2FwuZJK8Qz8b5306AZspiMStJVdd/PgnD9sU5UDeiNFeubeEkIWFEcPtVpeR/tPjqm3WmqqfQ33HyyuSU0nWrWOrsqAzypwdckrqPjDPy4r+Xvoy7rCltiifq3BQZpFfSKgGxjg0JBCvUXu3QAAAIB7vofhmaCDxhBI5R5XHluJFZSX4Fb7kjfcVy+7J47f1mgtXXfvXiIqceMKmeiSpYMgj+wxbUBz6rIyR8dYQpj3gPAllASFhmriNeWkfnzQDmCUNBfXb33TRct8jPtgzepaYQKGk+D4A0tVmwChmq576RhZuZxeuMuMKJpui3yncw==
1755| 2048 d2:03:22:55:28:5e:0e:72:ae:f2:8e:47:95:0a:1a:2c (RSA)
1756|_ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2R+zOio3Jn1GxLGdR+aGoBjnGbtKY/4dRBbOCcxkLEurdBUi1E33Fe0tJFsjVUW4B+C0lpJxEyknY1sHqXUIpsu60L9LJjbmoetTitRuIybTHzGNB1pzkY2f2HsQzrtk82b7Auyc8dCXCFgKYj3Bfcm6uu9mUtmTUJyn/U4madYlOwOlBkM1s4C4stopkEn1cpuqLZkQNnwuEgUVJDitkw/iPdHbheTRvl1AtiTcN97fwmltj24GcMJpdU0+paW5WZmH1yDSo/loFubXyqSFFMO+Y8PmR/aFENQPcA/q9i78Si3UTFG6goY6nXELpuKSQgrrENc4Eh6DiN2WxUhupQ==
1757| ssh-publickey-acceptance:
1758|_ Accepted Public Keys: No public keys accepted
1759|_ssh-run: Failed to specify credentials and command to run.
1760| vulners:
1761| cpe:/a:openbsd:openssh:5.3:
1762| CVE-2014-1692 7.5 https://vulners.com/cve/CVE-2014-1692
1763| CVE-2010-4478 7.5 https://vulners.com/cve/CVE-2010-4478
1764| CVE-2017-15906 5.0 https://vulners.com/cve/CVE-2017-15906
1765| CVE-2016-10708 5.0 https://vulners.com/cve/CVE-2016-10708
1766| CVE-2010-5107 5.0 https://vulners.com/cve/CVE-2010-5107
1767| CVE-2016-0777 4.0 https://vulners.com/cve/CVE-2016-0777
1768| CVE-2010-4755 4.0 https://vulners.com/cve/CVE-2010-4755
1769| CVE-2012-0814 3.5 https://vulners.com/cve/CVE-2012-0814
1770| CVE-2011-5000 3.5 https://vulners.com/cve/CVE-2011-5000
1771|_ CVE-2011-4327 2.1 https://vulners.com/cve/CVE-2011-4327
1772| vulscan: VulDB - https://vuldb.com:
1773| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
1774| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
1775| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
1776| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
1777|
1778| MITRE CVE - https://cve.mitre.org:
1779| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
1780| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
1781| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
1782| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
1783| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
1784| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
1785| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
1786| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
1787| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
1788|
1789| SecurityFocus - https://www.securityfocus.com/bid/:
1790| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
1791| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
1792| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
1793| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
1794| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
1795| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
1796| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
1797| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
1798| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
1799| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
1800| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
1801| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
1802| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
1803| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
1804| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
1805| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
1806| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
1807| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
1808| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
1809| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
1810| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
1811| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
1812| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
1813| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
1814| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
1815| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
1816| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
1817| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
1818| [75990] OpenSSH Login Handling Security Bypass Weakness
1819| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
1820| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
1821| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
1822| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
1823| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
1824| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
1825| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
1826| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
1827| [61286] OpenSSH Remote Denial of Service Vulnerability
1828| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
1829| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
1830| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
1831| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
1832| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
1833| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
1834| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
1835| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
1836| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
1837| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
1838| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
1839| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
1840| [30794] Red Hat OpenSSH Backdoor Vulnerability
1841| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
1842| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
1843| [28531] OpenSSH ForceCommand Command Execution Weakness
1844| [28444] OpenSSH X Connections Session Hijacking Vulnerability
1845| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
1846| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
1847| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
1848| [20956] OpenSSH Privilege Separation Key Signature Weakness
1849| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
1850| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
1851| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
1852| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
1853| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
1854| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
1855| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
1856| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
1857| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
1858| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
1859| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
1860| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
1861| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
1862| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
1863| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
1864| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
1865| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
1866| [6168] OpenSSH Visible Password Vulnerability
1867| [5374] OpenSSH Trojan Horse Vulnerability
1868| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
1869| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
1870| [4241] OpenSSH Channel Code Off-By-One Vulnerability
1871| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
1872| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
1873| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
1874| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
1875| [2917] OpenSSH PAM Session Evasion Vulnerability
1876| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
1877| [2356] OpenSSH Private Key Authentication Check Vulnerability
1878| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
1879| [1334] OpenSSH UseLogin Vulnerability
1880|
1881| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1882| [83258] GSI-OpenSSH auth-pam.c security bypass
1883| [82781] OpenSSH time limit denial of service
1884| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
1885| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
1886| [72756] Debian openssh-server commands information disclosure
1887| [68339] OpenSSH pam_thread buffer overflow
1888| [67264] OpenSSH ssh-keysign unauthorized access
1889| [65910] OpenSSH remote_glob function denial of service
1890| [65163] OpenSSH certificate information disclosure
1891| [64387] OpenSSH J-PAKE security bypass
1892| [63337] Cisco Unified Videoconferencing OpenSSH weak security
1893| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
1894| [45202] OpenSSH signal handler denial of service
1895| [44747] RHEL OpenSSH backdoor
1896| [44280] OpenSSH PermitRootLogin information disclosure
1897| [44279] OpenSSH sshd weak security
1898| [44037] OpenSSH sshd SELinux role unauthorized access
1899| [43940] OpenSSH X11 forwarding information disclosure
1900| [41549] OpenSSH ForceCommand directive security bypass
1901| [41438] OpenSSH sshd session hijacking
1902| [40897] OpenSSH known_hosts weak security
1903| [40587] OpenSSH username weak security
1904| [37371] OpenSSH username data manipulation
1905| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
1906| [37112] RHSA update for OpenSSH signal handler race condition not installed
1907| [37107] RHSA update for OpenSSH identical block denial of service not installed
1908| [36637] OpenSSH X11 cookie privilege escalation
1909| [35167] OpenSSH packet.c newkeys[mode] denial of service
1910| [34490] OpenSSH OPIE information disclosure
1911| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
1912| [32975] Apple Mac OS X OpenSSH denial of service
1913| [32387] RHSA-2006:0738 updates for openssh not installed
1914| [32359] RHSA-2006:0697 updates for openssh not installed
1915| [32230] RHSA-2006:0298 updates for openssh not installed
1916| [32132] RHSA-2006:0044 updates for openssh not installed
1917| [30120] OpenSSH privilege separation monitor authentication verification weakness
1918| [29255] OpenSSH GSSAPI user enumeration
1919| [29254] OpenSSH signal handler race condition
1920| [29158] OpenSSH identical block denial of service
1921| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
1922| [25116] OpenSSH OpenPAM denial of service
1923| [24305] OpenSSH SCP shell expansion command execution
1924| [22665] RHSA-2005:106 updates for openssh not installed
1925| [22117] OpenSSH GSSAPI allows elevated privileges
1926| [22115] OpenSSH GatewayPorts security bypass
1927| [20930] OpenSSH sshd.c LoginGraceTime denial of service
1928| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
1929| [17213] OpenSSH allows port bouncing attacks
1930| [16323] OpenSSH scp file overwrite
1931| [13797] OpenSSH PAM information leak
1932| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
1933| [13264] OpenSSH PAM code could allow an attacker to gain access
1934| [13215] OpenSSH buffer management errors could allow an attacker to execute code
1935| [13214] OpenSSH memory vulnerabilities
1936| [13191] OpenSSH large packet buffer overflow
1937| [12196] OpenSSH could allow an attacker to bypass login restrictions
1938| [11970] OpenSSH could allow an attacker to obtain valid administrative account
1939| [11902] OpenSSH PAM support enabled information leak
1940| [9803] OpenSSH "
1941| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
1942| [9307] OpenSSH is running on the system
1943| [9169] OpenSSH "
1944| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
1945| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
1946| [8383] OpenSSH off-by-one error in channel code
1947| [7647] OpenSSH UseLogin option arbitrary code execution
1948| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
1949| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
1950| [7179] OpenSSH source IP access control bypass
1951| [6757] OpenSSH "
1952| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
1953| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
1954| [5517] OpenSSH allows unauthorized access to resources
1955| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
1956|
1957| Exploit-DB - https://www.exploit-db.com:
1958| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
1959| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
1960| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
1961| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
1962| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
1963| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
1964| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
1965| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
1966| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
1967| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
1968| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
1969| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
1970| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
1971| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
1972|
1973| OpenVAS (Nessus) - http://www.openvas.org:
1974| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
1975| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
1976| [881183] CentOS Update for openssh CESA-2012:0884 centos6
1977| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
1978| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
1979| [870763] RedHat Update for openssh RHSA-2012:0884-04
1980| [870129] RedHat Update for openssh RHSA-2008:0855-01
1981| [861813] Fedora Update for openssh FEDORA-2010-5429
1982| [861319] Fedora Update for openssh FEDORA-2007-395
1983| [861170] Fedora Update for openssh FEDORA-2007-394
1984| [861012] Fedora Update for openssh FEDORA-2007-715
1985| [840345] Ubuntu Update for openssh vulnerability USN-597-1
1986| [840300] Ubuntu Update for openssh update USN-612-5
1987| [840271] Ubuntu Update for openssh vulnerability USN-612-2
1988| [840268] Ubuntu Update for openssh update USN-612-7
1989| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
1990| [840214] Ubuntu Update for openssh vulnerability USN-566-1
1991| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
1992| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
1993| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
1994| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
1995| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
1996| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
1997| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
1998| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
1999| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2000| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2001| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2002| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2003| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2004| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2005| [65987] SLES10: Security update for OpenSSH
2006| [65819] SLES10: Security update for OpenSSH
2007| [65514] SLES9: Security update for OpenSSH
2008| [65513] SLES9: Security update for OpenSSH
2009| [65334] SLES9: Security update for OpenSSH
2010| [65248] SLES9: Security update for OpenSSH
2011| [65218] SLES9: Security update for OpenSSH
2012| [65169] SLES9: Security update for openssh,openssh-askpass
2013| [65126] SLES9: Security update for OpenSSH
2014| [65019] SLES9: Security update for OpenSSH
2015| [65015] SLES9: Security update for OpenSSH
2016| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2017| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2018| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2019| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2020| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2021| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2022| [60667] Slackware Advisory SSA:2008-095-01 openssh
2023| [59014] Slackware Advisory SSA:2007-255-01 openssh
2024| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2025| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2026| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2027| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2028| [57492] Slackware Advisory SSA:2006-272-02 openssh
2029| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2030| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2031| [57470] FreeBSD Ports: openssh
2032| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2033| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2034| [56294] Slackware Advisory SSA:2006-045-06 openssh
2035| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2036| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2037| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2038| [53788] Debian Security Advisory DSA 025-1 (openssh)
2039| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2040| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2041| [11343] OpenSSH Client Unauthorized Remote Forwarding
2042| [10954] OpenSSH AFS/Kerberos ticket/token passing
2043| [10883] OpenSSH Channel Code Off by 1
2044| [10823] OpenSSH UseLogin Environment Variables
2045|
2046| SecurityTracker - https://www.securitytracker.com:
2047| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2048| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2049| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2050| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2051| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2052| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2053| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2054| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2055| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2056| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2057| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2058| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2059| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2060| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2061| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2062| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2063| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2064| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2065| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2066| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2067| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2068| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2069| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2070| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2071| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2072| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2073| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2074| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2075| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2076| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2077| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2078| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2079| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2080| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2081| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2082| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2083| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2084| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2085|
2086| OSVDB - http://www.osvdb.org:
2087| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2088| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2089| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2090| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2091| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2092| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2093| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2094| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2095| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2096| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2097| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2098| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2099| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2100| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2101| [56921] OpenSSH Unspecified Remote Compromise
2102| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2103| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2104| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2105| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2106| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2107| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2108| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2109| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2110| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2111| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2112| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2113| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2114| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2115| [34601] OPIE w/ OpenSSH Account Enumeration
2116| [34600] OpenSSH S/KEY Authentication Account Enumeration
2117| [32721] OpenSSH Username Password Complexity Account Enumeration
2118| [30232] OpenSSH Privilege Separation Monitor Weakness
2119| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2120| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2121| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2122| [29152] OpenSSH Identical Block Packet DoS
2123| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2124| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2125| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2126| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2127| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2128| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2129| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2130| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2131| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2132| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2133| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2134| [6601] OpenSSH *realloc() Unspecified Memory Errors
2135| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2136| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2137| [6072] OpenSSH PAM Conversation Function Stack Modification
2138| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2139| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2140| [5408] OpenSSH echo simulation Information Disclosure
2141| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2142| [4536] OpenSSH Portable AIX linker Privilege Escalation
2143| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2144| [3456] OpenSSH buffer_append_space() Heap Corruption
2145| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2146| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2147| [2112] OpenSSH Reverse DNS Lookup Bypass
2148| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2149| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2150| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2151| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2152| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2153| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2154| [642] OpenSSH Multiple Key Type ACL Bypass
2155| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2156| [341] OpenSSH UseLogin Local Privilege Escalation
2157|_
2158Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2159Device type: general purpose|WAP|storage-misc|specialized
2160Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
2161OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
2162Aggressive OS guesses: Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%)
2163No exact OS matches for host (test conditions non-ideal).
2164Uptime guess: 6.153 days (since Sat Jan 11 15:25:04 2020)
2165Network Distance: 19 hops
2166TCP Sequence Prediction: Difficulty=259 (Good luck!)
2167IP ID Sequence Generation: All zeros
2168
2169TRACEROUTE (using port 22/tcp)
2170HOP RTT ADDRESS
21711 59.85 ms 10.253.204.1
21722 89.62 ms 104.245.145.177
21733 89.65 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
21744 89.64 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
21755 89.66 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
21766 89.67 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
21777 119.77 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
21788 119.79 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
21799 119.80 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
218010 89.70 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
218111 138.83 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
218212 222.99 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
218313 252.62 ms ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31)
218414 252.65 ms ae-2.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.106)
218515 252.62 ms xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218)
218616 ... 18
218719 222.37 ms 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
2188
2189NSE: Script Post-scanning.
2190Initiating NSE at 19:04
2191Completed NSE at 19:04, 0.00s elapsed
2192Initiating NSE at 19:04
2193Completed NSE at 19:04, 0.00s elapsed
2194#######################################################################################################################################
2195USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2196RHOSTS => 210.152.243.182
2197RHOST => 210.152.243.182
2198[*] 210.152.243.182:22 - SSH - Using malformed packet technique
2199[*] 210.152.243.182:22 - SSH - Starting scan
2200[-] 210.152.243.182:22 - SSH - User 'admin' on could not connect
2201[-] 210.152.243.182:22 - SSH - User 'administrator' on could not connect
2202[-] 210.152.243.182:22 - SSH - User 'anonymous' on could not connect
2203[-] 210.152.243.182:22 - SSH - User 'backup' on could not connect
2204[-] 210.152.243.182:22 - SSH - User 'bee' on could not connect
2205[-] 210.152.243.182:22 - SSH - User 'ftp' on could not connect
2206[-] 210.152.243.182:22 - SSH - User 'guest' on could not connect
2207[-] 210.152.243.182:22 - SSH - User 'GUEST' on could not connect
2208[-] 210.152.243.182:22 - SSH - User 'info' on could not connect
2209[-] 210.152.243.182:22 - SSH - User 'mail' on could not connect
2210[-] 210.152.243.182:22 - SSH - User 'mailadmin' on could not connect
2211[-] 210.152.243.182:22 - SSH - User 'msfadmin' on could not connect
2212[-] 210.152.243.182:22 - SSH - User 'mysql' on could not connect
2213[-] 210.152.243.182:22 - SSH - User 'nobody' on could not connect
2214[-] 210.152.243.182:22 - SSH - User 'oracle' on could not connect
2215[-] 210.152.243.182:22 - SSH - User 'owaspbwa' on could not connect
2216[-] 210.152.243.182:22 - SSH - User 'postfix' on could not connect
2217[-] 210.152.243.182:22 - SSH - User 'postgres' on could not connect
2218[-] 210.152.243.182:22 - SSH - User 'private' on could not connect
2219[-] 210.152.243.182:22 - SSH - User 'proftpd' on could not connect
2220[-] 210.152.243.182:22 - SSH - User 'public' on could not connect
2221[-] 210.152.243.182:22 - SSH - User 'root' on could not connect
2222[-] 210.152.243.182:22 - SSH - User 'superadmin' on could not connect
2223[-] 210.152.243.182:22 - SSH - User 'support' on could not connect
2224[-] 210.152.243.182:22 - SSH - User 'sys' on could not connect
2225[-] 210.152.243.182:22 - SSH - User 'system' on could not connect
2226[-] 210.152.243.182:22 - SSH - User 'systemadmin' on could not connect
2227[-] 210.152.243.182:22 - SSH - User 'systemadministrator' on could not connect
2228[-] 210.152.243.182:22 - SSH - User 'test' on could not connect
2229[-] 210.152.243.182:22 - SSH - User 'tomcat' on could not connect
2230[-] 210.152.243.182:22 - SSH - User 'user' on could not connect
2231[-] 210.152.243.182:22 - SSH - User 'webmaster' on could not connect
2232[-] 210.152.243.182:22 - SSH - User 'www-data' on could not connect
2233[-] 210.152.243.182:22 - SSH - User 'Fortimanager_Access' on could not connect
2234[*] Scanned 1 of 1 hosts (100% complete)
2235[*] Auxiliary module execution completed
2236#######################################################################################################################################
2237HTTP/1.1 302 Found
2238Date: Sat, 18 Jan 2020 00:13:43 GMT
2239Server: Apache
2240Location: https://210.152.243.182/
2241Connection: close
2242Content-Type: text/html; charset=iso-8859-1
2243######################################################################################################################################
2244http://210.152.243.182 [302 Found] Apache, Country[JAPAN][JP], HTTPServer[Apache], IP[210.152.243.182], RedirectLocation[https://210.152.243.182/], Title[302 Found]
2245https://210.152.243.182/ [200 OK] Apache, Content-Language[ja], Country[JAPAN][JP], Frame, Google-Analytics[UA-19915938-1], HTTPServer[Apache], IP[210.152.243.182], PHP[5,5.1,5.1.6], Script[text/javascript], Title[������١�����ʤɷ�����Ȥä��������Υ쥷�Ԥ������Τޤǡ�������Τ��Ȥʤ餯���鲣���ޤǡ�], X-Powered-By[PHP/5.1.6]
2246#######################################################################################################################################
2247===============================================================
2248Gobuster v3.0.1
2249by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
2250===============================================================
2251[+] Url: http://210.152.243.182
2252[+] Threads: 10
2253[+] Wordlist: /usr/share/sniper/wordlists/vhosts.txt
2254[+] User Agent: gobuster/3.0.1
2255[+] Timeout: 10s
2256===============================================================
22572020/01/17 19:14:31 Starting gobuster
2258===============================================================
2259Found: admin.210.152.243.182 (Status: 302) [Size: 214]
2260Found: alpha.210.152.243.182 (Status: 302) [Size: 214]
2261Found: api.210.152.243.182 (Status: 302) [Size: 212]
2262Found: alerts.210.152.243.182 (Status: 302) [Size: 215]
2263Found: ads.210.152.243.182 (Status: 302) [Size: 212]
2264Found: adserver.210.152.243.182 (Status: 302) [Size: 217]
2265Found: administration.210.152.243.182 (Status: 302) [Size: 223]
2266Found: ap.210.152.243.182 (Status: 302) [Size: 211]
2267Found: apache.210.152.243.182 (Status: 302) [Size: 215]
2268Found: 127.0.0.1.210.152.243.182 (Status: 302) [Size: 218]
2269Found: backup.210.152.243.182 (Status: 302) [Size: 215]
2270Found: appserver.210.152.243.182 (Status: 302) [Size: 218]
2271Found: beta.210.152.243.182 (Status: 302) [Size: 213]
2272Found: auth.210.152.243.182 (Status: 302) [Size: 213]
2273Found: blog.210.152.243.182 (Status: 302) [Size: 213]
2274Found: chat.210.152.243.182 (Status: 302) [Size: 213]
2275Found: aptest.210.152.243.182 (Status: 302) [Size: 215]
2276Found: apps.210.152.243.182 (Status: 302) [Size: 213]
2277Found: app.210.152.243.182 (Status: 302) [Size: 212]
2278Found: cdn.210.152.243.182 (Status: 302) [Size: 212]
2279Found: dashboard.210.152.243.182 (Status: 302) [Size: 218]
2280Found: citrix.210.152.243.182 (Status: 302) [Size: 215]
2281Found: crs.210.152.243.182 (Status: 302) [Size: 212]
2282Found: corp.210.152.243.182 (Status: 302) [Size: 213]
2283Found: cvs.210.152.243.182 (Status: 302) [Size: 212]
2284Found: cms.210.152.243.182 (Status: 302) [Size: 212]
2285Found: demo.210.152.243.182 (Status: 302) [Size: 213]
2286Found: db.210.152.243.182 (Status: 302) [Size: 211]
2287Found: database.210.152.243.182 (Status: 302) [Size: 217]
2288Found: dev.210.152.243.182 (Status: 302) [Size: 212]
2289Found: devel.210.152.243.182 (Status: 302) [Size: 214]
2290Found: development.210.152.243.182 (Status: 302) [Size: 220]
2291Found: devsql.210.152.243.182 (Status: 302) [Size: 215]
2292Found: devtest.210.152.243.182 (Status: 302) [Size: 216]
2293Found: dhcp.210.152.243.182 (Status: 302) [Size: 213]
2294Found: dmz.210.152.243.182 (Status: 302) [Size: 212]
2295Found: direct.210.152.243.182 (Status: 302) [Size: 215]
2296Found: dns1.210.152.243.182 (Status: 302) [Size: 213]
2297Found: dns0.210.152.243.182 (Status: 302) [Size: 213]
2298Found: dns.210.152.243.182 (Status: 302) [Size: 212]
2299Found: erp.210.152.243.182 (Status: 302) [Size: 212]
2300Found: en.210.152.243.182 (Status: 302) [Size: 211]
2301Found: dns2.210.152.243.182 (Status: 302) [Size: 213]
2302Found: eshop.210.152.243.182 (Status: 302) [Size: 214]
2303Found: download.210.152.243.182 (Status: 302) [Size: 217]
2304Found: f5.210.152.243.182 (Status: 302) [Size: 211]
2305Found: exchange.210.152.243.182 (Status: 302) [Size: 217]
2306Found: forum.210.152.243.182 (Status: 302) [Size: 214]
2307Found: firewall.210.152.243.182 (Status: 302) [Size: 217]
2308Found: fileserver.210.152.243.182 (Status: 302) [Size: 219]
2309Found: ftp0.210.152.243.182 (Status: 302) [Size: 213]
2310Found: ftp.210.152.243.182 (Status: 302) [Size: 212]
2311Found: git.210.152.243.182 (Status: 302) [Size: 212]
2312Found: gw.210.152.243.182 (Status: 302) [Size: 211]
2313Found: help.210.152.243.182 (Status: 302) [Size: 213]
2314Found: host.210.152.243.182 (Status: 302) [Size: 213]
2315Found: http.210.152.243.182 (Status: 302) [Size: 213]
2316Found: home.210.152.243.182 (Status: 302) [Size: 213]
2317Found: helpdesk.210.152.243.182 (Status: 302) [Size: 217]
2318Found: id.210.152.243.182 (Status: 302) [Size: 211]
2319Found: internet.210.152.243.182 (Status: 302) [Size: 217]
2320Found: internal.210.152.243.182 (Status: 302) [Size: 217]
2321Found: images.210.152.243.182 (Status: 302) [Size: 215]
2322Found: info.210.152.243.182 (Status: 302) [Size: 213]
2323Found: intra.210.152.243.182 (Status: 302) [Size: 214]
2324Found: lab.210.152.243.182 (Status: 302) [Size: 212]
2325Found: intranet.210.152.243.182 (Status: 302) [Size: 217]
2326Found: ipv6.210.152.243.182 (Status: 302) [Size: 213]
2327Found: ldap.210.152.243.182 (Status: 302) [Size: 213]
2328Found: linux.210.152.243.182 (Status: 302) [Size: 214]
2329Found: local.210.152.243.182 (Status: 302) [Size: 214]
2330Found: localhost.210.152.243.182 (Status: 302) [Size: 218]
2331Found: log.210.152.243.182 (Status: 302) [Size: 212]
2332Found: m.210.152.243.182 (Status: 302) [Size: 210]
2333Found: main.210.152.243.182 (Status: 302) [Size: 213]
2334Found: manage.210.152.243.182 (Status: 302) [Size: 215]
2335Found: mail3.210.152.243.182 (Status: 302) [Size: 214]
2336Found: mailgate.210.152.243.182 (Status: 302) [Size: 217]
2337Found: mail.210.152.243.182 (Status: 302) [Size: 213]
2338Found: mail2.210.152.243.182 (Status: 302) [Size: 214]
2339Found: mirror.210.152.243.182 (Status: 302) [Size: 215]
2340Found: mgmt.210.152.243.182 (Status: 302) [Size: 213]
2341Found: monitor.210.152.243.182 (Status: 302) [Size: 216]
2342Found: mobile.210.152.243.182 (Status: 302) [Size: 215]
2343Found: mx0.210.152.243.182 (Status: 302) [Size: 212]
2344Found: mta.210.152.243.182 (Status: 302) [Size: 212]
2345Found: mx.210.152.243.182 (Status: 302) [Size: 211]
2346Found: mssql.210.152.243.182 (Status: 302) [Size: 214]
2347Found: mx1.210.152.243.182 (Status: 302) [Size: 212]
2348Found: mysql.210.152.243.182 (Status: 302) [Size: 214]
2349Found: noc.210.152.243.182 (Status: 302) [Size: 212]
2350Found: news.210.152.243.182 (Status: 302) [Size: 213]
2351Found: ns.210.152.243.182 (Status: 302) [Size: 211]
2352Found: old.210.152.243.182 (Status: 302) [Size: 212]
2353Found: ns2.210.152.243.182 (Status: 302) [Size: 212]
2354Found: ops.210.152.243.182 (Status: 302) [Size: 212]
2355Found: ns1.210.152.243.182 (Status: 302) [Size: 212]
2356Found: ns0.210.152.243.182 (Status: 302) [Size: 212]
2357Found: ntp.210.152.243.182 (Status: 302) [Size: 212]
2358Found: ns3.210.152.243.182 (Status: 302) [Size: 212]
2359Found: oracle.210.152.243.182 (Status: 302) [Size: 215]
2360Found: owa.210.152.243.182 (Status: 302) [Size: 212]
2361Found: portal.210.152.243.182 (Status: 302) [Size: 215]
2362Found: server.210.152.243.182 (Status: 302) [Size: 215]
2363Found: s3.210.152.243.182 (Status: 302) [Size: 211]
2364Found: pbx.210.152.243.182 (Status: 302) [Size: 212]
2365Found: secure.210.152.243.182 (Status: 302) [Size: 215]
2366Found: sharepoint.210.152.243.182 (Status: 302) [Size: 219]
2367Found: sip.210.152.243.182 (Status: 302) [Size: 212]
2368Found: shop.210.152.243.182 (Status: 302) [Size: 213]
2369Found: sql.210.152.243.182 (Status: 302) [Size: 212]
2370Found: smtp.210.152.243.182 (Status: 302) [Size: 213]
2371Found: squid.210.152.243.182 (Status: 302) [Size: 214]
2372Found: ssh.210.152.243.182 (Status: 302) [Size: 212]
2373Found: ssl.210.152.243.182 (Status: 302) [Size: 212]
2374Found: stage.210.152.243.182 (Status: 302) [Size: 214]
2375Found: staging.210.152.243.182 (Status: 302) [Size: 216]
2376Found: status.210.152.243.182 (Status: 302) [Size: 215]
2377Found: stats.210.152.243.182 (Status: 302) [Size: 214]
2378Found: svn.210.152.243.182 (Status: 302) [Size: 212]
2379Found: test2.210.152.243.182 (Status: 302) [Size: 214]
2380Found: syslog.210.152.243.182 (Status: 302) [Size: 215]
2381Found: test.210.152.243.182 (Status: 302) [Size: 213]
2382Found: testing.210.152.243.182 (Status: 302) [Size: 216]
2383Found: test1.210.152.243.182 (Status: 302) [Size: 214]
2384Found: upload.210.152.243.182 (Status: 302) [Size: 215]
2385Found: v1.210.152.243.182 (Status: 302) [Size: 211]
2386Found: uat.210.152.243.182 (Status: 302) [Size: 212]
2387Found: v2.210.152.243.182 (Status: 302) [Size: 211]
2388Found: v3.210.152.243.182 (Status: 302) [Size: 211]
2389Found: web.210.152.243.182 (Status: 302) [Size: 212]
2390Found: vnc.210.152.243.182 (Status: 302) [Size: 212]
2391Found: vm.210.152.243.182 (Status: 302) [Size: 211]
2392Found: vpn.210.152.243.182 (Status: 302) [Size: 212]
2393Found: whois.210.152.243.182 (Status: 302) [Size: 214]
2394Found: web2test.210.152.243.182 (Status: 302) [Size: 217]
2395Found: www.210.152.243.182 (Status: 302) [Size: 212]
2396Found: voip.210.152.243.182 (Status: 302) [Size: 213]
2397Found: wiki.210.152.243.182 (Status: 302) [Size: 213]
2398Found: www2.210.152.243.182 (Status: 302) [Size: 213]
2399Found: xml.210.152.243.182 (Status: 302) [Size: 212]
2400===============================================================
24012020/01/17 19:14:41 Finished
2402===============================================================
2403#######################################################################################################################################
2404Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:14 EST
2405NSE: Loaded 162 scripts for scanning.
2406NSE: Script Pre-scanning.
2407Initiating NSE at 19:14
2408Completed NSE at 19:14, 0.00s elapsed
2409Initiating NSE at 19:14
2410Completed NSE at 19:14, 0.00s elapsed
2411Initiating Parallel DNS resolution of 1 host. at 19:14
2412Completed Parallel DNS resolution of 1 host. at 19:14, 0.02s elapsed
2413Initiating SYN Stealth Scan at 19:14
2414Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [1 port]
2415Discovered open port 80/tcp on 210.152.243.182
2416Completed SYN Stealth Scan at 19:14, 0.26s elapsed (1 total ports)
2417Initiating Service scan at 19:14
2418Scanning 1 service on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
2419Completed Service scan at 19:14, 6.50s elapsed (1 service on 1 host)
2420Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
2421Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
2422Initiating Traceroute at 19:14
2423Completed Traceroute at 19:14, 3.14s elapsed
2424Initiating Parallel DNS resolution of 16 hosts. at 19:14
2425Completed Parallel DNS resolution of 16 hosts. at 19:14, 0.33s elapsed
2426NSE: Script scanning 210.152.243.182.
2427Initiating NSE at 19:14
2428Completed NSE at 19:16, 90.36s elapsed
2429Initiating NSE at 19:16
2430Completed NSE at 19:16, 1.17s elapsed
2431Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
2432Host is up (0.24s latency).
2433
2434PORT STATE SERVICE VERSION
243580/tcp open http Apache httpd
2436| http-brute:
2437|_ Path "/" does not require authentication
2438|_http-chrono: Request times for /; avg: 734.29ms; min: 598.21ms; max: 975.22ms
2439|_http-csrf: Couldn't find any CSRF vulnerabilities.
2440|_http-date: Sat, 18 Jan 2020 00:14:57 GMT; -4s from local time.
2441|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2442|_http-dombased-xss: Couldn't find any DOM based XSS.
2443|_http-errors: Couldn't find any error pages.
2444|_http-feed: Couldn't find any feeds.
2445|_http-fetch: Please enter the complete path of the directory to save data in.
2446| http-headers:
2447| Date: Sat, 18 Jan 2020 00:15:12 GMT
2448| Server: Apache
2449| Location: https://210-152-243-182.jp-west.compute.idcfcloud.com/
2450| Content-Length: 238
2451| Connection: close
2452| Content-Type: text/html; charset=iso-8859-1
2453|
2454|_ (Request type: GET)
2455|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2456| http-methods:
2457|_ Supported Methods: GET HEAD POST OPTIONS
2458|_http-mobileversion-checker: No mobile version detected.
2459|_http-passwd: ERROR: Script execution failed (use -d to debug)
2460|_http-security-headers:
2461|_http-server-header: Apache
2462| http-sitemap-generator:
2463| Directory structure:
2464| Longest directory structure:
2465| Depth: 0
2466| Dir: /
2467| Total files found (by extension):
2468|_
2469|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2470|_http-title: Did not follow redirect to https://210-152-243-182.jp-west.compute.idcfcloud.com/
2471| http-vhosts:
2472|_127 names had status 302
2473|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2474|_http-xssed: No previously reported XSS vuln.
2475|_https-redirect: ERROR: Script execution failed (use -d to debug)
2476| vulscan: VulDB - https://vuldb.com:
2477| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2478| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2479| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2480| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2481| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2482| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2483| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2484| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2485| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2486| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2487| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2488| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2489| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2490| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2491| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2492| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2493| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2494| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2495| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2496| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2497| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2498| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2499| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2500| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2501| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2502| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2503| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2504| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2505| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2506| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2507| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2508| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2509| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2510| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2511| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2512| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2513| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2514| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2515| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2516| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2517| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2518| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2519| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2520| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2521| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2522| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2523| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2524| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2525| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2526| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2527| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2528| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2529| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2530| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2531| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2532| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2533| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2534| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2535| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2536| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2537| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2538| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2539| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2540| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2541| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2542| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2543| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2544| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2545| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2546| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2547| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2548| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2549| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2550| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2551| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2552| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2553| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2554| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2555| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2556| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2557| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2558| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2559| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2560| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2561| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2562| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2563| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2564| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2565| [136370] Apache Fineract up to 1.2.x sql injection
2566| [136369] Apache Fineract up to 1.2.x sql injection
2567| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2568| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2569| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2570| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2571| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2572| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2573| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2574| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2575| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2576| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2577| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2578| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2579| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2580| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2581| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2582| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2583| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2584| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2585| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2586| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2587| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2588| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2589| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2590| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2591| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2592| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2593| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2594| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2595| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2596| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2597| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2598| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2599| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2600| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2601| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2602| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2603| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2604| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2605| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2606| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2607| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2608| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2609| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2610| [130629] Apache Guacamole Cookie Flag weak encryption
2611| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2612| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2613| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2614| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2615| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2616| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2617| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2618| [130123] Apache Airflow up to 1.8.2 information disclosure
2619| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2620| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2621| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2622| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2623| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2624| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2625| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2626| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2627| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2628| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2629| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2630| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2631| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2632| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2633| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2634| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2635| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2636| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2637| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2638| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2639| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2640| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2641| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2642| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2643| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2644| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2645| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2646| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2647| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2648| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2649| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2650| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2651| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2652| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2653| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2654| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2655| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2656| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2657| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2658| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2659| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2660| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2661| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2662| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2663| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2664| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2665| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2666| [127007] Apache Spark Request Code Execution
2667| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2668| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2669| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2670| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2671| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2672| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2673| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2674| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2675| [126346] Apache Tomcat Path privilege escalation
2676| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2677| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2678| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2679| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2680| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2681| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2682| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2683| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2684| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2685| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2686| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2687| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2688| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2689| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2690| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2691| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2692| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2693| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2694| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2695| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2696| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2697| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2698| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2699| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2700| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2701| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2702| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2703| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2704| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2705| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2706| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2707| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2708| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2709| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2710| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2711| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2712| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2713| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2714| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2715| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2716| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2717| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2718| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2719| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2720| [123197] Apache Sentry up to 2.0.0 privilege escalation
2721| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2722| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2723| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2724| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2725| [122800] Apache Spark 1.3.0 REST API weak authentication
2726| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2727| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2728| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2729| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2730| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2731| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2732| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2733| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2734| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2735| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2736| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2737| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2738| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2739| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2740| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2741| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2742| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2743| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2744| [121354] Apache CouchDB HTTP API Code Execution
2745| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2746| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2747| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2748| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2749| [120168] Apache CXF weak authentication
2750| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2751| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2752| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2753| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2754| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2755| [119306] Apache MXNet Network Interface privilege escalation
2756| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2757| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2758| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2759| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2760| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2761| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2762| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2763| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2764| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2765| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2766| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2767| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2768| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2769| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2770| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2771| [117115] Apache Tika up to 1.17 tika-server command injection
2772| [116929] Apache Fineract getReportType Parameter privilege escalation
2773| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2774| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2775| [116926] Apache Fineract REST Parameter privilege escalation
2776| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2777| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2778| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2779| [115883] Apache Hive up to 2.3.2 privilege escalation
2780| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2781| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2782| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2783| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2784| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2785| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2786| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2787| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2788| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2789| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2790| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2791| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2792| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2793| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2794| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2795| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2796| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2797| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2798| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2799| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2800| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2801| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2802| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2803| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2804| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2805| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2806| [113895] Apache Geode up to 1.3.x Code Execution
2807| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2808| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2809| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2810| [113747] Apache Tomcat Servlets privilege escalation
2811| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2812| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2813| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2814| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2815| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2816| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2817| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2818| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2819| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2820| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2821| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2822| [112885] Apache Allura up to 1.8.0 File information disclosure
2823| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2824| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2825| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2826| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2827| [112625] Apache POI up to 3.16 Loop denial of service
2828| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2829| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2830| [112339] Apache NiFi 1.5.0 Header privilege escalation
2831| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2832| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2833| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2834| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2835| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2836| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2837| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2838| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2839| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2840| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2841| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2842| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2843| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2844| [112114] Oracle 9.1 Apache Log4j privilege escalation
2845| [112113] Oracle 9.1 Apache Log4j privilege escalation
2846| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2847| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2848| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2849| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2850| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2851| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2852| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2853| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2854| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2855| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2856| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2857| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2858| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2859| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2860| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2861| [110701] Apache Fineract Query Parameter sql injection
2862| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2863| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2864| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2865| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2866| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2867| [110106] Apache CXF Fediz Spring cross site request forgery
2868| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2869| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2870| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2871| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2872| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2873| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2874| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2875| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2876| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2877| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2878| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2879| [108938] Apple macOS up to 10.13.1 apache denial of service
2880| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2881| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2882| [108935] Apple macOS up to 10.13.1 apache denial of service
2883| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2884| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2885| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2886| [108931] Apple macOS up to 10.13.1 apache denial of service
2887| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2888| [108929] Apple macOS up to 10.13.1 apache denial of service
2889| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2890| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2891| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2892| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2893| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2894| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2895| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2896| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2897| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2898| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2899| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2900| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2901| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2902| [108782] Apache Xerces2 XML Service denial of service
2903| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2904| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2905| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2906| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2907| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2908| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2909| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2910| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2911| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2912| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2913| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2914| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2915| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2916| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2917| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2918| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2919| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2920| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2921| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2922| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2923| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2924| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2925| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2926| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2927| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2928| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2929| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2930| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2931| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2932| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2933| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2934| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2935| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2936| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2937| [107639] Apache NiFi 1.4.0 XML External Entity
2938| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2939| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2940| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2941| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2942| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2943| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2944| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2945| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2946| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2947| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2948| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2949| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2950| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2951| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2952| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2953| [107084] Apache Struts up to 2.3.19 cross site scripting
2954| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2955| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2956| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2957| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2958| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2959| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2960| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2961| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2962| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2963| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2964| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2965| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2966| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2967| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2968| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2969| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2970| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2971| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2972| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2973| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2974| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2975| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2976| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2977| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2978| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2979| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2980| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2981| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2982| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2983| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2984| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2985| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2986| [105643] Apache Pony Mail up to 0.8b weak authentication
2987| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2988| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2989| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2990| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2991| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2992| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2993| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2994| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2995| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2996| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2997| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2998| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2999| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3000| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3001| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3002| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3003| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3004| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3005| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3006| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3007| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3008| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3009| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3010| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3011| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3012| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3013| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3014| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3015| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3016| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3017| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3018| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3019| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3020| [103690] Apache OpenMeetings 1.0.0 sql injection
3021| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3022| [103688] Apache OpenMeetings 1.0.0 weak encryption
3023| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3024| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3025| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3026| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3027| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3028| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3029| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3030| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3031| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3032| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3033| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3034| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3035| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3036| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3037| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3038| [103352] Apache Solr Node weak authentication
3039| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3040| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3041| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3042| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
3043| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3044| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3045| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3046| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3047| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3048| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3049| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3050| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3051| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3052| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3053| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3054| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3055| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3056| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3057| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3058| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
3059| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3060| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3061| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3062| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3063| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3064| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3065| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3066| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3067| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3068| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3069| [99937] Apache Batik up to 1.8 privilege escalation
3070| [99936] Apache FOP up to 2.1 privilege escalation
3071| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3072| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3073| [99930] Apache Traffic Server up to 6.2.0 denial of service
3074| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3075| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3076| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3077| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3078| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3079| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3080| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3081| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3082| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3083| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3084| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3085| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3086| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3087| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3088| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3089| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3090| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3091| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3092| [98605] Apple macOS up to 10.12.3 Apache denial of service
3093| [98604] Apple macOS up to 10.12.3 Apache denial of service
3094| [98603] Apple macOS up to 10.12.3 Apache denial of service
3095| [98602] Apple macOS up to 10.12.3 Apache denial of service
3096| [98601] Apple macOS up to 10.12.3 Apache denial of service
3097| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3098| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3099| [98199] Apache Camel Validation XML External Entity
3100| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3101| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3102| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3103| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3104| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3105| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3106| [97081] Apache Tomcat HTTPS Request denial of service
3107| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3108| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3109| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3110| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3111| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3112| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3113| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3114| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3115| [95311] Apache Storm UI Daemon privilege escalation
3116| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3117| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3118| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3119| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3120| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3121| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3122| [94540] Apache Tika 1.9 tika-server File information disclosure
3123| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3124| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3125| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3126| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3127| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3128| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3129| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3130| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3131| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3132| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3133| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3134| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3135| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3136| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3137| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3138| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3139| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3140| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3141| [93532] Apache Commons Collections Library Java privilege escalation
3142| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3143| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3144| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3145| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3146| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3147| [93098] Apache Commons FileUpload privilege escalation
3148| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3149| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3150| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3151| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3152| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3153| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3154| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3155| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3156| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3157| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3158| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3159| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3160| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3161| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3162| [92549] Apache Tomcat on Red Hat privilege escalation
3163| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3164| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3165| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3166| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3167| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3168| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3169| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3170| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3171| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3172| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3173| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3174| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3175| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3176| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3177| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3178| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3179| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3180| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3181| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3182| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3183| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3184| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3185| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3186| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3187| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3188| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3189| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
3190| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
3191| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
3192| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
3193| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
3194| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
3195| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
3196| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
3197| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
3198| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
3199| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
3200| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
3201| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
3202| [90263] Apache Archiva Header denial of service
3203| [90262] Apache Archiva Deserialize privilege escalation
3204| [90261] Apache Archiva XML DTD Connection privilege escalation
3205| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
3206| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3207| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
3208| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
3209| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3210| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3211| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
3212| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
3213| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
3214| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
3215| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
3216| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
3217| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
3218| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
3219| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
3220| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
3221| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
3222| [87765] Apache James Server 2.3.2 Command privilege escalation
3223| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
3224| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
3225| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
3226| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
3227| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
3228| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
3229| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
3230| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
3231| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
3232| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3233| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3234| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
3235| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
3236| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
3237| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3238| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3239| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
3240| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
3241| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
3242| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
3243| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
3244| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
3245| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
3246| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
3247| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
3248| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
3249| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
3250| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
3251| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
3252| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
3253| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
3254| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
3255| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
3256| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
3257| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
3258| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
3259| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
3260| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
3261| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
3262| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
3263| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
3264| [82076] Apache Ranger up to 0.5.1 privilege escalation
3265| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
3266| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
3267| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
3268| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
3269| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
3270| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
3271| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
3272| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
3273| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
3274| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
3275| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
3276| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
3277| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3278| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3279| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
3280| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
3281| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
3282| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
3283| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
3284| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
3285| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
3286| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
3287| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
3288| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
3289| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
3290| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
3291| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
3292| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
3293| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
3294| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
3295| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
3296| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
3297| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
3298| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
3299| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
3300| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
3301| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
3302| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
3303| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
3304| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3305| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3306| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3307| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3308| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3309| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3310| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3311| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3312| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3313| [78989] Apache Ambari up to 2.1.1 Open Redirect
3314| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3315| [78987] Apache Ambari up to 2.0.x cross site scripting
3316| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3317| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3318| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3319| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3320| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3321| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3322| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3323| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3324| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3325| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3326| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
3327| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
3328| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
3329| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
3330| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
3331| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
3332| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
3333| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
3334| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
3335| [76567] Apache Struts 2.3.20 unknown vulnerability
3336| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
3337| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
3338| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3339| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
3340| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
3341| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
3342| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
3343| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
3344| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
3345| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
3346| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
3347| [74793] Apache Tomcat File Upload denial of service
3348| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
3349| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
3350| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
3351| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
3352| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
3353| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
3354| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
3355| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
3356| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
3357| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
3358| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
3359| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
3360| [74468] Apache Batik up to 1.6 denial of service
3361| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
3362| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
3363| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3364| [74174] Apache WSS4J up to 2.0.0 privilege escalation
3365| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
3366| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
3367| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
3368| [73731] Apache XML Security unknown vulnerability
3369| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
3370| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
3371| [73593] Apache Traffic Server up to 5.1.0 denial of service
3372| [73511] Apache POI up to 3.10 Deadlock denial of service
3373| [73510] Apache Solr up to 4.3.0 cross site scripting
3374| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
3375| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
3376| [73173] Apache CloudStack Stack-Based unknown vulnerability
3377| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
3378| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
3379| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3380| [72890] Apache Qpid 0.30 unknown vulnerability
3381| [72887] Apache Hive 0.13.0 File Permission privilege escalation
3382| [72878] Apache Cordova 3.5.0 cross site request forgery
3383| [72877] Apache Cordova 3.5.0 cross site request forgery
3384| [72876] Apache Cordova 3.5.0 cross site request forgery
3385| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3386| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
3387| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
3388| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
3389| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3390| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3391| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
3392| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
3393| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
3394| [71629] Apache Axis2/C spoofing
3395| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
3396| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
3397| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
3398| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
3399| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
3400| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
3401| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
3402| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
3403| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
3404| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
3405| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
3406| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
3407| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
3408| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
3409| [70809] Apache POI up to 3.11 Crash denial of service
3410| [70808] Apache POI up to 3.10 unknown vulnerability
3411| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
3412| [70749] Apache Axis up to 1.4 getCN spoofing
3413| [70701] Apache Traffic Server up to 3.3.5 denial of service
3414| [70700] Apache OFBiz up to 12.04.03 cross site scripting
3415| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
3416| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
3417| [70661] Apache Subversion up to 1.6.17 denial of service
3418| [70660] Apache Subversion up to 1.6.17 spoofing
3419| [70659] Apache Subversion up to 1.6.17 spoofing
3420| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
3421| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
3422| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
3423| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
3424| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
3425| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
3426| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
3427| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
3428| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
3429| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
3430| [69846] Apache HBase up to 0.94.8 information disclosure
3431| [69783] Apache CouchDB up to 1.2.0 memory corruption
3432| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
3433| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3434| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3435| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
3436| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3437| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3438| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3439| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3440| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3441| [69431] Apache Archiva up to 1.3.6 cross site scripting
3442| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3443| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3444| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3445| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3446| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3447| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3448| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3449| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3450| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3451| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3452| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3453| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3454| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3455| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3456| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3457| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3458| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3459| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3460| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3461| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3462| [66356] Apache Wicket up to 6.8.0 information disclosure
3463| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3464| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3465| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3466| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3467| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3468| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3469| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3470| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3471| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3472| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3473| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3474| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3475| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3476| [65668] Apache Solr 4.0.0 Updater denial of service
3477| [65665] Apache Solr up to 4.3.0 denial of service
3478| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3479| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3480| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3481| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3482| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3483| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3484| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3485| [65410] Apache Struts 2.3.15.3 cross site scripting
3486| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3487| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3488| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3489| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3490| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3491| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3492| [65340] Apache Shindig 2.5.0 information disclosure
3493| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3494| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3495| [10826] Apache Struts 2 File privilege escalation
3496| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3497| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3498| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3499| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3500| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3501| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3502| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3503| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3504| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3505| [64722] Apache XML Security for C++ Heap-based memory corruption
3506| [64719] Apache XML Security for C++ Heap-based memory corruption
3507| [64718] Apache XML Security for C++ verify denial of service
3508| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3509| [64716] Apache XML Security for C++ spoofing
3510| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3511| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3512| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3513| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3514| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3515| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3516| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3517| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3518| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3519| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3520| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3521| [64467] Apache Geronimo 3.0 memory corruption
3522| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3523| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3524| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3525| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3526| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3527| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3528| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3529| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3530| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3531| [8873] Apache Struts 2.3.14 privilege escalation
3532| [8872] Apache Struts 2.3.14 privilege escalation
3533| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3534| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3535| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3536| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3537| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3538| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3539| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3540| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3541| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3542| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3543| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3544| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3545| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3546| [8427] Apache Tomcat Session Transaction weak authentication
3547| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3548| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3549| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3550| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3551| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3552| [63747] Apache Rave up to 0.20 User Account information disclosure
3553| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3554| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3555| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3556| [7687] Apache CXF up to 2.7.2 Token weak authentication
3557| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3558| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3559| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3560| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3561| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3562| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3563| [63090] Apache Tomcat up to 4.1.24 denial of service
3564| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3565| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3566| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3567| [62833] Apache CXF -/2.6.0 spoofing
3568| [62832] Apache Axis2 up to 1.6.2 spoofing
3569| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3570| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3571| [62826] Apache Libcloud up to 0.11.0 spoofing
3572| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3573| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3574| [62661] Apache Axis2 unknown vulnerability
3575| [62658] Apache Axis2 unknown vulnerability
3576| [62467] Apache Qpid up to 0.17 denial of service
3577| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3578| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3579| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3580| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3581| [62035] Apache Struts up to 2.3.4 denial of service
3582| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3583| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3584| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3585| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3586| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3587| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3588| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3589| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3590| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3591| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3592| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3593| [61229] Apache Sling up to 2.1.1 denial of service
3594| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3595| [61094] Apache Roller up to 5.0 cross site scripting
3596| [61093] Apache Roller up to 5.0 cross site request forgery
3597| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3598| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3599| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3600| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3601| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3602| [60708] Apache Qpid 0.12 unknown vulnerability
3603| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3604| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3605| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3606| [4882] Apache Wicket up to 1.5.4 directory traversal
3607| [4881] Apache Wicket up to 1.4.19 cross site scripting
3608| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3609| [60352] Apache Struts up to 2.2.3 memory corruption
3610| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3611| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3612| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3613| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3614| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3615| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3616| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3617| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3618| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3619| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3620| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3621| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3622| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3623| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3624| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3625| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3626| [59888] Apache Tomcat up to 6.0.6 denial of service
3627| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3628| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3629| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3630| [59850] Apache Geronimo up to 2.2.1 denial of service
3631| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3632| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3633| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3634| [58413] Apache Tomcat up to 6.0.10 spoofing
3635| [58381] Apache Wicket up to 1.4.17 cross site scripting
3636| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3637| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3638| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3639| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3640| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3641| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3642| [57568] Apache Archiva up to 1.3.4 cross site scripting
3643| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3644| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3645| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3646| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3647| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3648| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3649| [57025] Apache Tomcat up to 7.0.11 information disclosure
3650| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3651| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3652| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3653| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3654| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3655| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3656| [56512] Apache Continuum up to 1.4.0 cross site scripting
3657| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3658| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3659| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3660| [56441] Apache Tomcat up to 7.0.6 denial of service
3661| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3662| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3663| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3664| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3665| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3666| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3667| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3668| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3669| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3670| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3671| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3672| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3673| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3674| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3675| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3676| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3677| [54012] Apache Tomcat up to 6.0.10 denial of service
3678| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3679| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3680| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3681| [52894] Apache Tomcat up to 6.0.7 information disclosure
3682| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3683| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3684| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3685| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3686| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3687| [52584] Apache CouchDB up to 0.10.1 information disclosure
3688| [51757] Apache HTTP Server 2.0.44 cross site scripting
3689| [51756] Apache HTTP Server 2.0.44 spoofing
3690| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3691| [51690] Apache Tomcat up to 6.0 directory traversal
3692| [51689] Apache Tomcat up to 6.0 information disclosure
3693| [51688] Apache Tomcat up to 6.0 directory traversal
3694| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3695| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3696| [50626] Apache Solr 1.0.0 cross site scripting
3697| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3698| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3699| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3700| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3701| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3702| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3703| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3704| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3705| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3706| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3707| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3708| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3709| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3710| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3711| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3712| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3713| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3714| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3715| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3716| [47214] Apachefriends xampp 1.6.8 spoofing
3717| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3718| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3719| [47065] Apache Tomcat 4.1.23 cross site scripting
3720| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3721| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3722| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3723| [86625] Apache Struts directory traversal
3724| [44461] Apache Tomcat up to 5.5.0 information disclosure
3725| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3726| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3727| [43663] Apache Tomcat up to 6.0.16 directory traversal
3728| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3729| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3730| [43516] Apache Tomcat up to 4.1.20 directory traversal
3731| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3732| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3733| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3734| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3735| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3736| [40924] Apache Tomcat up to 6.0.15 information disclosure
3737| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3738| [40922] Apache Tomcat up to 6.0 information disclosure
3739| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3740| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3741| [40656] Apache Tomcat 5.5.20 information disclosure
3742| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3743| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3744| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3745| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3746| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3747| [40234] Apache Tomcat up to 6.0.15 directory traversal
3748| [40221] Apache HTTP Server 2.2.6 information disclosure
3749| [40027] David Castro Apache Authcas 0.4 sql injection
3750| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3751| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3752| [3414] Apache Tomcat WebDAV Stored privilege escalation
3753| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3754| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3755| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3756| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3757| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3758| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3759| [38524] Apache Geronimo 2.0 unknown vulnerability
3760| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3761| [38331] Apache Tomcat 4.1.24 information disclosure
3762| [38330] Apache Tomcat 4.1.24 information disclosure
3763| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3764| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3765| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3766| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3767| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3768| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3769| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3770| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3771| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3772| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3773| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3774| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3775| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3776| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3777| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3778| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3779| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3780| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3781| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3782| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3783| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3784| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3785| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3786| [34252] Apache HTTP Server denial of service
3787| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3788| [33877] Apache Opentaps 0.9.3 cross site scripting
3789| [33876] Apache Open For Business Project unknown vulnerability
3790| [33875] Apache Open For Business Project cross site scripting
3791| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3792| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3793|
3794| MITRE CVE - https://cve.mitre.org:
3795| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3796| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3797| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3798| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3799| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3800| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3801| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3802| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3803| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3804| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3805| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3806| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3807| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3808| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3809| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3810| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3811| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3812| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3813| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3814| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3815| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3816| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3817| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3818| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3819| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3820| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3821| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3822| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3823| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3824| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3825| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3826| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3827| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3828| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3829| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3830| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3831| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3832| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3833| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3834| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3835| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3836| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3837| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3838| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3839| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3840| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3841| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3842| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3843| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3844| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3845| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3846| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3847| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3848| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3849| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3850| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3851| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3852| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3853| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3854| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3855| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3856| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3857| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3858| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3859| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3860| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3861| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3862| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3863| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3864| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3865| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3866| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3867| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3868| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3869| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3870| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3871| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3872| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3873| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3874| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3875| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3876| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3877| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3878| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3879| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3880| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3881| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3882| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3883| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3884| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3885| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3886| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3887| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3888| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3889| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3890| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3891| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3892| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3893| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3894| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3895| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3896| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3897| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3898| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3899| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3900| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3901| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3902| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3903| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3904| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3905| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3906| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3907| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3908| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3909| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3910| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3911| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3912| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3913| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3914| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3915| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3916| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3917| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3918| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3919| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3920| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3921| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3922| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3923| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3924| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3925| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3926| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3927| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3928| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3929| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3930| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3931| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3932| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3933| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3934| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3935| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3936| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3937| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3938| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3939| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3940| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3941| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3942| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3943| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3944| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3945| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3946| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3947| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3948| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3949| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3950| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3951| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3952| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3953| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3954| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3955| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3956| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3957| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3958| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3959| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3960| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3961| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3962| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3963| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3964| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3965| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3966| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3967| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3968| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3969| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3970| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3971| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3972| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3973| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3974| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3975| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3976| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3977| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3978| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3979| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3980| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3981| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3982| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3983| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3984| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3985| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3986| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3987| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3988| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3989| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3990| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3991| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3992| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3993| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3994| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3995| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3996| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3997| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3998| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3999| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4000| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4001| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4002| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4003| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4004| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4005| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4006| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4007| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4008| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4009| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4010| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4011| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4012| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4013| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4014| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4015| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4016| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4017| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4018| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4019| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4020| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4021| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4022| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4023| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4024| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4025| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4026| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4027| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4028| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4029| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4030| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4031| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4032| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4033| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4034| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4035| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4036| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4037| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4038| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4039| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4040| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4041| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4042| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4043| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4044| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4045| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4046| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4047| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4048| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4049| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4050| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4051| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4052| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4053| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4054| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4055| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4056| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4057| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4058| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4059| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4060| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4061| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4062| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4063| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4064| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4065| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4066| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4067| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4068| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4069| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4070| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4071| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4072| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4073| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4074| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4075| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4076| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4077| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4078| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4079| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4080| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4081| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4082| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4083| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4084| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4085| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4086| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4087| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4088| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4089| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4090| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4091| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4092| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4093| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4094| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4095| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4096| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4097| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4098| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4099| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4100| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4101| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4102| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4103| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4104| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4105| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4106| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4107| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4108| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4109| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4110| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4111| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4112| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4113| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4114| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4115| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4116| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4117| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4118| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4119| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4120| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4121| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4122| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4123| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4124| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4125| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4126| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4127| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4128| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4129| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4130| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4131| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4132| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4133| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4134| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4135| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4136| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4137| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4138| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4139| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4140| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4141| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4142| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4143| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4144| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4145| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4146| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4147| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4148| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4149| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4150| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4151| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4152| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4153| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4154| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4155| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4156| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4157| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4158| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4159| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4160| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4161| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4162| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4163| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4164| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4165| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4166| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4167| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4168| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4169| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4170| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4171| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4172| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4173| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4174| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4175| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4176| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4177| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4178| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4179| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4180| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4181| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4182| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4183| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4184| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4185| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4186| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4187| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4188| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4189| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
4190| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4191| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4192| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
4193| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
4194| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
4195| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
4196| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
4197| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
4198| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4199| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
4200| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
4201| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4202| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
4203| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
4204| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
4205| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
4206| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
4207| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4208| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
4209| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
4210| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
4211| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
4212| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4213| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4214| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
4215| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
4216| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
4217| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4218| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
4219| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
4220| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
4221| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
4222| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4223| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
4224| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
4225| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4226| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
4227| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
4228| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
4229| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
4230| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
4231| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4232| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
4233| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
4234| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
4235| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
4236| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4237| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4238| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4239| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4240| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
4241| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
4242| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
4243| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
4244| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4245| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4246| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
4247| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
4248| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4249| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4250| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4251| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
4252| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
4253| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
4254| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
4255| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4256| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4257| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
4258| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
4259| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
4260| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4261| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4262| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
4263| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
4264| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
4265| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
4266| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
4267| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4268| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
4269| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
4270| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
4271| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4272| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
4273| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
4274| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
4275| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
4276| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
4277| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
4278| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
4279| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
4280| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4281| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
4282| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4283| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4284| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
4285| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
4286| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
4287| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
4288| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4289| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4290| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
4291| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4292| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
4293| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
4294| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
4295| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
4296| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4297| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
4298| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
4299| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
4300| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
4301| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4302| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
4303| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
4304| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4305| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4306| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4307| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4308| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4309| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4310| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4311| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4312| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4313| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4314| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4315| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4316| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4317| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4318| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4319| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4320| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4321| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4322| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4323| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4324| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4325| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4326| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
4327| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
4328| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4329| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4330| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4331| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
4332| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4333| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4334| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4335| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4336| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4337| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
4338| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4339| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4340| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4341| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
4342| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
4343| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
4344| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
4345| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
4346| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4347| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4348| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
4349| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
4350| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
4351| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4352| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
4353| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4354| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
4355| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
4356| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4357| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4358| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4359| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4360| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
4361| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
4362| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4363| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4364| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
4365| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4366| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
4367| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
4368| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
4369| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
4370| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
4371| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4372| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
4373| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
4374| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
4375| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
4376| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4377| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
4378| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
4379| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
4380| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
4381| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4382| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
4383| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
4384| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
4385| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
4386| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
4387| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
4388| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
4389| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
4390| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
4391| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4392| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4393| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
4394| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
4395| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4396| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
4397| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
4398| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4399| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
4400| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4401| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
4402| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
4403| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
4404|
4405| SecurityFocus - https://www.securityfocus.com/bid/:
4406| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
4407| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
4408| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
4409| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
4410| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
4411| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
4412| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
4413| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
4414| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
4415| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
4416| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
4417| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
4418| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
4419| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
4420| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
4421| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
4422| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
4423| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
4424| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
4425| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
4426| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
4427| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
4428| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4429| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4430| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4431| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4432| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4433| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4434| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4435| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4436| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4437| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4438| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4439| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4440| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4441| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4442| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4443| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4444| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4445| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4446| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4447| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4448| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4449| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4450| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4451| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4452| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4453| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4454| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4455| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4456| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4457| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4458| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4459| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4460| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4461| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4462| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4463| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4464| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4465| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4466| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4467| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4468| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4469| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4470| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4471| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4472| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4473| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4474| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4475| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4476| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4477| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4478| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4479| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4480| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4481| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4482| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4483| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4484| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4485| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4486| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4487| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4488| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4489| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4490| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4491| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4492| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4493| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4494| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4495| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4496| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4497| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4498| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4499| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4500| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4501| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4502| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4503| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4504| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4505| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4506| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4507| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4508| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4509| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4510| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4511| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4512| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4513| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4514| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4515| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4516| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4517| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4518| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4519| [100447] Apache2Triad Multiple Security Vulnerabilities
4520| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4521| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4522| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4523| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4524| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4525| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4526| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4527| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4528| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4529| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4530| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4531| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4532| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4533| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4534| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4535| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4536| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4537| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4538| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4539| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4540| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4541| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4542| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4543| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4544| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4545| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4546| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4547| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4548| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4549| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4550| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4551| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4552| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4553| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4554| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4555| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4556| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4557| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4558| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4559| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4560| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4561| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4562| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4563| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4564| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4565| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4566| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4567| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4568| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4569| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4570| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4571| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4572| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4573| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4574| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4575| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4576| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4577| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4578| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4579| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4580| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4581| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4582| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4583| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4584| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4585| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4586| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4587| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4588| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4589| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4590| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4591| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4592| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4593| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4594| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4595| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4596| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4597| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4598| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4599| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4600| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4601| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4602| [95675] Apache Struts Remote Code Execution Vulnerability
4603| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4604| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4605| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4606| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4607| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4608| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4609| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4610| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4611| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4612| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4613| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4614| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4615| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4616| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4617| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4618| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4619| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4620| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4621| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4622| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4623| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4624| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4625| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4626| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4627| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4628| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4629| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4630| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4631| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4632| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4633| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4634| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4635| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4636| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4637| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4638| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4639| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4640| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4641| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4642| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4643| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4644| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4645| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4646| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4647| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4648| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4649| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4650| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4651| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4652| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4653| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4654| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4655| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4656| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4657| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4658| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4659| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4660| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4661| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4662| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4663| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4664| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4665| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4666| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4667| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4668| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4669| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4670| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4671| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4672| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4673| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4674| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4675| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4676| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4677| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4678| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4679| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4680| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4681| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4682| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4683| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4684| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4685| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4686| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4687| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4688| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4689| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4690| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4691| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4692| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4693| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4694| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4695| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4696| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4697| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4698| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4699| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4700| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4701| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4702| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4703| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4704| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4705| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4706| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4707| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4708| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4709| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4710| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4711| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4712| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4713| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4714| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4715| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4716| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4717| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4718| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4719| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4720| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4721| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4722| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4723| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4724| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4725| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4726| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4727| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4728| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4729| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4730| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4731| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4732| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4733| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4734| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4735| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4736| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4737| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4738| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4739| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4740| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4741| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4742| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4743| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4744| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4745| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4746| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4747| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4748| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4749| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4750| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4751| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4752| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4753| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4754| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4755| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4756| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4757| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4758| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4759| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4760| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4761| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4762| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4763| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4764| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4765| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4766| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4767| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4768| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4769| [76933] Apache James Server Unspecified Command Execution Vulnerability
4770| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4771| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4772| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4773| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4774| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4775| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4776| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4777| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4778| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4779| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4780| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4781| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4782| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4783| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4784| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4785| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4786| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4787| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4788| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4789| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4790| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4791| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4792| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4793| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4794| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4795| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4796| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4797| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4798| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4799| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4800| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4801| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4802| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4803| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4804| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4805| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4806| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4807| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4808| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4809| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4810| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4811| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4812| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4813| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4814| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4815| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4816| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4817| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4818| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4819| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4820| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4821| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4822| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4823| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4824| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4825| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4826| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4827| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4828| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4829| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4830| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4831| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4832| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4833| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4834| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4835| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4836| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4837| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4838| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4839| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4840| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4841| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4842| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4843| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4844| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4845| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4846| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4847| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4848| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4849| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4850| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4851| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4852| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4853| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4854| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4855| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4856| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4857| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4858| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4859| [68229] Apache Harmony PRNG Entropy Weakness
4860| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4861| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4862| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4863| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4864| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4865| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4866| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4867| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4868| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4869| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4870| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4871| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4872| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4873| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4874| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4875| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4876| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4877| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4878| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4879| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4880| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4881| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4882| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4883| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4884| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4885| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4886| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4887| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4888| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4889| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4890| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4891| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4892| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4893| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4894| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4895| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4896| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4897| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4898| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4899| [64780] Apache CloudStack Unauthorized Access Vulnerability
4900| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4901| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4902| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4903| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4904| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4905| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4906| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4907| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4908| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4909| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4910| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4911| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4912| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4913| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4914| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4915| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4916| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4917| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4918| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4919| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4920| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4921| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4922| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4923| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4924| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4925| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4926| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4927| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4928| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4929| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4930| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4931| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4932| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4933| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4934| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4935| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4936| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4937| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4938| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4939| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4940| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4941| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4942| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4943| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4944| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4945| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4946| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4947| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4948| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4949| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4950| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4951| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4952| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4953| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4954| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4955| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4956| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4957| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4958| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4959| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4960| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4961| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4962| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4963| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4964| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4965| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4966| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4967| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4968| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4969| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4970| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4971| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4972| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4973| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4974| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4975| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4976| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4977| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4978| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4979| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4980| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4981| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4982| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4983| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4984| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4985| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4986| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4987| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4988| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4989| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4990| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4991| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4992| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4993| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4994| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4995| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4996| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4997| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4998| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4999| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5000| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5001| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5002| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5003| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5004| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5005| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5006| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5007| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5008| [54798] Apache Libcloud Man In The Middle Vulnerability
5009| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5010| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5011| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5012| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5013| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5014| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5015| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5016| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5017| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5018| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5019| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5020| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5021| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5022| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5023| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5024| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5025| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5026| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5027| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5028| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5029| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5030| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5031| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5032| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5033| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5034| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5035| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5036| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5037| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5038| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5039| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5040| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5041| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5042| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5043| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5044| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5045| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5046| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5047| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5048| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5049| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5050| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5051| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5052| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5053| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5054| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5055| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5056| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5057| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5058| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5059| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5060| [49290] Apache Wicket Cross Site Scripting Vulnerability
5061| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5062| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5063| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5064| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5065| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5066| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5067| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5068| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5069| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5070| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5071| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5072| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5073| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5074| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5075| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5076| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5077| [46953] Apache MPM-ITK Module Security Weakness
5078| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5079| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5080| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5081| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5082| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5083| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5084| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5085| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5086| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5087| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5088| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5089| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5090| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5091| [44616] Apache Shiro Directory Traversal Vulnerability
5092| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5093| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5094| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5095| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5096| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5097| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5098| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5099| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5100| [42492] Apache CXF XML DTD Processing Security Vulnerability
5101| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5102| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5103| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5104| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5105| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5106| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5107| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5108| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5109| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5110| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5111| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5112| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5113| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5114| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5115| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5116| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5117| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5118| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5119| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5120| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5121| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5122| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5123| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5124| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5125| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5126| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5127| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5128| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5129| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5130| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5131| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5132| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5133| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5134| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5135| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5136| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5137| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5138| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5139| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5140| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5141| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5142| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5143| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5144| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5145| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5146| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5147| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5148| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5149| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5150| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5151| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5152| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5153| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5154| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5155| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5156| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5157| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5158| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5159| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5160| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5161| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5162| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5163| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5164| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5165| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5166| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5167| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5168| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5169| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5170| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5171| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5172| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5173| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5174| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5175| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5176| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5177| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5178| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5179| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5180| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5181| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5182| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5183| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5184| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5185| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5186| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5187| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5188| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5189| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
5190| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
5191| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
5192| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
5193| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
5194| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5195| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5196| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
5197| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
5198| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
5199| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5200| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
5201| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5202| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
5203| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5204| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
5205| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
5206| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5207| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
5208| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
5209| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
5210| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
5211| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
5212| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
5213| [20527] Apache Mod_TCL Remote Format String Vulnerability
5214| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5215| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
5216| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
5217| [19106] Apache Tomcat Information Disclosure Vulnerability
5218| [18138] Apache James SMTP Denial Of Service Vulnerability
5219| [17342] Apache Struts Multiple Remote Vulnerabilities
5220| [17095] Apache Log4Net Denial Of Service Vulnerability
5221| [16916] Apache mod_python FileSession Code Execution Vulnerability
5222| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
5223| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
5224| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
5225| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
5226| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
5227| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
5228| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
5229| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
5230| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
5231| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
5232| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
5233| [15177] PHP Apache 2 Local Denial of Service Vulnerability
5234| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
5235| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
5236| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
5237| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
5238| [14106] Apache HTTP Request Smuggling Vulnerability
5239| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
5240| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
5241| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
5242| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
5243| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
5244| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
5245| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
5246| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
5247| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
5248| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5249| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
5250| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
5251| [11471] Apache mod_include Local Buffer Overflow Vulnerability
5252| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
5253| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
5254| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5255| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
5256| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5257| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
5258| [11094] Apache mod_ssl Denial Of Service Vulnerability
5259| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
5260| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
5261| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
5262| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
5263| [10478] ClueCentral Apache Suexec Patch Security Weakness
5264| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
5265| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
5266| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
5267| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
5268| [9921] Apache Connection Blocking Denial Of Service Vulnerability
5269| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
5270| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5271| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
5272| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
5273| [9733] Apache Cygwin Directory Traversal Vulnerability
5274| [9599] Apache mod_php Global Variables Information Disclosure Weakness
5275| [9590] Apache-SSL Client Certificate Forging Vulnerability
5276| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
5277| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
5278| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
5279| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
5280| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
5281| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5282| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
5283| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5284| [8898] Red Hat Apache Directory Index Default Configuration Error
5285| [8883] Apache Cocoon Directory Traversal Vulnerability
5286| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
5287| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
5288| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
5289| [8707] Apache htpasswd Password Entropy Weakness
5290| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
5291| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
5292| [8226] Apache HTTP Server Multiple Vulnerabilities
5293| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5294| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5295| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5296| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5297| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5298| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
5299| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
5300| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
5301| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
5302| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
5303| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5304| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5305| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5306| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5307| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5308| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5309| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5310| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5311| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5312| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5313| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5314| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5315| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5316| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5317| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5318| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5319| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5320| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5321| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5322| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5323| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5324| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5325| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5326| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5327| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5328| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5329| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
5330| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
5331| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
5332| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
5333| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5334| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
5335| [5485] Apache 2.0 Path Disclosure Vulnerability
5336| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5337| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
5338| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
5339| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
5340| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
5341| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
5342| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
5343| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
5344| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
5345| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
5346| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
5347| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
5348| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
5349| [4437] Apache Error Message Cross-Site Scripting Vulnerability
5350| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
5351| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
5352| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
5353| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
5354| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
5355| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
5356| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
5357| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
5358| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
5359| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
5360| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
5361| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
5362| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5363| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5364| [3596] Apache Split-Logfile File Append Vulnerability
5365| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
5366| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
5367| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
5368| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
5369| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
5370| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
5371| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
5372| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
5373| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
5374| [3169] Apache Server Address Disclosure Vulnerability
5375| [3009] Apache Possible Directory Index Disclosure Vulnerability
5376| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
5377| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
5378| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5379| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
5380| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
5381| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
5382| [2216] Apache Web Server DoS Vulnerability
5383| [2182] Apache /tmp File Race Vulnerability
5384| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
5385| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5386| [1821] Apache mod_cookies Buffer Overflow Vulnerability
5387| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
5388| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
5389| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
5390| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
5391| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
5392| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
5393| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
5394| [1457] Apache::ASP source.asp Example Script Vulnerability
5395| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5396| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
5397|
5398| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5399| [86258] Apache CloudStack text fields cross-site scripting
5400| [85983] Apache Subversion mod_dav_svn module denial of service
5401| [85875] Apache OFBiz UEL code execution
5402| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
5403| [85871] Apache HTTP Server mod_session_dbd unspecified
5404| [85756] Apache Struts OGNL expression command execution
5405| [85755] Apache Struts DefaultActionMapper class open redirect
5406| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
5407| [85574] Apache HTTP Server mod_dav denial of service
5408| [85573] Apache Struts Showcase App OGNL code execution
5409| [85496] Apache CXF denial of service
5410| [85423] Apache Geronimo RMI classloader code execution
5411| [85326] Apache Santuario XML Security for C++ buffer overflow
5412| [85323] Apache Santuario XML Security for Java spoofing
5413| [85319] Apache Qpid Python client SSL spoofing
5414| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
5415| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
5416| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
5417| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
5418| [84952] Apache Tomcat CVE-2012-3544 denial of service
5419| [84763] Apache Struts CVE-2013-2135 security bypass
5420| [84762] Apache Struts CVE-2013-2134 security bypass
5421| [84719] Apache Subversion CVE-2013-2088 command execution
5422| [84718] Apache Subversion CVE-2013-2112 denial of service
5423| [84717] Apache Subversion CVE-2013-1968 denial of service
5424| [84577] Apache Tomcat security bypass
5425| [84576] Apache Tomcat symlink
5426| [84543] Apache Struts CVE-2013-2115 security bypass
5427| [84542] Apache Struts CVE-2013-1966 security bypass
5428| [84154] Apache Tomcat session hijacking
5429| [84144] Apache Tomcat denial of service
5430| [84143] Apache Tomcat information disclosure
5431| [84111] Apache HTTP Server command execution
5432| [84043] Apache Virtual Computing Lab cross-site scripting
5433| [84042] Apache Virtual Computing Lab cross-site scripting
5434| [83782] Apache CloudStack information disclosure
5435| [83781] Apache CloudStack security bypass
5436| [83720] Apache ActiveMQ cross-site scripting
5437| [83719] Apache ActiveMQ denial of service
5438| [83718] Apache ActiveMQ denial of service
5439| [83263] Apache Subversion denial of service
5440| [83262] Apache Subversion denial of service
5441| [83261] Apache Subversion denial of service
5442| [83259] Apache Subversion denial of service
5443| [83035] Apache mod_ruid2 security bypass
5444| [82852] Apache Qpid federation_tag security bypass
5445| [82851] Apache Qpid qpid::framing::Buffer denial of service
5446| [82758] Apache Rave User RPC API information disclosure
5447| [82663] Apache Subversion svn_fs_file_length() denial of service
5448| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5449| [82641] Apache Qpid AMQP denial of service
5450| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5451| [82618] Apache Commons FileUpload symlink
5452| [82360] Apache HTTP Server manager interface cross-site scripting
5453| [82359] Apache HTTP Server hostnames cross-site scripting
5454| [82338] Apache Tomcat log/logdir information disclosure
5455| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5456| [82268] Apache OpenJPA deserialization command execution
5457| [81981] Apache CXF UsernameTokens security bypass
5458| [81980] Apache CXF WS-Security security bypass
5459| [81398] Apache OFBiz cross-site scripting
5460| [81240] Apache CouchDB directory traversal
5461| [81226] Apache CouchDB JSONP code execution
5462| [81225] Apache CouchDB Futon user interface cross-site scripting
5463| [81211] Apache Axis2/C SSL spoofing
5464| [81167] Apache CloudStack DeployVM information disclosure
5465| [81166] Apache CloudStack AddHost API information disclosure
5466| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5467| [80518] Apache Tomcat cross-site request forgery security bypass
5468| [80517] Apache Tomcat FormAuthenticator security bypass
5469| [80516] Apache Tomcat NIO denial of service
5470| [80408] Apache Tomcat replay-countermeasure security bypass
5471| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5472| [80317] Apache Tomcat slowloris denial of service
5473| [79984] Apache Commons HttpClient SSL spoofing
5474| [79983] Apache CXF SSL spoofing
5475| [79830] Apache Axis2/Java SSL spoofing
5476| [79829] Apache Axis SSL spoofing
5477| [79809] Apache Tomcat DIGEST security bypass
5478| [79806] Apache Tomcat parseHeaders() denial of service
5479| [79540] Apache OFBiz unspecified
5480| [79487] Apache Axis2 SAML security bypass
5481| [79212] Apache Cloudstack code execution
5482| [78734] Apache CXF SOAP Action security bypass
5483| [78730] Apache Qpid broker denial of service
5484| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5485| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5486| [78562] Apache mod_pagespeed module security bypass
5487| [78454] Apache Axis2 security bypass
5488| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5489| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5490| [78321] Apache Wicket unspecified cross-site scripting
5491| [78183] Apache Struts parameters denial of service
5492| [78182] Apache Struts cross-site request forgery
5493| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5494| [77987] mod_rpaf module for Apache denial of service
5495| [77958] Apache Struts skill name code execution
5496| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5497| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5498| [77568] Apache Qpid broker security bypass
5499| [77421] Apache Libcloud spoofing
5500| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5501| [77046] Oracle Solaris Apache HTTP Server information disclosure
5502| [76837] Apache Hadoop information disclosure
5503| [76802] Apache Sling CopyFrom denial of service
5504| [76692] Apache Hadoop symlink
5505| [76535] Apache Roller console cross-site request forgery
5506| [76534] Apache Roller weblog cross-site scripting
5507| [76152] Apache CXF elements security bypass
5508| [76151] Apache CXF child policies security bypass
5509| [75983] MapServer for Windows Apache file include
5510| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5511| [75558] Apache POI denial of service
5512| [75545] PHP apache_request_headers() buffer overflow
5513| [75302] Apache Qpid SASL security bypass
5514| [75211] Debian GNU/Linux apache 2 cross-site scripting
5515| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5516| [74871] Apache OFBiz FlexibleStringExpander code execution
5517| [74870] Apache OFBiz multiple cross-site scripting
5518| [74750] Apache Hadoop unspecified spoofing
5519| [74319] Apache Struts XSLTResult.java file upload
5520| [74313] Apache Traffic Server header buffer overflow
5521| [74276] Apache Wicket directory traversal
5522| [74273] Apache Wicket unspecified cross-site scripting
5523| [74181] Apache HTTP Server mod_fcgid module denial of service
5524| [73690] Apache Struts OGNL code execution
5525| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5526| [73100] Apache MyFaces in directory traversal
5527| [73096] Apache APR hash denial of service
5528| [73052] Apache Struts name cross-site scripting
5529| [73030] Apache CXF UsernameToken security bypass
5530| [72888] Apache Struts lastName cross-site scripting
5531| [72758] Apache HTTP Server httpOnly information disclosure
5532| [72757] Apache HTTP Server MPM denial of service
5533| [72585] Apache Struts ParameterInterceptor security bypass
5534| [72438] Apache Tomcat Digest security bypass
5535| [72437] Apache Tomcat Digest security bypass
5536| [72436] Apache Tomcat DIGEST security bypass
5537| [72425] Apache Tomcat parameter denial of service
5538| [72422] Apache Tomcat request object information disclosure
5539| [72377] Apache HTTP Server scoreboard security bypass
5540| [72345] Apache HTTP Server HTTP request denial of service
5541| [72229] Apache Struts ExceptionDelegator command execution
5542| [72089] Apache Struts ParameterInterceptor directory traversal
5543| [72088] Apache Struts CookieInterceptor command execution
5544| [72047] Apache Geronimo hash denial of service
5545| [72016] Apache Tomcat hash denial of service
5546| [71711] Apache Struts OGNL expression code execution
5547| [71654] Apache Struts interfaces security bypass
5548| [71620] Apache ActiveMQ failover denial of service
5549| [71617] Apache HTTP Server mod_proxy module information disclosure
5550| [71508] Apache MyFaces EL security bypass
5551| [71445] Apache HTTP Server mod_proxy security bypass
5552| [71203] Apache Tomcat servlets privilege escalation
5553| [71181] Apache HTTP Server ap_pregsub() denial of service
5554| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5555| [70336] Apache HTTP Server mod_proxy information disclosure
5556| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5557| [69472] Apache Tomcat AJP security bypass
5558| [69396] Apache HTTP Server ByteRange filter denial of service
5559| [69394] Apache Wicket multi window support cross-site scripting
5560| [69176] Apache Tomcat XML information disclosure
5561| [69161] Apache Tomcat jsvc information disclosure
5562| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5563| [68541] Apache Tomcat sendfile information disclosure
5564| [68420] Apache XML Security denial of service
5565| [68238] Apache Tomcat JMX information disclosure
5566| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5567| [67804] Apache Subversion control rules information disclosure
5568| [67803] Apache Subversion control rules denial of service
5569| [67802] Apache Subversion baselined denial of service
5570| [67672] Apache Archiva multiple cross-site scripting
5571| [67671] Apache Archiva multiple cross-site request forgery
5572| [67564] Apache APR apr_fnmatch() denial of service
5573| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5574| [67515] Apache Tomcat annotations security bypass
5575| [67480] Apache Struts s:submit information disclosure
5576| [67414] Apache APR apr_fnmatch() denial of service
5577| [67356] Apache Struts javatemplates cross-site scripting
5578| [67354] Apache Struts Xwork cross-site scripting
5579| [66676] Apache Tomcat HTTP BIO information disclosure
5580| [66675] Apache Tomcat web.xml security bypass
5581| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5582| [66241] Apache HttpComponents information disclosure
5583| [66154] Apache Tomcat ServletSecurity security bypass
5584| [65971] Apache Tomcat ServletSecurity security bypass
5585| [65876] Apache Subversion mod_dav_svn denial of service
5586| [65343] Apache Continuum unspecified cross-site scripting
5587| [65162] Apache Tomcat NIO connector denial of service
5588| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5589| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5590| [65159] Apache Tomcat ServletContect security bypass
5591| [65050] Apache CouchDB web-based administration UI cross-site scripting
5592| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5593| [64473] Apache Subversion blame -g denial of service
5594| [64472] Apache Subversion walk() denial of service
5595| [64407] Apache Axis2 CVE-2010-0219 code execution
5596| [63926] Apache Archiva password privilege escalation
5597| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5598| [63493] Apache Archiva credentials cross-site request forgery
5599| [63477] Apache Tomcat HttpOnly session hijacking
5600| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5601| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5602| [62959] Apache Shiro filters security bypass
5603| [62790] Apache Perl cgi module denial of service
5604| [62576] Apache Qpid exchange denial of service
5605| [62575] Apache Qpid AMQP denial of service
5606| [62354] Apache Qpid SSL denial of service
5607| [62235] Apache APR-util apr_brigade_split_line() denial of service
5608| [62181] Apache XML-RPC SAX Parser information disclosure
5609| [61721] Apache Traffic Server cache poisoning
5610| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5611| [61186] Apache CouchDB Futon cross-site request forgery
5612| [61169] Apache CXF DTD denial of service
5613| [61070] Apache Jackrabbit search.jsp SQL injection
5614| [61006] Apache SLMS Quoting cross-site request forgery
5615| [60962] Apache Tomcat time cross-site scripting
5616| [60883] Apache mod_proxy_http information disclosure
5617| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5618| [60264] Apache Tomcat Transfer-Encoding denial of service
5619| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5620| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5621| [59413] Apache mod_proxy_http timeout information disclosure
5622| [59058] Apache MyFaces unencrypted view state cross-site scripting
5623| [58827] Apache Axis2 xsd file include
5624| [58790] Apache Axis2 modules cross-site scripting
5625| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5626| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5627| [58056] Apache ActiveMQ .jsp source code disclosure
5628| [58055] Apache Tomcat realm name information disclosure
5629| [58046] Apache HTTP Server mod_auth_shadow security bypass
5630| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5631| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5632| [57429] Apache CouchDB algorithms information disclosure
5633| [57398] Apache ActiveMQ Web console cross-site request forgery
5634| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5635| [56653] Apache HTTP Server DNS spoofing
5636| [56652] Apache HTTP Server DNS cross-site scripting
5637| [56625] Apache HTTP Server request header information disclosure
5638| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5639| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5640| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5641| [55857] Apache Tomcat WAR files directory traversal
5642| [55856] Apache Tomcat autoDeploy attribute security bypass
5643| [55855] Apache Tomcat WAR directory traversal
5644| [55210] Intuit component for Joomla! Apache information disclosure
5645| [54533] Apache Tomcat 404 error page cross-site scripting
5646| [54182] Apache Tomcat admin default password
5647| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5648| [53666] Apache HTTP Server Solaris pollset support denial of service
5649| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5650| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5651| [53041] mod_proxy_ftp module for Apache denial of service
5652| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5653| [51953] Apache Tomcat Path Disclosure
5654| [51952] Apache Tomcat Path Traversal
5655| [51951] Apache stronghold-status Information Disclosure
5656| [51950] Apache stronghold-info Information Disclosure
5657| [51949] Apache PHP Source Code Disclosure
5658| [51948] Apache Multiviews Attack
5659| [51946] Apache JServ Environment Status Information Disclosure
5660| [51945] Apache error_log Information Disclosure
5661| [51944] Apache Default Installation Page Pattern Found
5662| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5663| [51942] Apache AXIS XML External Entity File Retrieval
5664| [51941] Apache AXIS Sample Servlet Information Leak
5665| [51940] Apache access_log Information Disclosure
5666| [51626] Apache mod_deflate denial of service
5667| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5668| [51365] Apache Tomcat RequestDispatcher security bypass
5669| [51273] Apache HTTP Server Incomplete Request denial of service
5670| [51195] Apache Tomcat XML information disclosure
5671| [50994] Apache APR-util xml/apr_xml.c denial of service
5672| [50993] Apache APR-util apr_brigade_vprintf denial of service
5673| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5674| [50930] Apache Tomcat j_security_check information disclosure
5675| [50928] Apache Tomcat AJP denial of service
5676| [50884] Apache HTTP Server XML ENTITY denial of service
5677| [50808] Apache HTTP Server AllowOverride privilege escalation
5678| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5679| [50059] Apache mod_proxy_ajp information disclosure
5680| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5681| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5682| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5683| [49921] Apache ActiveMQ Web interface cross-site scripting
5684| [49898] Apache Geronimo Services/Repository directory traversal
5685| [49725] Apache Tomcat mod_jk module information disclosure
5686| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5687| [49712] Apache Struts unspecified cross-site scripting
5688| [49213] Apache Tomcat cal2.jsp cross-site scripting
5689| [48934] Apache Tomcat POST doRead method information disclosure
5690| [48211] Apache Tomcat header HTTP request smuggling
5691| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5692| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5693| [47709] Apache Roller "
5694| [47104] Novell Netware ApacheAdmin console security bypass
5695| [47086] Apache HTTP Server OS fingerprinting unspecified
5696| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5697| [45791] Apache Tomcat RemoteFilterValve security bypass
5698| [44435] Oracle WebLogic Apache Connector buffer overflow
5699| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5700| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5701| [44156] Apache Tomcat RequestDispatcher directory traversal
5702| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5703| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5704| [42987] Apache HTTP Server mod_proxy module denial of service
5705| [42915] Apache Tomcat JSP files path disclosure
5706| [42914] Apache Tomcat MS-DOS path disclosure
5707| [42892] Apache Tomcat unspecified unauthorized access
5708| [42816] Apache Tomcat Host Manager cross-site scripting
5709| [42303] Apache 403 error cross-site scripting
5710| [41618] Apache-SSL ExpandCert() authentication bypass
5711| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5712| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5713| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5714| [40562] Apache Geronimo init information disclosure
5715| [40478] Novell Web Manager webadmin-apache.conf security bypass
5716| [40411] Apache Tomcat exception handling information disclosure
5717| [40409] Apache Tomcat native (APR based) connector weak security
5718| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5719| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5720| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5721| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5722| [39804] Apache Tomcat SingleSignOn information disclosure
5723| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5724| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5725| [39608] Apache HTTP Server balancer manager cross-site request forgery
5726| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5727| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5728| [39472] Apache HTTP Server mod_status cross-site scripting
5729| [39201] Apache Tomcat JULI logging weak security
5730| [39158] Apache HTTP Server Windows SMB shares information disclosure
5731| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5732| [38951] Apache::AuthCAS Perl module cookie SQL injection
5733| [38800] Apache HTTP Server 413 error page cross-site scripting
5734| [38211] Apache Geronimo SQLLoginModule authentication bypass
5735| [37243] Apache Tomcat WebDAV directory traversal
5736| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5737| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5738| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5739| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5740| [36782] Apache Geronimo MEJB unauthorized access
5741| [36586] Apache HTTP Server UTF-7 cross-site scripting
5742| [36468] Apache Geronimo LoginModule security bypass
5743| [36467] Apache Tomcat functions.jsp cross-site scripting
5744| [36402] Apache Tomcat calendar cross-site request forgery
5745| [36354] Apache HTTP Server mod_proxy module denial of service
5746| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5747| [36336] Apache Derby lock table privilege escalation
5748| [36335] Apache Derby schema privilege escalation
5749| [36006] Apache Tomcat "
5750| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5751| [35999] Apache Tomcat \"
5752| [35795] Apache Tomcat CookieExample cross-site scripting
5753| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5754| [35384] Apache HTTP Server mod_cache module denial of service
5755| [35097] Apache HTTP Server mod_status module cross-site scripting
5756| [35095] Apache HTTP Server Prefork MPM module denial of service
5757| [34984] Apache HTTP Server recall_headers information disclosure
5758| [34966] Apache HTTP Server MPM content spoofing
5759| [34965] Apache HTTP Server MPM information disclosure
5760| [34963] Apache HTTP Server MPM multiple denial of service
5761| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5762| [34869] Apache Tomcat JSP example Web application cross-site scripting
5763| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5764| [34496] Apache Tomcat JK Connector security bypass
5765| [34377] Apache Tomcat hello.jsp cross-site scripting
5766| [34212] Apache Tomcat SSL configuration security bypass
5767| [34210] Apache Tomcat Accept-Language cross-site scripting
5768| [34209] Apache Tomcat calendar application cross-site scripting
5769| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5770| [34167] Apache Axis WSDL file path disclosure
5771| [34068] Apache Tomcat AJP connector information disclosure
5772| [33584] Apache HTTP Server suEXEC privilege escalation
5773| [32988] Apache Tomcat proxy module directory traversal
5774| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5775| [32708] Debian Apache tty privilege escalation
5776| [32441] ApacheStats extract() PHP call unspecified
5777| [32128] Apache Tomcat default account
5778| [31680] Apache Tomcat RequestParamExample cross-site scripting
5779| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5780| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5781| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5782| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5783| [29550] Apache mod_tcl set_var() format string
5784| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5785| [28357] Apache HTTP Server mod_alias script source information disclosure
5786| [28063] Apache mod_rewrite off-by-one buffer overflow
5787| [27902] Apache Tomcat URL information disclosure
5788| [26786] Apache James SMTP server denial of service
5789| [25680] libapache2 /tmp/svn file upload
5790| [25614] Apache Struts lookupMap cross-site scripting
5791| [25613] Apache Struts ActionForm denial of service
5792| [25612] Apache Struts isCancelled() security bypass
5793| [24965] Apache mod_python FileSession command execution
5794| [24716] Apache James spooler memory leak denial of service
5795| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5796| [24158] Apache Geronimo jsp-examples cross-site scripting
5797| [24030] Apache auth_ldap module multiple format strings
5798| [24008] Apache mod_ssl custom error message denial of service
5799| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5800| [23612] Apache mod_imap referer field cross-site scripting
5801| [23173] Apache Struts error message cross-site scripting
5802| [22942] Apache Tomcat directory listing denial of service
5803| [22858] Apache Multi-Processing Module code allows denial of service
5804| [22602] RHSA-2005:582 updates for Apache httpd not installed
5805| [22520] Apache mod-auth-shadow "
5806| [22466] ApacheTop symlink
5807| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5808| [22006] Apache HTTP Server byte-range filter denial of service
5809| [21567] Apache mod_ssl off-by-one buffer overflow
5810| [21195] Apache HTTP Server header HTTP request smuggling
5811| [20383] Apache HTTP Server htdigest buffer overflow
5812| [19681] Apache Tomcat AJP12 request denial of service
5813| [18993] Apache HTTP server check_forensic symlink attack
5814| [18790] Apache Tomcat Manager cross-site scripting
5815| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5816| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5817| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5818| [17961] Apache Web server ServerTokens has not been set
5819| [17930] Apache HTTP Server HTTP GET request denial of service
5820| [17785] Apache mod_include module buffer overflow
5821| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5822| [17473] Apache HTTP Server Satisfy directive allows access to resources
5823| [17413] Apache htpasswd buffer overflow
5824| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5825| [17382] Apache HTTP Server IPv6 apr_util denial of service
5826| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5827| [17273] Apache HTTP Server speculative mode denial of service
5828| [17200] Apache HTTP Server mod_ssl denial of service
5829| [16890] Apache HTTP Server server-info request has been detected
5830| [16889] Apache HTTP Server server-status request has been detected
5831| [16705] Apache mod_ssl format string attack
5832| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5833| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5834| [16230] Apache HTTP Server PHP denial of service
5835| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5836| [15958] Apache HTTP Server authentication modules memory corruption
5837| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5838| [15540] Apache HTTP Server socket starvation denial of service
5839| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5840| [15422] Apache HTTP Server mod_access information disclosure
5841| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5842| [15293] Apache for Cygwin "
5843| [15065] Apache-SSL has a default password
5844| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5845| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5846| [14751] Apache Mod_python output filter information disclosure
5847| [14125] Apache HTTP Server mod_userdir module information disclosure
5848| [14075] Apache HTTP Server mod_php file descriptor leak
5849| [13703] Apache HTTP Server account
5850| [13689] Apache HTTP Server configuration allows symlinks
5851| [13688] Apache HTTP Server configuration allows SSI
5852| [13687] Apache HTTP Server Server: header value
5853| [13685] Apache HTTP Server ServerTokens value
5854| [13684] Apache HTTP Server ServerSignature value
5855| [13672] Apache HTTP Server config allows directory autoindexing
5856| [13671] Apache HTTP Server default content
5857| [13670] Apache HTTP Server config file directive references outside content root
5858| [13668] Apache HTTP Server httpd not running in chroot environment
5859| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5860| [13664] Apache HTTP Server config file contains ScriptAlias entry
5861| [13663] Apache HTTP Server CGI support modules loaded
5862| [13661] Apache HTTP Server config file contains AddHandler entry
5863| [13660] Apache HTTP Server 500 error page not CGI script
5864| [13659] Apache HTTP Server 413 error page not CGI script
5865| [13658] Apache HTTP Server 403 error page not CGI script
5866| [13657] Apache HTTP Server 401 error page not CGI script
5867| [13552] Apache HTTP Server mod_cgid module information disclosure
5868| [13550] Apache GET request directory traversal
5869| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5870| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5871| [13429] Apache Tomcat non-HTTP request denial of service
5872| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5873| [13295] Apache weak password encryption
5874| [13254] Apache Tomcat .jsp cross-site scripting
5875| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5876| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5877| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5878| [12662] Apache HTTP Server rotatelogs denial of service
5879| [12554] Apache Tomcat stores password in plain text
5880| [12553] Apache HTTP Server redirects and subrequests denial of service
5881| [12552] Apache HTTP Server FTP proxy server denial of service
5882| [12551] Apache HTTP Server prefork MPM denial of service
5883| [12550] Apache HTTP Server weaker than expected encryption
5884| [12549] Apache HTTP Server type-map file denial of service
5885| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5886| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5887| [12091] Apache HTTP Server apr_password_validate denial of service
5888| [12090] Apache HTTP Server apr_psprintf code execution
5889| [11804] Apache HTTP Server mod_access_referer denial of service
5890| [11750] Apache HTTP Server could leak sensitive file descriptors
5891| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5892| [11703] Apache long slash path allows directory listing
5893| [11695] Apache HTTP Server LF (Line Feed) denial of service
5894| [11694] Apache HTTP Server filestat.c denial of service
5895| [11438] Apache HTTP Server MIME message boundaries information disclosure
5896| [11412] Apache HTTP Server error log terminal escape sequence injection
5897| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5898| [11195] Apache Tomcat web.xml could be used to read files
5899| [11194] Apache Tomcat URL appended with a null character could list directories
5900| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5901| [11126] Apache HTTP Server illegal character file disclosure
5902| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5903| [11124] Apache HTTP Server DOS device name denial of service
5904| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5905| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5906| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5907| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5908| [10499] Apache HTTP Server WebDAV HTTP POST view source
5909| [10457] Apache HTTP Server mod_ssl "
5910| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5911| [10414] Apache HTTP Server htdigest multiple buffer overflows
5912| [10413] Apache HTTP Server htdigest temporary file race condition
5913| [10412] Apache HTTP Server htpasswd temporary file race condition
5914| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5915| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5916| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5917| [10280] Apache HTTP Server shared memory scorecard overwrite
5918| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5919| [10241] Apache HTTP Server Host: header cross-site scripting
5920| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5921| [10208] Apache HTTP Server mod_dav denial of service
5922| [10206] HP VVOS Apache mod_ssl denial of service
5923| [10200] Apache HTTP Server stderr denial of service
5924| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5925| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5926| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5927| [10098] Slapper worm targets OpenSSL/Apache systems
5928| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5929| [9875] Apache HTTP Server .var file request could disclose installation path
5930| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5931| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5932| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5933| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5934| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5935| [9396] Apache Tomcat null character to threads denial of service
5936| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5937| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5938| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5939| [8932] Apache Tomcat example class information disclosure
5940| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5941| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5942| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5943| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5944| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5945| [8400] Apache HTTP Server mod_frontpage buffer overflows
5946| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5947| [8308] Apache "
5948| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5949| [8119] Apache and PHP OPTIONS request reveals "
5950| [8054] Apache is running on the system
5951| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5952| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5953| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5954| [7836] Apache HTTP Server log directory denial of service
5955| [7815] Apache for Windows "
5956| [7810] Apache HTTP request could result in unexpected behavior
5957| [7599] Apache Tomcat reveals installation path
5958| [7494] Apache "
5959| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5960| [7363] Apache Web Server hidden HTTP requests
5961| [7249] Apache mod_proxy denial of service
5962| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5963| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5964| [7059] Apache "
5965| [7057] Apache "
5966| [7056] Apache "
5967| [7055] Apache "
5968| [7054] Apache "
5969| [6997] Apache Jakarta Tomcat error message may reveal information
5970| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5971| [6970] Apache crafted HTTP request could reveal the internal IP address
5972| [6921] Apache long slash path allows directory listing
5973| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5974| [6527] Apache Web Server for Windows and OS2 denial of service
5975| [6316] Apache Jakarta Tomcat may reveal JSP source code
5976| [6305] Apache Jakarta Tomcat directory traversal
5977| [5926] Linux Apache symbolic link
5978| [5659] Apache Web server discloses files when used with php script
5979| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5980| [5204] Apache WebDAV directory listings
5981| [5197] Apache Web server reveals CGI script source code
5982| [5160] Apache Jakarta Tomcat default installation
5983| [5099] Trustix Secure Linux installs Apache with world writable access
5984| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5985| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5986| [4931] Apache source.asp example file allows users to write to files
5987| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5988| [4205] Apache Jakarta Tomcat delivers file contents
5989| [2084] Apache on Debian by default serves the /usr/doc directory
5990| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5991| [697] Apache HTTP server beck exploit
5992| [331] Apache cookies buffer overflow
5993|
5994| Exploit-DB - https://www.exploit-db.com:
5995| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5996| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5997| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5998| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5999| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6000| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6001| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6002| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6003| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6004| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6005| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6006| [29859] Apache Roller OGNL Injection
6007| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6008| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6009| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6010| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6011| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6012| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6013| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6014| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6015| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6016| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6017| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6018| [27096] Apache Geronimo 1.0 Error Page XSS
6019| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6020| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6021| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6022| [25986] Plesk Apache Zeroday Remote Exploit
6023| [25980] Apache Struts includeParams Remote Code Execution
6024| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6025| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6026| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6027| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6028| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6029| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6030| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6031| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6032| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6033| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6034| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6035| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6036| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6037| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6038| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6039| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6040| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6041| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6042| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6043| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6044| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6045| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6046| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6047| [21719] Apache 2.0 Path Disclosure Vulnerability
6048| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6049| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6050| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6051| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6052| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6053| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6054| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6055| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6056| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6057| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6058| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6059| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6060| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6061| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6062| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6063| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6064| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6065| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6066| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6067| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6068| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6069| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6070| [20558] Apache 1.2 Web Server DoS Vulnerability
6071| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6072| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6073| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6074| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6075| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6076| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6077| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6078| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6079| [19231] PHP apache_request_headers Function Buffer Overflow
6080| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6081| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6082| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6083| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6084| [18442] Apache httpOnly Cookie Disclosure
6085| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6086| [18221] Apache HTTP Server Denial of Service
6087| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6088| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6089| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6090| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6091| [16782] Apache Win32 Chunked Encoding
6092| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6093| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6094| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6095| [15319] Apache 2.2 (Windows) Local Denial of Service
6096| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6097| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6098| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6099| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6100| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6101| [12330] Apache OFBiz - Multiple XSS
6102| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6103| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6104| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6105| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6106| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6107| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6108| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6109| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6110| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6111| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6112| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6113| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6114| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6115| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6116| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6117| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6118| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6119| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6120| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6121| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6122| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6123| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6124| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6125| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6126| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6127| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6128| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6129| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6130| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6131| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6132| [466] htpasswd Apache 1.3.31 - Local Exploit
6133| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6134| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6135| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6136| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6137| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6138| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6139| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6140| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6141| [9] Apache HTTP Server 2.x Memory Leak Exploit
6142|
6143| OpenVAS (Nessus) - http://www.openvas.org:
6144| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6145| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6146| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6147| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6148| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6149| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6150| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6151| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6152| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6153| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6154| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6155| [900571] Apache APR-Utils Version Detection
6156| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6157| [900496] Apache Tiles Multiple XSS Vulnerability
6158| [900493] Apache Tiles Version Detection
6159| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6160| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6161| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6162| [870175] RedHat Update for apache RHSA-2008:0004-01
6163| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6164| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6165| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6166| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6167| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6168| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6169| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6170| [855821] Solaris Update for Apache 1.3 122912-19
6171| [855812] Solaris Update for Apache 1.3 122911-19
6172| [855737] Solaris Update for Apache 1.3 122911-17
6173| [855731] Solaris Update for Apache 1.3 122912-17
6174| [855695] Solaris Update for Apache 1.3 122911-16
6175| [855645] Solaris Update for Apache 1.3 122912-16
6176| [855587] Solaris Update for kernel update and Apache 108529-29
6177| [855566] Solaris Update for Apache 116973-07
6178| [855531] Solaris Update for Apache 116974-07
6179| [855524] Solaris Update for Apache 2 120544-14
6180| [855494] Solaris Update for Apache 1.3 122911-15
6181| [855478] Solaris Update for Apache Security 114145-11
6182| [855472] Solaris Update for Apache Security 113146-12
6183| [855179] Solaris Update for Apache 1.3 122912-15
6184| [855147] Solaris Update for kernel update and Apache 108528-29
6185| [855077] Solaris Update for Apache 2 120543-14
6186| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6187| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6188| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6189| [841209] Ubuntu Update for apache2 USN-1627-1
6190| [840900] Ubuntu Update for apache2 USN-1368-1
6191| [840798] Ubuntu Update for apache2 USN-1259-1
6192| [840734] Ubuntu Update for apache2 USN-1199-1
6193| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
6194| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
6195| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
6196| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
6197| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
6198| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
6199| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
6200| [835253] HP-UX Update for Apache Web Server HPSBUX02645
6201| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
6202| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
6203| [835236] HP-UX Update for Apache with PHP HPSBUX02543
6204| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
6205| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
6206| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
6207| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
6208| [835188] HP-UX Update for Apache HPSBUX02308
6209| [835181] HP-UX Update for Apache With PHP HPSBUX02332
6210| [835180] HP-UX Update for Apache with PHP HPSBUX02342
6211| [835172] HP-UX Update for Apache HPSBUX02365
6212| [835168] HP-UX Update for Apache HPSBUX02313
6213| [835148] HP-UX Update for Apache HPSBUX01064
6214| [835139] HP-UX Update for Apache with PHP HPSBUX01090
6215| [835131] HP-UX Update for Apache HPSBUX00256
6216| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
6217| [835104] HP-UX Update for Apache HPSBUX00224
6218| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
6219| [835101] HP-UX Update for Apache HPSBUX01232
6220| [835080] HP-UX Update for Apache HPSBUX02273
6221| [835078] HP-UX Update for ApacheStrong HPSBUX00255
6222| [835044] HP-UX Update for Apache HPSBUX01019
6223| [835040] HP-UX Update for Apache PHP HPSBUX00207
6224| [835025] HP-UX Update for Apache HPSBUX00197
6225| [835023] HP-UX Update for Apache HPSBUX01022
6226| [835022] HP-UX Update for Apache HPSBUX02292
6227| [835005] HP-UX Update for Apache HPSBUX02262
6228| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
6229| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
6230| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
6231| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
6232| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
6233| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
6234| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
6235| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
6236| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
6237| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
6238| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
6239| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
6240| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
6241| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
6242| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
6243| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
6244| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
6245| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
6246| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
6247| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
6248| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
6249| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
6250| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
6251| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
6252| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
6253| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
6254| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
6255| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
6256| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
6257| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
6258| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6259| [801942] Apache Archiva Multiple Vulnerabilities
6260| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
6261| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
6262| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
6263| [801284] Apache Derby Information Disclosure Vulnerability
6264| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
6265| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
6266| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
6267| [800680] Apache APR Version Detection
6268| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6269| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6270| [800677] Apache Roller Version Detection
6271| [800279] Apache mod_jk Module Version Detection
6272| [800278] Apache Struts Cross Site Scripting Vulnerability
6273| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
6274| [800276] Apache Struts Version Detection
6275| [800271] Apache Struts Directory Traversal Vulnerability
6276| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
6277| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6278| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6279| [103122] Apache Web Server ETag Header Information Disclosure Weakness
6280| [103074] Apache Continuum Cross Site Scripting Vulnerability
6281| [103073] Apache Continuum Detection
6282| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6283| [101023] Apache Open For Business Weak Password security check
6284| [101020] Apache Open For Business HTML injection vulnerability
6285| [101019] Apache Open For Business service detection
6286| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
6287| [100923] Apache Archiva Detection
6288| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6289| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6290| [100813] Apache Axis2 Detection
6291| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6292| [100795] Apache Derby Detection
6293| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
6294| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6295| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6296| [100514] Apache Multiple Security Vulnerabilities
6297| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6298| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6299| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6300| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6301| [72626] Debian Security Advisory DSA 2579-1 (apache2)
6302| [72612] FreeBSD Ports: apache22
6303| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
6304| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6305| [71512] FreeBSD Ports: apache
6306| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6307| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6308| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6309| [70737] FreeBSD Ports: apache
6310| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6311| [70600] FreeBSD Ports: apache
6312| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6313| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6314| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6315| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6316| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6317| [67868] FreeBSD Ports: apache
6318| [66816] FreeBSD Ports: apache
6319| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6320| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6321| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6322| [66081] SLES11: Security update for Apache 2
6323| [66074] SLES10: Security update for Apache 2
6324| [66070] SLES9: Security update for Apache 2
6325| [65998] SLES10: Security update for apache2-mod_python
6326| [65893] SLES10: Security update for Apache 2
6327| [65888] SLES10: Security update for Apache 2
6328| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
6329| [65510] SLES9: Security update for Apache 2
6330| [65472] SLES9: Security update for Apache
6331| [65467] SLES9: Security update for Apache
6332| [65450] SLES9: Security update for apache2
6333| [65390] SLES9: Security update for Apache2
6334| [65363] SLES9: Security update for Apache2
6335| [65309] SLES9: Security update for Apache and mod_ssl
6336| [65296] SLES9: Security update for webdav apache module
6337| [65283] SLES9: Security update for Apache2
6338| [65249] SLES9: Security update for Apache 2
6339| [65230] SLES9: Security update for Apache 2
6340| [65228] SLES9: Security update for Apache 2
6341| [65212] SLES9: Security update for apache2-mod_python
6342| [65209] SLES9: Security update for apache2-worker
6343| [65207] SLES9: Security update for Apache 2
6344| [65168] SLES9: Security update for apache2-mod_python
6345| [65142] SLES9: Security update for Apache2
6346| [65136] SLES9: Security update for Apache 2
6347| [65132] SLES9: Security update for apache
6348| [65131] SLES9: Security update for Apache 2 oes/CORE
6349| [65113] SLES9: Security update for apache2
6350| [65072] SLES9: Security update for apache and mod_ssl
6351| [65017] SLES9: Security update for Apache 2
6352| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
6353| [64783] FreeBSD Ports: apache
6354| [64774] Ubuntu USN-802-2 (apache2)
6355| [64653] Ubuntu USN-813-2 (apache2)
6356| [64559] Debian Security Advisory DSA 1834-2 (apache2)
6357| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
6358| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
6359| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
6360| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
6361| [64443] Ubuntu USN-802-1 (apache2)
6362| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
6363| [64423] Debian Security Advisory DSA 1834-1 (apache2)
6364| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
6365| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
6366| [64251] Debian Security Advisory DSA 1816-1 (apache2)
6367| [64201] Ubuntu USN-787-1 (apache2)
6368| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
6369| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
6370| [63565] FreeBSD Ports: apache
6371| [63562] Ubuntu USN-731-1 (apache2)
6372| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
6373| [61185] FreeBSD Ports: apache
6374| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
6375| [60387] Slackware Advisory SSA:2008-045-02 apache
6376| [58826] FreeBSD Ports: apache-tomcat
6377| [58825] FreeBSD Ports: apache-tomcat
6378| [58804] FreeBSD Ports: apache
6379| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
6380| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
6381| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
6382| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
6383| [57335] Debian Security Advisory DSA 1167-1 (apache)
6384| [57201] Debian Security Advisory DSA 1131-1 (apache)
6385| [57200] Debian Security Advisory DSA 1132-1 (apache2)
6386| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
6387| [57145] FreeBSD Ports: apache
6388| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
6389| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
6390| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
6391| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
6392| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
6393| [56067] FreeBSD Ports: apache
6394| [55803] Slackware Advisory SSA:2005-310-04 apache
6395| [55519] Debian Security Advisory DSA 839-1 (apachetop)
6396| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
6397| [55355] FreeBSD Ports: apache
6398| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
6399| [55261] Debian Security Advisory DSA 805-1 (apache2)
6400| [55259] Debian Security Advisory DSA 803-1 (apache)
6401| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
6402| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
6403| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
6404| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
6405| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
6406| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
6407| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
6408| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
6409| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
6410| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
6411| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
6412| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
6413| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
6414| [54439] FreeBSD Ports: apache
6415| [53931] Slackware Advisory SSA:2004-133-01 apache
6416| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
6417| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
6418| [53878] Slackware Advisory SSA:2003-308-01 apache security update
6419| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
6420| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
6421| [53848] Debian Security Advisory DSA 131-1 (apache)
6422| [53784] Debian Security Advisory DSA 021-1 (apache)
6423| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
6424| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
6425| [53735] Debian Security Advisory DSA 187-1 (apache)
6426| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
6427| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
6428| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
6429| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6430| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6431| [53282] Debian Security Advisory DSA 594-1 (apache)
6432| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6433| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6434| [53215] Debian Security Advisory DSA 525-1 (apache)
6435| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6436| [52529] FreeBSD Ports: apache+ssl
6437| [52501] FreeBSD Ports: apache
6438| [52461] FreeBSD Ports: apache
6439| [52390] FreeBSD Ports: apache
6440| [52389] FreeBSD Ports: apache
6441| [52388] FreeBSD Ports: apache
6442| [52383] FreeBSD Ports: apache
6443| [52339] FreeBSD Ports: apache+mod_ssl
6444| [52331] FreeBSD Ports: apache
6445| [52329] FreeBSD Ports: ru-apache+mod_ssl
6446| [52314] FreeBSD Ports: apache
6447| [52310] FreeBSD Ports: apache
6448| [15588] Detect Apache HTTPS
6449| [15555] Apache mod_proxy content-length buffer overflow
6450| [15554] Apache mod_include priviledge escalation
6451| [14771] Apache <= 1.3.33 htpasswd local overflow
6452| [14177] Apache mod_access rule bypass
6453| [13644] Apache mod_rootme Backdoor
6454| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6455| [12280] Apache Connection Blocking Denial of Service
6456| [12239] Apache Error Log Escape Sequence Injection
6457| [12123] Apache Tomcat source.jsp malformed request information disclosure
6458| [12085] Apache Tomcat servlet/JSP container default files
6459| [11438] Apache Tomcat Directory Listing and File disclosure
6460| [11204] Apache Tomcat Default Accounts
6461| [11092] Apache 2.0.39 Win32 directory traversal
6462| [11046] Apache Tomcat TroubleShooter Servlet Installed
6463| [11042] Apache Tomcat DOS Device Name XSS
6464| [11041] Apache Tomcat /servlet Cross Site Scripting
6465| [10938] Apache Remote Command Execution via .bat files
6466| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6467| [10773] MacOS X Finder reveals contents of Apache Web files
6468| [10766] Apache UserDir Sensitive Information Disclosure
6469| [10756] MacOS X Finder reveals contents of Apache Web directories
6470| [10752] Apache Auth Module SQL Insertion Attack
6471| [10704] Apache Directory Listing
6472| [10678] Apache /server-info accessible
6473| [10677] Apache /server-status accessible
6474| [10440] Check for Apache Multiple / vulnerability
6475|
6476| SecurityTracker - https://www.securitytracker.com:
6477| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6478| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6479| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6480| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6481| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6482| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6483| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6484| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6485| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6486| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6487| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6488| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6489| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6490| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6491| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6492| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6493| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6494| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6495| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6496| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6497| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6498| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6499| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6500| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6501| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6502| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6503| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6504| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6505| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6506| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6507| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6508| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6509| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6510| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6511| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6512| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6513| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6514| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6515| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6516| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6517| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6518| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6519| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6520| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6521| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6522| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6523| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6524| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6525| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6526| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6527| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6528| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6529| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6530| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6531| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6532| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6533| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6534| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6535| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6536| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6537| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6538| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6539| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6540| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6541| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6542| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6543| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6544| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6545| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6546| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6547| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6548| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6549| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6550| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6551| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6552| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6553| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6554| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6555| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6556| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6557| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6558| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6559| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6560| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6561| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6562| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6563| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6564| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6565| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6566| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6567| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6568| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6569| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6570| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6571| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6572| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6573| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6574| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6575| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6576| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6577| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6578| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6579| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6580| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6581| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6582| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6583| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6584| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6585| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6586| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6587| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6588| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6589| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6590| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6591| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6592| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6593| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6594| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6595| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6596| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6597| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6598| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6599| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6600| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6601| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6602| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6603| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6604| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6605| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6606| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6607| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6608| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6609| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6610| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6611| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6612| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6613| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6614| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6615| [1008920] Apache mod_digest May Validate Replayed Client Responses
6616| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6617| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6618| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6619| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6620| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6621| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6622| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6623| [1008029] Apache mod_alias Contains a Buffer Overflow
6624| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6625| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6626| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6627| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6628| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6629| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6630| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6631| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6632| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6633| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6634| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6635| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6636| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6637| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6638| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6639| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6640| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6641| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6642| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6643| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6644| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6645| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6646| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6647| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6648| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6649| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6650| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6651| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6652| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6653| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6654| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6655| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6656| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6657| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6658| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6659| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6660| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6661| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6662| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6663| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6664| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6665| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6666| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6667| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6668| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6669| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6670| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6671| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6672| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6673| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6674| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6675| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6676| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6677| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6678| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6679| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6680|
6681| OSVDB - http://www.osvdb.org:
6682| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6683| [96077] Apache CloudStack Global Settings Multiple Field XSS
6684| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6685| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6686| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6687| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6688| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6689| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6690| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6691| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6692| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6693| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6694| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6695| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6696| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6697| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6698| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6699| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6700| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6701| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6702| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6703| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6704| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6705| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6706| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6707| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6708| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6709| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6710| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6711| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6712| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6713| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6714| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6715| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6716| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6717| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6718| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6719| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6720| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6721| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6722| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6723| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6724| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6725| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6726| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6727| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6728| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6729| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6730| [94279] Apache Qpid CA Certificate Validation Bypass
6731| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6732| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6733| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6734| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6735| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6736| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6737| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6738| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6739| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6740| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6741| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6742| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6743| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6744| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6745| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6746| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6747| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6748| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6749| [93541] Apache Solr json.wrf Callback XSS
6750| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6751| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6752| [93520] Apache CloudStack Default SSL Key Weakness
6753| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6754| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6755| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6756| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6757| [93515] Apache HBase table.jsp name Parameter XSS
6758| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6759| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6760| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6761| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6762| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6763| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6764| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6765| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6766| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6767| [93252] Apache Tomcat FORM Authenticator Session Fixation
6768| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6769| [93171] Apache Sling HtmlResponse Error Message XSS
6770| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6771| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6772| [93168] Apache Click ErrorReport.java id Parameter XSS
6773| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6774| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6775| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6776| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6777| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6778| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6779| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6780| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6781| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6782| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6783| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6784| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6785| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6786| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6787| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6788| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6789| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6790| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6791| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6792| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6793| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6794| [93144] Apache Solr Admin Command Execution CSRF
6795| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6796| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6797| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6798| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6799| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6800| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6801| [92748] Apache CloudStack VM Console Access Restriction Bypass
6802| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6803| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6804| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6805| [92706] Apache ActiveMQ Debug Log Rendering XSS
6806| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6807| [92270] Apache Tomcat Unspecified CSRF
6808| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6809| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6810| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6811| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6812| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6813| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6814| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6815| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6816| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6817| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6818| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6819| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6820| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6821| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6822| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6823| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6824| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6825| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6826| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6827| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6828| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6829| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6830| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6831| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6832| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6833| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6834| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6835| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6836| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6837| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6838| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6839| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6840| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6841| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6842| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6843| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6844| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6845| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6846| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6847| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6848| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6849| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6850| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6851| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6852| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6853| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6854| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6855| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6856| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6857| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6858| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6859| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6860| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6861| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6862| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6863| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6864| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6865| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6866| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6867| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6868| [86901] Apache Tomcat Error Message Path Disclosure
6869| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6870| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6871| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6872| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6873| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6874| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6875| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6876| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6877| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6878| [85430] Apache mod_pagespeed Module Unspecified XSS
6879| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6880| [85249] Apache Wicket Unspecified XSS
6881| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6882| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6883| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6884| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6885| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6886| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6887| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6888| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6889| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6890| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6891| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6892| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6893| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6894| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6895| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6896| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6897| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6898| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6899| [83339] Apache Roller Blogger Roll Unspecified XSS
6900| [83270] Apache Roller Unspecified Admin Action CSRF
6901| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6902| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6903| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6904| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6905| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6906| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6907| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6908| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6909| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6910| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6911| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6912| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6913| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6914| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6915| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6916| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6917| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6918| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6919| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6920| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6921| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6922| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6923| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6924| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6925| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6926| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6927| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6928| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6929| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6930| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6931| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6932| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6933| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6934| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6935| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6936| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6937| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6938| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6939| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6940| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6941| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6942| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6943| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6944| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6945| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6946| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6947| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6948| [77593] Apache Struts Conversion Error OGNL Expression Injection
6949| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6950| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6951| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6952| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6953| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6954| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6955| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6956| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6957| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6958| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6959| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6960| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6961| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6962| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6963| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6964| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6965| [74725] Apache Wicket Multi Window Support Unspecified XSS
6966| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6967| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6968| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6969| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6970| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6971| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6972| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6973| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6974| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6975| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6976| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6977| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6978| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6979| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6980| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6981| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6982| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6983| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6984| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6985| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6986| [73154] Apache Archiva Multiple Unspecified CSRF
6987| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6988| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6989| [72238] Apache Struts Action / Method Names <
6990| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6991| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6992| [71557] Apache Tomcat HTML Manager Multiple XSS
6993| [71075] Apache Archiva User Management Page XSS
6994| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6995| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6996| [70924] Apache Continuum Multiple Admin Function CSRF
6997| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6998| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6999| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7000| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7001| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7002| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7003| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7004| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7005| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7006| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7007| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7008| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7009| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7010| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7011| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7012| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7013| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7014| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7015| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7016| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7017| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7018| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7019| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7020| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7021| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7022| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7023| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7024| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7025| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7026| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7027| [65054] Apache ActiveMQ Jetty Error Handler XSS
7028| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7029| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7030| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7031| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7032| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7033| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7034| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7035| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7036| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7037| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7038| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7039| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7040| [63895] Apache HTTP Server mod_headers Unspecified Issue
7041| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7042| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7043| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7044| [63140] Apache Thrift Service Malformed Data Remote DoS
7045| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7046| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7047| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7048| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7049| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7050| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7051| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7052| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7053| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7054| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7055| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7056| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7057| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7058| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7059| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7060| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7061| [60678] Apache Roller Comment Email Notification Manipulation DoS
7062| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7063| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7064| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7065| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7066| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7067| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7068| [60232] PHP on Apache php.exe Direct Request Remote DoS
7069| [60176] Apache Tomcat Windows Installer Admin Default Password
7070| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7071| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7072| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7073| [59944] Apache Hadoop jobhistory.jsp XSS
7074| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7075| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7076| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7077| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7078| [59019] Apache mod_python Cookie Salting Weakness
7079| [59018] Apache Harmony Error Message Handling Overflow
7080| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7081| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7082| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7083| [59010] Apache Solr get-file.jsp XSS
7084| [59009] Apache Solr action.jsp XSS
7085| [59008] Apache Solr analysis.jsp XSS
7086| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7087| [59006] Apache Beehive select / checkbox Tag XSS
7088| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7089| [59004] Apache Beehive Error Message XSS
7090| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7091| [59002] Apache Jetspeed default-page.psml URI XSS
7092| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7093| [59000] Apache CXF Unsigned Message Policy Bypass
7094| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7095| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7096| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7097| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7098| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7099| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7100| [58993] Apache Hadoop browseBlock.jsp XSS
7101| [58991] Apache Hadoop browseDirectory.jsp XSS
7102| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7103| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7104| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7105| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7106| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7107| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7108| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7109| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7110| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7111| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7112| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7113| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7114| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7115| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7116| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7117| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7118| [58974] Apache Sling /apps Script User Session Management Access Weakness
7119| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7120| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7121| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7122| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7123| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7124| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7125| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7126| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7127| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7128| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7129| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7130| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7131| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7132| [58805] Apache Derby Unauthenticated Database / Admin Access
7133| [58804] Apache Wicket Header Contribution Unspecified Issue
7134| [58803] Apache Wicket Session Fixation
7135| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7136| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7137| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7138| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7139| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7140| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7141| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7142| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7143| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7144| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7145| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7146| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7147| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7148| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7149| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7150| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7151| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7152| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7153| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7154| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7155| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7156| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7157| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7158| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7159| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7160| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7161| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7162| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7163| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7164| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7165| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7166| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7167| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7168| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7169| [58755] Apache Harmony DRLVM Non-public Class Member Access
7170| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7171| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7172| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7173| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7174| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7175| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7176| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7177| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7178| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7179| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7180| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7181| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7182| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7183| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7184| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7185| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7186| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7187| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7188| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7189| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
7190| [58725] Apache Tapestry Basic String ACL Bypass Weakness
7191| [58724] Apache Roller Logout Functionality Failure Session Persistence
7192| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
7193| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
7194| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
7195| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
7196| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
7197| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
7198| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
7199| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
7200| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
7201| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
7202| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7203| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7204| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
7205| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7206| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
7207| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
7208| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
7209| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
7210| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
7211| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
7212| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
7213| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
7214| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
7215| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
7216| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
7217| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
7218| [58687] Apache Axis Invalid wsdl Request XSS
7219| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
7220| [58685] Apache Velocity Template Designer Privileged Code Execution
7221| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
7222| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
7223| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
7224| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
7225| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
7226| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
7227| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
7228| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
7229| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
7230| [58667] Apache Roller Database Cleartext Passwords Disclosure
7231| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
7232| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
7233| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
7234| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
7235| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
7236| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
7237| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
7238| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
7239| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7240| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7241| [56984] Apache Xerces2 Java Malformed XML Input DoS
7242| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
7243| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
7244| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
7245| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
7246| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7247| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
7248| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
7249| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7250| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7251| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7252| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7253| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
7254| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
7255| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
7256| [55056] Apache Tomcat Cross-application TLD File Manipulation
7257| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
7258| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
7259| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
7260| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7261| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
7262| [54589] Apache Jserv Nonexistent JSP Request XSS
7263| [54122] Apache Struts s:a / s:url Tag href Element XSS
7264| [54093] Apache ActiveMQ Web Console JMS Message XSS
7265| [53932] Apache Geronimo Multiple Admin Function CSRF
7266| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7267| [53930] Apache Geronimo /console/portal/ URI XSS
7268| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
7269| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
7270| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
7271| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7272| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7273| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
7274| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
7275| [53380] Apache Struts Unspecified XSS
7276| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
7277| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7278| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
7279| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
7280| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7281| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7282| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7283| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
7284| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
7285| [51151] Apache Roller Search Function q Parameter XSS
7286| [50482] PHP with Apache php_value Order Unspecified Issue
7287| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
7288| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
7289| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
7290| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7291| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
7292| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
7293| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
7294| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7295| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
7296| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
7297| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
7298| [47096] Oracle Weblogic Apache Connector POST Request Overflow
7299| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
7300| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
7301| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7302| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
7303| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
7304| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7305| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7306| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7307| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7308| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7309| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7310| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7311| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7312| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7313| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7314| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7315| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7316| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7317| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7318| [43452] Apache Tomcat HTTP Request Smuggling
7319| [43309] Apache Geronimo LoginModule Login Method Bypass
7320| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7321| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7322| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7323| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7324| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7325| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7326| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
7327| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7328| [42091] Apache Maven Site Plugin Installation Permission Weakness
7329| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
7330| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
7331| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
7332| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7333| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
7334| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
7335| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
7336| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
7337| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
7338| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
7339| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7340| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7341| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
7342| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7343| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7344| [40262] Apache HTTP Server mod_status refresh XSS
7345| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
7346| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
7347| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
7348| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
7349| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
7350| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
7351| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7352| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
7353| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7354| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
7355| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
7356| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
7357| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7358| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7359| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7360| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7361| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7362| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
7363| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7364| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
7365| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
7366| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7367| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7368| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7369| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
7370| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
7371| [36080] Apache Tomcat JSP Examples Crafted URI XSS
7372| [36079] Apache Tomcat Manager Uploaded Filename XSS
7373| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
7374| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
7375| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
7376| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
7377| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
7378| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
7379| [34881] Apache Tomcat Malformed Accept-Language Header XSS
7380| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
7381| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
7382| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
7383| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7384| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7385| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
7386| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
7387| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
7388| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7389| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
7390| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7391| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7392| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
7393| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
7394| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7395| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7396| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7397| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
7398| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7399| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7400| [32724] Apache mod_python _filter_read Freed Memory Disclosure
7401| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
7402| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
7403| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
7404| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
7405| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
7406| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
7407| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
7408| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
7409| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7410| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7411| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7412| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
7413| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7414| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
7415| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
7416| [24365] Apache Struts Multiple Function Error Message XSS
7417| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
7418| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
7419| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
7420| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7421| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
7422| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
7423| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
7424| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7425| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
7426| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
7427| [22459] Apache Geronimo Error Page XSS
7428| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
7429| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7430| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7431| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7432| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7433| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7434| [21021] Apache Struts Error Message XSS
7435| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7436| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7437| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7438| [20439] Apache Tomcat Directory Listing Saturation DoS
7439| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7440| [20285] Apache HTTP Server Log File Control Character Injection
7441| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7442| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7443| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7444| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7445| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7446| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7447| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7448| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7449| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7450| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7451| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7452| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7453| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7454| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7455| [18233] Apache HTTP Server htdigest user Variable Overfow
7456| [17738] Apache HTTP Server HTTP Request Smuggling
7457| [16586] Apache HTTP Server Win32 GET Overflow DoS
7458| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7459| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7460| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7461| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7462| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7463| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7464| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7465| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7466| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7467| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7468| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7469| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7470| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7471| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7472| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7473| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7474| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7475| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7476| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7477| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7478| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7479| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7480| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7481| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7482| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7483| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7484| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7485| [13304] Apache Tomcat realPath.jsp Path Disclosure
7486| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7487| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7488| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7489| [12848] Apache HTTP Server htdigest realm Variable Overflow
7490| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7491| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7492| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7493| [12557] Apache HTTP Server prefork MPM accept Error DoS
7494| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7495| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7496| [12231] Apache Tomcat web.xml Arbitrary File Access
7497| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7498| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7499| [12178] Apache Jakarta Lucene results.jsp XSS
7500| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7501| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7502| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7503| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7504| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7505| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7506| [10471] Apache Xerces-C++ XML Parser DoS
7507| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7508| [10068] Apache HTTP Server htpasswd Local Overflow
7509| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7510| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7511| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7512| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7513| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7514| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7515| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7516| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7517| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7518| [9714] Apache Authentication Module Threaded MPM DoS
7519| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7520| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7521| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7522| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7523| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7524| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7525| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7526| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7527| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7528| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7529| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7530| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7531| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7532| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7533| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7534| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7535| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7536| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7537| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7538| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7539| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7540| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7541| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7542| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7543| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7544| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7545| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7546| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7547| [9208] Apache Tomcat .jsp Encoded Newline XSS
7548| [9204] Apache Tomcat ROOT Application XSS
7549| [9203] Apache Tomcat examples Application XSS
7550| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7551| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7552| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7553| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7554| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7555| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7556| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7557| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7558| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7559| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7560| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7561| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7562| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7563| [7611] Apache HTTP Server mod_alias Local Overflow
7564| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7565| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7566| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7567| [6882] Apache mod_python Malformed Query String Variant DoS
7568| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7569| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7570| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7571| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7572| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7573| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7574| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7575| [5278] Apache Tomcat web.xml Restriction Bypass
7576| [5051] Apache Tomcat Null Character DoS
7577| [4973] Apache Tomcat servlet Mapping XSS
7578| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7579| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7580| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7581| [4568] mod_survey For Apache ENV Tags SQL Injection
7582| [4553] Apache HTTP Server ApacheBench Overflow DoS
7583| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7584| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7585| [4383] Apache HTTP Server Socket Race Condition DoS
7586| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7587| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7588| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7589| [4231] Apache Cocoon Error Page Server Path Disclosure
7590| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7591| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7592| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7593| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7594| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7595| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7596| [3322] mod_php for Apache HTTP Server Process Hijack
7597| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7598| [2885] Apache mod_python Malformed Query String DoS
7599| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7600| [2733] Apache HTTP Server mod_rewrite Local Overflow
7601| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7602| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7603| [2149] Apache::Gallery Privilege Escalation
7604| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7605| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7606| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7607| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7608| [872] Apache Tomcat Multiple Default Accounts
7609| [862] Apache HTTP Server SSI Error Page XSS
7610| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7611| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7612| [845] Apache Tomcat MSDOS Device XSS
7613| [844] Apache Tomcat Java Servlet Error Page XSS
7614| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7615| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7616| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7617| [775] Apache mod_python Module Importing Privilege Function Execution
7618| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7619| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7620| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7621| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7622| [637] Apache HTTP Server UserDir Directive Username Enumeration
7623| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7624| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7625| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7626| [561] Apache Web Servers mod_status /server-status Information Disclosure
7627| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7628| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7629| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7630| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7631| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7632| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7633| [376] Apache Tomcat contextAdmin Arbitrary File Access
7634| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7635| [222] Apache HTTP Server test-cgi Arbitrary File Access
7636| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7637| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7638|_
7639Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7640Device type: general purpose|WAP|storage-misc|specialized
7641Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
7642OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
7643Aggressive OS guesses: Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%)
7644No exact OS matches for host (test conditions non-ideal).
7645Uptime guess: 6.161 days (since Sat Jan 11 15:25:04 2020)
7646Network Distance: 19 hops
7647TCP Sequence Prediction: Difficulty=258 (Good luck!)
7648IP ID Sequence Generation: All zeros
7649
7650TRACEROUTE (using port 80/tcp)
7651HOP RTT ADDRESS
76521 59.73 ms 10.253.204.1
76532 89.46 ms 104.245.145.177
76543 89.49 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
76554 89.54 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
76565 89.54 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
76576 89.53 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
76587 119.53 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
76598 119.61 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
76609 119.64 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
766110 89.77 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
766211 121.18 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
766312 272.90 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
766413 239.44 ms ae-1.r03.osakjp02.jp.bb.gin.ntt.net (129.250.7.31)
766514 272.87 ms ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232)
766615 272.87 ms xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218)
766716 ... 18
766819 276.30 ms 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7669
7670NSE: Script Post-scanning.
7671Initiating NSE at 19:16
7672Completed NSE at 19:16, 0.00s elapsed
7673Initiating NSE at 19:16
7674Completed NSE at 19:16, 0.00s elapsed
7675#######################################################################################################################################
7676Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:16 EST
7677NSE: Loaded 50 scripts for scanning.
7678NSE: Script Pre-scanning.
7679Initiating NSE at 19:16
7680Completed NSE at 19:16, 0.00s elapsed
7681Initiating NSE at 19:16
7682Completed NSE at 19:16, 0.00s elapsed
7683Initiating Ping Scan at 19:16
7684Scanning 210.152.243.182 [4 ports]
7685Completed Ping Scan at 19:16, 0.26s elapsed (1 total hosts)
7686Initiating Parallel DNS resolution of 1 host. at 19:16
7687Completed Parallel DNS resolution of 1 host. at 19:16, 0.02s elapsed
7688Initiating SYN Stealth Scan at 19:16
7689Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [1 port]
7690Discovered open port 110/tcp on 210.152.243.182
7691Completed SYN Stealth Scan at 19:16, 0.28s elapsed (1 total ports)
7692Initiating Service scan at 19:16
7693Scanning 1 service on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7694Completed Service scan at 19:16, 0.45s elapsed (1 service on 1 host)
7695Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7696Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7697Initiating Traceroute at 19:16
7698Completed Traceroute at 19:16, 3.12s elapsed
7699Initiating Parallel DNS resolution of 16 hosts. at 19:16
7700Completed Parallel DNS resolution of 16 hosts. at 19:16, 0.35s elapsed
7701NSE: Script scanning 210.152.243.182.
7702Initiating NSE at 19:16
7703NSE Timing: About 69.12% done; ETC: 19:18 (0:00:30 remaining)
7704Completed NSE at 19:18, 90.26s elapsed
7705Initiating NSE at 19:18
7706Completed NSE at 19:18, 0.05s elapsed
7707Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7708Host is up (0.25s latency).
7709
7710PORT STATE SERVICE VERSION
7711110/tcp open pop3 qmail pop3d
7712| vulscan: VulDB - https://vuldb.com:
7713| [56854] Frederik Vermeulen netqmail 1.06 qmail-smtpd.c Cleartext unknown vulnerability
7714| [45500] Gazatem Technologies QMail Mailing List Manager 1.2 information disclosure
7715|
7716| MITRE CVE - https://cve.mitre.org:
7717| [CVE-2012-2103] The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
7718| [CVE-2011-1431] The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
7719| [CVE-2008-6984] Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
7720| [CVE-2008-5606] Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
7721| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7722| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7723| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7724| [CVE-2006-1141] Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable.
7725| [CVE-2005-2663] masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.
7726| [CVE-2005-2662] masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.
7727| [CVE-2005-1515] Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
7728| [CVE-2005-1514] commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.
7729| [CVE-2005-1513] Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
7730| [CVE-2004-2571] Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c
7731| [CVE-2004-2429] Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
7732| [CVE-2004-2088] Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
7733| [CVE-2003-0654] Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail.
7734| [CVE-2002-1414] Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
7735| [CVE-2002-1279] Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, and 0.2.x before 0.2.15, allow local users to gain privileges via certain entries in the configuration file (-C option).
7736| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
7737| [CVE-2001-1173] Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
7738| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
7739| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
7740| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7741| [CVE-1999-0250] Denial of service in Qmail through long SMTP commands.
7742| [CVE-1999-0144] Denial of service in Qmail by specifying a large number of recipients with the RCPT command.
7743|
7744| SecurityFocus - https://www.securityfocus.com/bid/:
7745| [90000] Qmail CVE-2005-1515 Denial-Of-Service Vulnerability
7746| [89993] Qmail CVE-2005-1514 Denial-Of-Service Vulnerability
7747| [89980] Qmail CVE-2005-1513 Denial-Of-Service Vulnerability
7748| [87001] MasqMail CVE-2001-1173 Local Security Vulnerability
7749| [84651] Qmail Mailing List Manager CVE-2008-5606 Information Disclosure Vulnerability
7750| [82079] Qmail CVE-1999-0250 Denial-Of-Service Vulnerability
7751| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
7752| [49181] MasqMail Multiple Local Privilege Escalation Vulnerabilities
7753| [39838] tpop3d Remote Denial of Service Vulnerability
7754| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7755| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7756| [16994] Inter7 QmailAdmin PATH_INFO Buffer Overflow Vulnerability
7757| [14890] MasqMail Local Privilege Escalation Vulnerabilities
7758| [13536] QMail Substdio_Put() Function Remote Integer Overflow Vulnerability
7759| [13535] QMail Commands() Function Remote Integer Overflow Vulnerability
7760| [13528] QMail Alloc() Remote Integer Overflow Vulnerability
7761| [9797] QMail-QMTPD RELAYCLIENT Environment Variable Integer Overflow Vulnerability
7762| [9432] QMail-SMTPD Long SMTP Session Integer Overflow Denial of Service Vulnerability
7763| [8495] akpop3d User Name SQL Injection Vulnerability
7764| [8473] Vpop3d Remote Denial Of Service Vulnerability
7765| [8196] QMail-SMTPD-Auth True Program Remote E-Mail Vulnerability
7766| [6164] MasqMail Buffer Overflow Vulnerability
7767| [5404] qmailadmin Local Buffer Overflow Vulnerability
7768| [3990] ZPop3D Bad Login Logging Failure Vulnerability
7769| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
7770| [2237] QMail RCPT Denial of Service Vulnerability
7771| [1809] cmd5checkpw Qmail Remote Password Retrieval Vulnerability
7772|
7773| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7774| [69253] Masqmail seteuid function privilege escalation
7775| [47152] QMail Mailing List Manager qmail.mdb information disclosure
7776| [26578] Cyrus IMAP pop3d buffer overflow
7777| [25065] QmailAdmin qmailadmin.c PATH_INFO buffer overflow
7778| [22347] MasqMail log file symlink
7779| [22346] MasqMail email addresses allow elevated privileges
7780| [20497] qmail RCPT TO qmail_put/substdio_put denial of service
7781| [20492] qmail commands.c denial of service
7782| [20489] qmail stralloc_readyplus function denial of service
7783| [15385] qmail RELAYCLIENT buffer overflow
7784| [14870] qmail long SMTP buffer overflow
7785| [14866] qmail long SMTP denial of service
7786| [13018] akpop3d authentication code SQL injection
7787| [12737] QmailAdmin forward rule execute commands
7788| [12616] qmail qmail-smtpd-auth patch allows open relay
7789| [10605] MasqMail multiple buffer overflows
7790| [9786] QmailAdmin QMAILADMIN_TEMPLATEDIR buffer overflow
7791| [8717] MasqMail could allow an attacker to gain elevated privileges
7792| [7345] Slackware Linux imapd and ipop3d core dump
7793| [6269] imap, ipop2d and ipop3d buffer overflows
7794| [5923] Linuxconf vpop3d symbolic link
7795| [5382] cmd5checkpw plug-in allows attacker to bypass Qmail authentication
7796| [4918] IPOP3D, Buffer overflow attack
7797| [1560] IPOP3D, user login successful
7798| [1559] IPOP3D user login to remote host successful
7799| [1525] IPOP3D, user logout
7800| [1524] IPOP3D, user auto-logout
7801| [1523] IPOP3D, user login failure
7802| [1522] IPOP3D, brute force attack
7803| [1521] IPOP3D, user kiss of death logout
7804| [418] pop3d mktemp creates insecure temporary files
7805| [208] Qmail email RCPT denial of service
7806| [207] Qmail long SMTP command denial of service
7807|
7808| Exploit-DB - https://www.exploit-db.com:
7809| [23053] Vpop3d Remote Denial of Service Vulnerability
7810| [21683] qmailadmin 1.0.x Local Buffer Overflow Vulnerability
7811| [20562] Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (2)
7812| [20561] Dan Bernstein QMail 1.0 3 RCPT Denial of Service Vulnerability (1)
7813| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7814| [11893] tPop3d 1.5.3 DoS
7815| [7376] QMail Mailing List Manager 1.2 Database Disclosure Vulnerability
7816| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7817| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7818| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7819|
7820| OpenVAS (Nessus) - http://www.openvas.org:
7821| [57928] Gentoo Security Advisory GLSA 200611-15 (qmailadmin)
7822| [55561] Debian Security Advisory DSA 848-1 (masqmail)
7823| [53440] Debian Security Advisory DSA 194-1 (masqmail)
7824|
7825| SecurityTracker - https://www.securitytracker.com:
7826| [1013911] qmail Integer Errors Let Remote Users Deny Service
7827| [1009306] Qmail-qmtpd Buffer Overflow in RELAYCLIENT May Let Local Users Gain Elevated Privileges
7828| [1008733] qmail Buffer Overflow Lets Remote Users Overwrite Memory
7829| [1007305] QmailAdmin Forwarding Rule Lets Remote Users Execute Arbitrary Commands on the System
7830| [1005616] MasqMail Server Buffer Overflows Let Local Users Grab Root Privileges
7831| [1004978] QmailAdmin Buffer Overflow Lets Local Users Obtain Elevated Privileges on the System
7832| [1002108] MasqMail Piped Alias Processing Allows Certain Local Users to Escalate Privileges to Root
7833|
7834| OSVDB - http://www.osvdb.org:
7835| [81354] Munin qmailscan Plugin Temporary File Symlink Arbitrary File Overwrite
7836| [75803] qmailadmin User Quota Multiple Function Overflow
7837| [75256] netqmail qmail-smtpd qmail-smtpd.c STARTTLS I/O Buffering MiTM Plaintext Command Injection
7838| [74626] MasqMail Return Value Verification Weakness Local Privilege Escalation
7839| [74625] MasqMail ID Change Logic Error Local Privilege Escalation
7840| [56527] qmail Long SMTP Command Saturation Remote DoS
7841| [50546] QMail Mailing List Manager database/qmail.mdb Direct Request Database Disclosure
7842| [45184] Sophos Anti-Virus qmail Generated Delivery Status Notification (DSN) Scanning Bypass
7843| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7844| [23948] qmailadmin Arbitrary Program Mail Forward Privilege Escalation
7845| [23705] qmailadmin qmailadmin.c PATH_INFO Environment Variable Local Overflow
7846| [19584] MasqMail Log File Symlink Arbitrary File Overwrite
7847| [19583] MasqMail Crafted E-mail Address Arbitrary Command Execution
7848| [16345] qmail substdio_put Function Signedness Issue
7849| [16344] qmail commands.c Signed Index Issue
7850| [16343] qmail stralloc_readyplus Function Remote Overflow
7851| [14562] MasqMail Local Address Resolve Failure DoS
7852| [14561] MasqMail -C Option Unspecified Privilege Escalation
7853| [14533] qmailadmin QMAILADMIN_TEMPLATEDIR Environment Variable Local Overflow
7854| [14519] MasqMail -C Parameter Multiple Local Overflows
7855| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
7856| [14176] MasqMail Piped Aliases Privilege Escalation
7857| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7858| [5857] Linux pop3d Arbitrary Mail File Access
7859| [5850] qmail RCPT TO Command Remote Overflow DoS
7860| [3538] qmail Long SMTP Session DoS
7861| [2471] akpop3d username SQL Injection
7862| [2440] qmailadmin autorespond Multiple Variable Remote Overflow
7863| [1615] cmd5checkpw Qmail Remote Password Disclosure
7864|_
7865Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7866Device type: general purpose|WAP|storage-misc|specialized
7867Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
7868OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
7869Aggressive OS guesses: Linux 2.6.32 (91%), Linux 2.6.32 - 3.1 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%)
7870No exact OS matches for host (test conditions non-ideal).
7871Uptime guess: 6.162 days (since Sat Jan 11 15:25:04 2020)
7872Network Distance: 19 hops
7873TCP Sequence Prediction: Difficulty=258 (Good luck!)
7874IP ID Sequence Generation: All zeros
7875Service Info: Host: geirui-20161130
7876
7877TRACEROUTE (using port 110/tcp)
7878HOP RTT ADDRESS
78791 68.27 ms 10.253.204.1
78802 105.48 ms 104.245.145.177
78813 105.53 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
78824 105.55 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
78835 105.61 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
78846 105.60 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
78857 145.58 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
78868 105.64 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
78879 145.65 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
788810 105.70 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
788911 127.34 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
789012 222.47 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
789113 260.27 ms ae-1.r02.osakjp02.jp.bb.gin.ntt.net (129.250.2.40)
789214 296.68 ms ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232)
789315 296.71 ms xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218)
789416 ... 18
789519 256.26 ms 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7896
7897NSE: Script Post-scanning.
7898Initiating NSE at 19:18
7899Completed NSE at 19:18, 0.00s elapsed
7900Initiating NSE at 19:18
7901Completed NSE at 19:18, 0.00s elapsed
7902#######################################################################################################################################
7903https://210.152.243.182 [200 OK] Apache, Content-Language[ja], Country[JAPAN][JP], Frame, Google-Analytics[UA-19915938-1], HTTPServer[Apache], IP[210.152.243.182], PHP[5,5.1,5.1.6], Script[text/javascript], Title[������١�����ʤɷ�����Ȥä��������Υ쥷�Ԥ������Τޤǡ�������Τ��Ȥʤ餯���鲣���ޤǡ�], X-Powered-By[PHP/5.1.6]
7904#######################################################################################################################################
7905Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:18 EST
7906NSE: Loaded 162 scripts for scanning.
7907NSE: Script Pre-scanning.
7908Initiating NSE at 19:18
7909Completed NSE at 19:18, 0.00s elapsed
7910Initiating NSE at 19:18
7911Completed NSE at 19:18, 0.00s elapsed
7912Initiating Parallel DNS resolution of 1 host. at 19:18
7913Completed Parallel DNS resolution of 1 host. at 19:18, 0.02s elapsed
7914Initiating SYN Stealth Scan at 19:18
7915Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [1 port]
7916Discovered open port 443/tcp on 210.152.243.182
7917Completed SYN Stealth Scan at 19:18, 0.24s elapsed (1 total ports)
7918Initiating Service scan at 19:18
7919Scanning 1 service on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7920Completed Service scan at 19:19, 13.58s elapsed (1 service on 1 host)
7921Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7922Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7923Initiating Traceroute at 19:19
7924Completed Traceroute at 19:19, 3.11s elapsed
7925Initiating Parallel DNS resolution of 16 hosts. at 19:19
7926Completed Parallel DNS resolution of 16 hosts. at 19:19, 0.24s elapsed
7927NSE: Script scanning 210.152.243.182.
7928Initiating NSE at 19:19
7929Completed NSE at 19:20, 90.53s elapsed
7930Initiating NSE at 19:20
7931Completed NSE at 19:20, 2.02s elapsed
7932Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
7933Host is up (0.23s latency).
7934
7935PORT STATE SERVICE VERSION
7936443/tcp open ssl/http Apache httpd (PHP 5.1.6)
7937|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
7938| http-brute:
7939|_ Path "/" does not require authentication
7940|_http-chrono: Request times for /; avg: 2169.84ms; min: 2021.68ms; max: 2304.77ms
7941| http-csrf:
7942| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=210-152-243-182.jp-west.compute.idcfcloud.com
7943| Found the following possible CSRF vulnerabilities:
7944|
7945| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/
7946| Form id:
7947| Form action: ./search
7948|
7949| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/news/
7950| Form id:
7951| Form action: ../search
7952|
7953| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/dictionary/
7954| Form id:
7955| Form action: ../search
7956|
7957| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/shop/
7958| Form id:
7959| Form action: ../search
7960|
7961| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/discovery/
7962| Form id:
7963| Form action: ../search
7964|
7965| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/picturebook/
7966| Form id:
7967| Form action: ../search
7968|
7969| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/search/
7970| Form id:
7971| Form action: ../search
7972|
7973| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/cooking/
7974| Form id:
7975| Form action: ../search
7976|
7977| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/cooking/
7978| Form id: title_freewords
7979| Form action: ./
7980|
7981| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/before/
7982| Form id:
7983| Form action: ../search
7984|
7985| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/link/
7986| Form id:
7987| Form action: ../search
7988|
7989| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/buy/
7990| Form id:
7991| Form action: ../search
7992|
7993| Path: https://210-152-243-182.jp-west.compute.idcfcloud.com:443/buy/
7994| Form id: title_freewords
7995|_ Form action: ./
7996|_http-date: Sat, 18 Jan 2020 00:19:42 GMT; -5s from local time.
7997|_http-devframework: Django detected. Found id_ preffix in id attribute name on https://210-152-243-182.jp-west.compute.idcfcloud.com:443/
7998|_http-dombased-xss: Couldn't find any DOM based XSS.
7999| http-errors:
8000| Spidering limited to: maxpagecount=40; withinhost=210-152-243-182.jp-west.compute.idcfcloud.com
8001| Found the following error pages:
8002|
8003| Error Code: 404
8004|_ https://210-152-243-182.jp-west.compute.idcfcloud.com:443/http:%2f%2fwww.facebook.com%2fpages%2f%25E3%2582%25AF%25E3%2582%25B8%25E3%2583%25A9%25E6%25A8%25AA%25E4%25B8%2581%2f127798327370756&width=250&height=395&colorscheme=light&show_faces=false&border_color&stream=true&header=false"
8005|_http-feed: ERROR: Script execution failed (use -d to debug)
8006|_http-fetch: Please enter the complete path of the directory to save data in.
8007| http-fileupload-exploiter:
8008|
8009|_ Couldn't find a file-type field.
8010| http-grep:
8011| (1) https://210-152-243-182.jp-west.compute.idcfcloud.com:443/news/:
8012| (1) email:
8013| + shimonoseki-kujira@hotmail.co.jp
8014| (1) https://210-152-243-182.jp-west.compute.idcfcloud.com:443/cooking/:
8015| (1) ip:
8016|_ + 202.218.11.166
8017| http-headers:
8018| Date: Sat, 18 Jan 2020 00:19:30 GMT
8019| Server: Apache
8020| X-Powered-By: PHP/5.1.6
8021| Content-Language: ja
8022| Connection: close
8023| Content-Type: text/html; charset=EUC-JP
8024|
8025|_ (Request type: HEAD)
8026| http-methods:
8027|_ Supported Methods: GET HEAD POST OPTIONS
8028|_http-mobileversion-checker: No mobile version detected.
8029| http-php-version: Versions from credits query (more accurate): 5.1.3 - 5.1.6
8030|_Version from header x-powered-by: PHP/5.1.6
8031| http-security-headers:
8032| Strict_Transport_Security:
8033|_ HSTS not configured in HTTPS Server
8034|_http-server-header: Apache
8035| http-sitemap-generator:
8036| Directory structure:
8037| /
8038| Other: 1
8039| /common_img/
8040| jpg: 7; png: 1
8041| /contact/
8042| Other: 1
8043| /images/
8044| jpg: 4
8045| /link/
8046| Other: 1
8047| /search/
8048| Other: 1
8049| /up_img/
8050| jpg: 4
8051| Longest directory structure:
8052| Depth: 1
8053| Dir: /contact/
8054| Total files found (by extension):
8055|_ Other: 4; jpg: 15; png: 1
8056|_http-title: \xA4\xAF\xA4\xB8\xA4\xE9\xA5\xD9\xA1\xBC\xA5\xB3\xA5\xF3\xA4\xCA\xA4\xC9\xB7\xDF\xC6\xF9\xA4\xF2\xBB\xC8\xA4\xC3\xA4\xBF\xB7\xDF\xCE\xC1\xCD\xFD\xA4\xCE\xA5\xEC\xA5\xB7\xA5\xD4\xA4\xAB\xA4\xE9\xC4\xCC\xC8\xCE\xA4\xDE\xA4\xC7\xA1\xA2\xA5\xAF\xA5\xB8...
8057| http-vhosts:
8058| 122 names had status 200
8059| cdn.jp-west.compute.idcfcloud.com
8060| en.jp-west.compute.idcfcloud.com
8061| exchange.jp-west.compute.idcfcloud.com
8062| demo.jp-west.compute.idcfcloud.com
8063|_firewall.jp-west.compute.idcfcloud.com
8064|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
8065|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
8066|_http-xssed: No previously reported XSS vuln.
8067| vulscan: VulDB - https://vuldb.com:
8068| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8069| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8070| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8071| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8072| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8073| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8074| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8075| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8076| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8077| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8078| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8079| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8080| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8081| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8082| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8083| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8084| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8085| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8086| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8087| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8088| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8089| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8090| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8091| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8092| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8093| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8094| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8095| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8096| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8097| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8098| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8099| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8100| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8101| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8102| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8103| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8104| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8105| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8106| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8107| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8108| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8109| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8110| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8111| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8112| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8113| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8114| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8115| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8116| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8117| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8118| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8119| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8120| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8121| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8122| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8123| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8124| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8125| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8126| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8127| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8128| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8129| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8130| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8131| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8132| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8133| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8134| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8135| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8136| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8137| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8138| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8139| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8140| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8141| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8142| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8143| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8144| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8145| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8146| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8147| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8148| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8149| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8150| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8151| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8152| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8153| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8154| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8155| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8156| [136370] Apache Fineract up to 1.2.x sql injection
8157| [136369] Apache Fineract up to 1.2.x sql injection
8158| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8159| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8160| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8161| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8162| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8163| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8164| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8165| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8166| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8167| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8168| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8169| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8170| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8171| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8172| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8173| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8174| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8175| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8176| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8177| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8178| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8179| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8180| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8181| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8182| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8183| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8184| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8185| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8186| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8187| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8188| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8189| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8190| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8191| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8192| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8193| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8194| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8195| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8196| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8197| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8198| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8199| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8200| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8201| [130629] Apache Guacamole Cookie Flag weak encryption
8202| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8203| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8204| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8205| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8206| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8207| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8208| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8209| [130123] Apache Airflow up to 1.8.2 information disclosure
8210| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8211| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8212| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8213| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8214| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8215| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8216| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8217| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8218| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8219| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8220| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8221| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8222| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8223| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8224| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8225| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8226| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8227| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8228| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8229| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8230| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8231| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8232| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8233| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8234| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8235| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8236| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8237| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8238| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8239| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8240| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8241| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8242| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8243| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8244| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8245| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8246| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8247| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8248| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8249| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8250| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8251| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8252| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8253| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8254| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8255| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8256| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8257| [127007] Apache Spark Request Code Execution
8258| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8259| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8260| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8261| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8262| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8263| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8264| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8265| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8266| [126346] Apache Tomcat Path privilege escalation
8267| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8268| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8269| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8270| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8271| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8272| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8273| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8274| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8275| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8276| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8277| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8278| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8279| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8280| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8281| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8282| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8283| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8284| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8285| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8286| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8287| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8288| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8289| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8290| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8291| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8292| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8293| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8294| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8295| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8296| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8297| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8298| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8299| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8300| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8301| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8302| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8303| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8304| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8305| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8306| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8307| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8308| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8309| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8310| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8311| [123197] Apache Sentry up to 2.0.0 privilege escalation
8312| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8313| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8314| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8315| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8316| [122800] Apache Spark 1.3.0 REST API weak authentication
8317| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8318| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8319| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8320| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8321| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8322| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8323| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8324| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8325| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8326| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8327| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8328| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8329| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8330| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8331| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8332| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8333| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8334| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8335| [121354] Apache CouchDB HTTP API Code Execution
8336| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8337| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8338| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8339| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8340| [120168] Apache CXF weak authentication
8341| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8342| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8343| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8344| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8345| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8346| [119306] Apache MXNet Network Interface privilege escalation
8347| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8348| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8349| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8350| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8351| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8352| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8353| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8354| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8355| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8356| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8357| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8358| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8359| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8360| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8361| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8362| [117115] Apache Tika up to 1.17 tika-server command injection
8363| [116929] Apache Fineract getReportType Parameter privilege escalation
8364| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8365| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8366| [116926] Apache Fineract REST Parameter privilege escalation
8367| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8368| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8369| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8370| [115883] Apache Hive up to 2.3.2 privilege escalation
8371| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8372| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8373| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8374| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8375| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8376| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8377| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8378| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8379| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8380| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8381| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8382| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8383| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8384| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8385| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8386| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8387| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8388| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8389| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8390| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8391| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8392| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8393| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8394| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8395| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8396| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8397| [113895] Apache Geode up to 1.3.x Code Execution
8398| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8399| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8400| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8401| [113747] Apache Tomcat Servlets privilege escalation
8402| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8403| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8404| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8405| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8406| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8407| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8408| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8409| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8410| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8411| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8412| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8413| [112885] Apache Allura up to 1.8.0 File information disclosure
8414| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8415| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8416| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8417| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8418| [112625] Apache POI up to 3.16 Loop denial of service
8419| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8420| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8421| [112339] Apache NiFi 1.5.0 Header privilege escalation
8422| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8423| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8424| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8425| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8426| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8427| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8428| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8429| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8430| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8431| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8432| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8433| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8434| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8435| [112114] Oracle 9.1 Apache Log4j privilege escalation
8436| [112113] Oracle 9.1 Apache Log4j privilege escalation
8437| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8438| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8439| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8440| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8441| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8442| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8443| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8444| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8445| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8446| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8447| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8448| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8449| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8450| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8451| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8452| [110701] Apache Fineract Query Parameter sql injection
8453| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8454| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8455| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8456| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8457| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8458| [110106] Apache CXF Fediz Spring cross site request forgery
8459| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8460| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8461| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8462| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8463| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8464| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8465| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8466| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8467| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8468| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8469| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8470| [108938] Apple macOS up to 10.13.1 apache denial of service
8471| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8472| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8473| [108935] Apple macOS up to 10.13.1 apache denial of service
8474| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8475| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8476| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8477| [108931] Apple macOS up to 10.13.1 apache denial of service
8478| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8479| [108929] Apple macOS up to 10.13.1 apache denial of service
8480| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8481| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8482| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8483| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8484| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8485| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8486| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8487| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8488| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8489| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8490| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8491| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8492| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8493| [108782] Apache Xerces2 XML Service denial of service
8494| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8495| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8496| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8497| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8498| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8499| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8500| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8501| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8502| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8503| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8504| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8505| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8506| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8507| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8508| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8509| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8510| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8511| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8512| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8513| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8514| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8515| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8516| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8517| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8518| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8519| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8520| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8521| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8522| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8523| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8524| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8525| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8526| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8527| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8528| [107639] Apache NiFi 1.4.0 XML External Entity
8529| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8530| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8531| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8532| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8533| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8534| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8535| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8536| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8537| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8538| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8539| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8540| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8541| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8542| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8543| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8544| [107084] Apache Struts up to 2.3.19 cross site scripting
8545| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8546| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8547| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8548| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8549| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8550| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8551| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8552| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8553| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8554| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8555| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8556| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8557| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8558| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8559| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8560| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8561| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8562| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8563| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8564| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8565| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8566| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8567| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8568| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8569| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8570| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8571| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8572| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8573| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8574| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8575| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8576| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8577| [105643] Apache Pony Mail up to 0.8b weak authentication
8578| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8579| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8580| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8581| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8582| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8583| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8584| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8585| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8586| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8587| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8588| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8589| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8590| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8591| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8592| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8593| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8594| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8595| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8596| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8597| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8598| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8599| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8600| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8601| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8602| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8603| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8604| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8605| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8606| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8607| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8608| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8609| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8610| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8611| [103690] Apache OpenMeetings 1.0.0 sql injection
8612| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8613| [103688] Apache OpenMeetings 1.0.0 weak encryption
8614| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8615| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8616| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8617| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8618| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8619| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8620| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8621| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8622| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8623| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8624| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8625| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8626| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8627| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8628| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8629| [103352] Apache Solr Node weak authentication
8630| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8631| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8632| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8633| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8634| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8635| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8636| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8637| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8638| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8639| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8640| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8641| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8642| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8643| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8644| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8645| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8646| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8647| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8648| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8649| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8650| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8651| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8652| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8653| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8654| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8655| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8656| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8657| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8658| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8659| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8660| [99937] Apache Batik up to 1.8 privilege escalation
8661| [99936] Apache FOP up to 2.1 privilege escalation
8662| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8663| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8664| [99930] Apache Traffic Server up to 6.2.0 denial of service
8665| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8666| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8667| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8668| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8669| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8670| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8671| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8672| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8673| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8674| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8675| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8676| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8677| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8678| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8679| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8680| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8681| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8682| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8683| [98605] Apple macOS up to 10.12.3 Apache denial of service
8684| [98604] Apple macOS up to 10.12.3 Apache denial of service
8685| [98603] Apple macOS up to 10.12.3 Apache denial of service
8686| [98602] Apple macOS up to 10.12.3 Apache denial of service
8687| [98601] Apple macOS up to 10.12.3 Apache denial of service
8688| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8689| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8690| [98199] Apache Camel Validation XML External Entity
8691| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8692| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8693| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8694| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8695| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8696| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8697| [97081] Apache Tomcat HTTPS Request denial of service
8698| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8699| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8700| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8701| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8702| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8703| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8704| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8705| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8706| [95311] Apache Storm UI Daemon privilege escalation
8707| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8708| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8709| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8710| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8711| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8712| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8713| [94540] Apache Tika 1.9 tika-server File information disclosure
8714| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8715| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8716| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8717| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8718| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8719| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8720| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8721| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8722| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8723| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8724| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8725| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8726| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8727| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8728| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8729| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8730| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8731| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8732| [93532] Apache Commons Collections Library Java privilege escalation
8733| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8734| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8735| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8736| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8737| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8738| [93098] Apache Commons FileUpload privilege escalation
8739| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8740| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8741| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8742| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8743| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8744| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8745| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8746| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8747| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8748| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8749| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8750| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8751| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8752| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8753| [92549] Apache Tomcat on Red Hat privilege escalation
8754| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8755| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8756| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8757| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8758| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8759| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8760| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8761| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8762| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8763| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8764| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8765| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8766| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8767| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8768| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8769| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8770| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8771| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8772| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8773| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8774| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8775| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8776| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8777| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8778| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8779| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8780| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8781| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8782| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8783| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8784| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8785| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8786| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8787| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8788| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8789| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8790| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8791| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8792| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8793| [90263] Apache Archiva Header denial of service
8794| [90262] Apache Archiva Deserialize privilege escalation
8795| [90261] Apache Archiva XML DTD Connection privilege escalation
8796| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8797| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8798| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8799| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8800| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8801| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8802| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8803| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8804| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8805| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8806| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8807| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8808| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8809| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8810| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8811| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8812| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8813| [87765] Apache James Server 2.3.2 Command privilege escalation
8814| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8815| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8816| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8817| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8818| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8819| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8820| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8821| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8822| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8823| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8824| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8825| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8826| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8827| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8828| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8829| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8830| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8831| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8832| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8833| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8834| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8835| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8836| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8837| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8838| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8839| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8840| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8841| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8842| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8843| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8844| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8845| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8846| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8847| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8848| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8849| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8850| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8851| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8852| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8853| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8854| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8855| [82076] Apache Ranger up to 0.5.1 privilege escalation
8856| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8857| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8858| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8859| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8860| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8861| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8862| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8863| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8864| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8865| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8866| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8867| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8868| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8869| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8870| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8871| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8872| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8873| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8874| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8875| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8876| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8877| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8878| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8879| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8880| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8881| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8882| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8883| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8884| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8885| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8886| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8887| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8888| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8889| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8890| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8891| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8892| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8893| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8894| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8895| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8896| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8897| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8898| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8899| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8900| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8901| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8902| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8903| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8904| [78989] Apache Ambari up to 2.1.1 Open Redirect
8905| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8906| [78987] Apache Ambari up to 2.0.x cross site scripting
8907| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8908| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8909| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8910| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8911| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8912| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8913| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8914| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8915| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8916| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8917| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8918| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8919| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8920| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8921| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8922| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8923| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8924| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8925| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8926| [76567] Apache Struts 2.3.20 unknown vulnerability
8927| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8928| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8929| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8930| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8931| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8932| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8933| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8934| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8935| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8936| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8937| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8938| [74793] Apache Tomcat File Upload denial of service
8939| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8940| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8941| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8942| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8943| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8944| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8945| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8946| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8947| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8948| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8949| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8950| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8951| [74468] Apache Batik up to 1.6 denial of service
8952| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8953| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8954| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8955| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8956| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8957| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8958| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8959| [73731] Apache XML Security unknown vulnerability
8960| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8961| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8962| [73593] Apache Traffic Server up to 5.1.0 denial of service
8963| [73511] Apache POI up to 3.10 Deadlock denial of service
8964| [73510] Apache Solr up to 4.3.0 cross site scripting
8965| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8966| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8967| [73173] Apache CloudStack Stack-Based unknown vulnerability
8968| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8969| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8970| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8971| [72890] Apache Qpid 0.30 unknown vulnerability
8972| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8973| [72878] Apache Cordova 3.5.0 cross site request forgery
8974| [72877] Apache Cordova 3.5.0 cross site request forgery
8975| [72876] Apache Cordova 3.5.0 cross site request forgery
8976| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8977| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8978| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8979| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8980| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8981| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8982| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8983| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8984| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8985| [71629] Apache Axis2/C spoofing
8986| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8987| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8988| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8989| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8990| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8991| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8992| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8993| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8994| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8995| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8996| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8997| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8998| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8999| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9000| [70809] Apache POI up to 3.11 Crash denial of service
9001| [70808] Apache POI up to 3.10 unknown vulnerability
9002| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9003| [70749] Apache Axis up to 1.4 getCN spoofing
9004| [70701] Apache Traffic Server up to 3.3.5 denial of service
9005| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9006| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9007| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9008| [70661] Apache Subversion up to 1.6.17 denial of service
9009| [70660] Apache Subversion up to 1.6.17 spoofing
9010| [70659] Apache Subversion up to 1.6.17 spoofing
9011| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9012| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9013| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9014| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9015| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9016| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9017| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9018| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9019| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9020| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9021| [69846] Apache HBase up to 0.94.8 information disclosure
9022| [69783] Apache CouchDB up to 1.2.0 memory corruption
9023| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9024| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9025| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9026| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9027| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9028| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9029| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9030| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9031| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9032| [69431] Apache Archiva up to 1.3.6 cross site scripting
9033| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9034| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9035| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9036| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9037| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9038| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9039| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9040| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9041| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9042| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9043| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9044| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9045| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9046| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9047| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9048| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9049| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9050| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9051| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9052| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9053| [66356] Apache Wicket up to 6.8.0 information disclosure
9054| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9055| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9056| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9057| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9058| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9059| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9060| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9061| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9062| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9063| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9064| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9065| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9066| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9067| [65668] Apache Solr 4.0.0 Updater denial of service
9068| [65665] Apache Solr up to 4.3.0 denial of service
9069| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9070| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9071| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9072| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9073| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9074| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9075| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9076| [65410] Apache Struts 2.3.15.3 cross site scripting
9077| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9078| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9079| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9080| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9081| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9082| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9083| [65340] Apache Shindig 2.5.0 information disclosure
9084| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9085| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9086| [10826] Apache Struts 2 File privilege escalation
9087| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9088| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9089| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9090| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9091| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9092| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9093| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9094| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9095| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9096| [64722] Apache XML Security for C++ Heap-based memory corruption
9097| [64719] Apache XML Security for C++ Heap-based memory corruption
9098| [64718] Apache XML Security for C++ verify denial of service
9099| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9100| [64716] Apache XML Security for C++ spoofing
9101| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9102| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9103| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9104| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9105| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9106| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9107| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9108| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9109| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9110| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9111| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9112| [64467] Apache Geronimo 3.0 memory corruption
9113| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9114| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9115| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9116| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9117| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9118| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9119| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9120| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9121| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9122| [8873] Apache Struts 2.3.14 privilege escalation
9123| [8872] Apache Struts 2.3.14 privilege escalation
9124| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9125| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9126| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9127| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9128| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9129| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9130| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9131| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9132| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9133| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9134| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9135| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9136| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9137| [8427] Apache Tomcat Session Transaction weak authentication
9138| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9139| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9140| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9141| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9142| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9143| [63747] Apache Rave up to 0.20 User Account information disclosure
9144| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9145| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9146| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9147| [7687] Apache CXF up to 2.7.2 Token weak authentication
9148| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9149| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9150| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9151| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9152| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9153| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9154| [63090] Apache Tomcat up to 4.1.24 denial of service
9155| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9156| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9157| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9158| [62833] Apache CXF -/2.6.0 spoofing
9159| [62832] Apache Axis2 up to 1.6.2 spoofing
9160| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9161| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9162| [62826] Apache Libcloud up to 0.11.0 spoofing
9163| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9164| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9165| [62661] Apache Axis2 unknown vulnerability
9166| [62658] Apache Axis2 unknown vulnerability
9167| [62467] Apache Qpid up to 0.17 denial of service
9168| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9169| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9170| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9171| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9172| [62035] Apache Struts up to 2.3.4 denial of service
9173| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9174| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9175| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9176| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9177| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9178| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9179| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9180| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9181| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9182| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9183| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9184| [61229] Apache Sling up to 2.1.1 denial of service
9185| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9186| [61094] Apache Roller up to 5.0 cross site scripting
9187| [61093] Apache Roller up to 5.0 cross site request forgery
9188| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9189| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9190| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9191| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9192| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9193| [60708] Apache Qpid 0.12 unknown vulnerability
9194| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9195| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9196| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9197| [4882] Apache Wicket up to 1.5.4 directory traversal
9198| [4881] Apache Wicket up to 1.4.19 cross site scripting
9199| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9200| [60352] Apache Struts up to 2.2.3 memory corruption
9201| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9202| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9203| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9204| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9205| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9206| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9207| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9208| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9209| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9210| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9211| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9212| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9213| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9214| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9215| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9216| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9217| [59888] Apache Tomcat up to 6.0.6 denial of service
9218| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9219| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9220| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9221| [59850] Apache Geronimo up to 2.2.1 denial of service
9222| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9223| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9224| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9225| [58413] Apache Tomcat up to 6.0.10 spoofing
9226| [58381] Apache Wicket up to 1.4.17 cross site scripting
9227| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9228| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9229| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9230| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9231| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9232| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9233| [57568] Apache Archiva up to 1.3.4 cross site scripting
9234| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9235| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9236| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9237| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9238| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9239| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9240| [57025] Apache Tomcat up to 7.0.11 information disclosure
9241| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9242| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9243| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9244| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9245| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9246| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9247| [56512] Apache Continuum up to 1.4.0 cross site scripting
9248| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9249| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9250| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9251| [56441] Apache Tomcat up to 7.0.6 denial of service
9252| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9253| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9254| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9255| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9256| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9257| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9258| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9259| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9260| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9261| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9262| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9263| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9264| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9265| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9266| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9267| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9268| [54012] Apache Tomcat up to 6.0.10 denial of service
9269| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9270| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9271| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9272| [52894] Apache Tomcat up to 6.0.7 information disclosure
9273| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9274| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9275| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9276| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9277| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9278| [52584] Apache CouchDB up to 0.10.1 information disclosure
9279| [51757] Apache HTTP Server 2.0.44 cross site scripting
9280| [51756] Apache HTTP Server 2.0.44 spoofing
9281| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9282| [51690] Apache Tomcat up to 6.0 directory traversal
9283| [51689] Apache Tomcat up to 6.0 information disclosure
9284| [51688] Apache Tomcat up to 6.0 directory traversal
9285| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9286| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9287| [50626] Apache Solr 1.0.0 cross site scripting
9288| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9289| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9290| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9291| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9292| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9293| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9294| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9295| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9296| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9297| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9298| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9299| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9300| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9301| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9302| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9303| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9304| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9305| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9306| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9307| [47214] Apachefriends xampp 1.6.8 spoofing
9308| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9309| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9310| [47065] Apache Tomcat 4.1.23 cross site scripting
9311| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9312| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9313| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9314| [86625] Apache Struts directory traversal
9315| [44461] Apache Tomcat up to 5.5.0 information disclosure
9316| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9317| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9318| [43663] Apache Tomcat up to 6.0.16 directory traversal
9319| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9320| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9321| [43516] Apache Tomcat up to 4.1.20 directory traversal
9322| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9323| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9324| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9325| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9326| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9327| [40924] Apache Tomcat up to 6.0.15 information disclosure
9328| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9329| [40922] Apache Tomcat up to 6.0 information disclosure
9330| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9331| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9332| [40656] Apache Tomcat 5.5.20 information disclosure
9333| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9334| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9335| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9336| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9337| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9338| [40234] Apache Tomcat up to 6.0.15 directory traversal
9339| [40221] Apache HTTP Server 2.2.6 information disclosure
9340| [40027] David Castro Apache Authcas 0.4 sql injection
9341| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9342| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9343| [3414] Apache Tomcat WebDAV Stored privilege escalation
9344| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9345| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9346| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9347| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9348| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9349| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9350| [38524] Apache Geronimo 2.0 unknown vulnerability
9351| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9352| [38331] Apache Tomcat 4.1.24 information disclosure
9353| [38330] Apache Tomcat 4.1.24 information disclosure
9354| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9355| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9356| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9357| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9358| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9359| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9360| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9361| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9362| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9363| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9364| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9365| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9366| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9367| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9368| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9369| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9370| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9371| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9372| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9373| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9374| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9375| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9376| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9377| [34252] Apache HTTP Server denial of service
9378| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9379| [33877] Apache Opentaps 0.9.3 cross site scripting
9380| [33876] Apache Open For Business Project unknown vulnerability
9381| [33875] Apache Open For Business Project cross site scripting
9382| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9383| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9384|
9385| MITRE CVE - https://cve.mitre.org:
9386| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9387| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9388| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9389| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9390| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9391| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9392| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9393| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9394| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9395| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9396| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9397| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9398| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9399| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9400| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9401| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9402| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9403| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9404| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9405| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9406| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9407| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9408| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9409| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9410| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9411| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9412| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9413| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9414| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9415| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9416| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9417| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9418| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9419| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9420| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9421| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9422| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9423| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9424| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9425| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9426| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9427| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9428| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9429| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9430| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9431| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9432| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9433| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9434| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9435| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9436| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9437| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9438| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9439| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9440| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9441| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9442| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9443| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9444| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9445| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9446| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9447| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9448| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9449| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9450| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9451| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9452| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9453| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9454| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9455| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9456| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9457| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9458| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9459| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9460| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9461| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9462| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9463| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9464| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9465| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9466| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9467| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9468| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9469| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9470| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9471| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9472| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9473| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9474| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9475| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9476| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9477| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9478| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9479| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9480| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9481| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9482| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9483| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9484| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9485| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9486| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9487| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9488| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9489| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9490| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9491| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9492| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9493| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9494| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9495| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9496| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9497| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9498| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9499| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9500| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9501| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9502| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9503| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9504| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9505| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9506| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9507| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9508| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9509| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9510| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9511| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9512| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9513| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9514| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9515| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9516| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9517| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9518| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9519| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9520| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9521| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9522| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9523| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9524| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9525| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9526| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9527| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9528| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9529| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9530| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9531| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9532| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9533| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9534| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9535| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9536| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9537| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9538| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9539| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9540| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9541| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9542| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9543| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9544| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9545| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9546| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9547| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9548| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9549| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9550| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9551| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9552| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9553| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9554| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9555| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9556| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9557| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9558| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9559| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9560| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9561| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9562| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9563| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9564| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9565| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9566| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9567| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9568| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9569| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9570| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9571| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9572| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9573| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9574| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9575| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9576| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9577| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9578| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9579| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9580| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9581| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9582| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9583| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9584| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9585| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9586| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9587| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9588| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9589| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9590| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9591| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9592| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9593| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9594| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9595| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9596| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9597| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9598| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9599| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9600| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9601| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9602| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9603| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9604| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9605| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9606| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9607| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9608| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9609| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9610| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9611| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9612| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9613| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9614| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9615| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9616| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9617| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9618| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9619| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9620| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9621| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9622| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9623| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9624| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9625| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9626| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9627| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9628| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9629| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9630| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9631| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9632| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9633| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9634| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9635| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9636| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9637| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9638| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9639| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9640| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9641| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9642| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9643| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9644| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9645| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9646| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9647| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9648| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9649| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9650| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9651| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9652| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9653| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9654| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9655| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9656| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9657| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9658| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9659| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9660| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9661| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9662| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9663| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9664| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9665| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9666| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9667| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9668| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9669| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9670| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9671| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9672| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9673| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9674| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9675| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9676| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9677| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9678| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9679| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9680| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9681| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9682| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9683| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9684| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9685| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9686| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9687| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9688| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9689| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9690| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9691| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9692| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9693| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9694| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9695| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9696| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9697| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9698| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9699| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9700| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9701| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9702| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9703| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9704| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9705| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9706| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9707| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9708| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9709| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9710| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9711| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9712| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9713| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9714| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9715| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9716| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9717| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9718| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9719| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9720| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9721| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9722| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9723| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9724| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9725| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9726| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9727| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9728| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9729| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9730| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9731| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9732| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9733| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9734| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9735| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9736| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9737| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9738| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9739| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9740| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9741| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9742| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9743| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9744| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9745| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9746| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9747| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9748| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9749| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9750| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9751| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9752| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9753| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9754| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9755| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9756| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9757| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9758| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9759| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9760| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9761| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9762| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9763| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9764| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9765| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9766| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9767| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9768| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9769| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9770| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9771| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9772| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9773| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9774| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9775| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9776| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9777| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9778| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9779| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9780| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9781| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9782| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9783| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9784| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9785| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9786| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9787| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9788| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9789| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9790| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9791| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9792| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9793| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9794| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9795| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9796| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9797| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9798| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9799| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9800| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9801| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9802| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9803| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9804| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9805| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9806| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9807| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9808| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9809| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9810| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9811| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9812| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9813| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9814| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9815| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9816| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9817| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9818| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9819| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9820| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9821| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9822| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9823| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9824| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9825| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9826| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9827| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9828| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9829| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9830| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9831| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9832| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9833| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9834| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9835| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9836| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9837| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9838| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9839| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9840| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9841| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9842| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9843| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9844| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9845| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9846| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9847| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9848| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9849| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9850| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9851| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9852| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9853| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9854| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9855| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9856| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9857| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9858| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9859| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9860| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9861| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9862| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9863| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9864| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9865| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9866| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9867| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9868| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9869| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9870| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9871| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9872| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9873| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9874| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9875| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9876| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9877| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9878| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9879| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9880| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9881| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9882| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9883| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9884| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9885| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9886| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9887| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9888| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9889| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9890| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9891| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9892| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9893| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9894| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9895| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9896| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9897| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9898| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9899| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9900| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9901| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9902| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9903| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9904| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9905| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9906| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9907| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9908| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9909| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9910| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9911| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9912| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9913| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9914| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9915| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9916| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9917| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9918| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9919| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9920| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9921| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9922| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9923| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9924| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9925| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9926| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9927| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9928| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9929| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9930| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9931| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9932| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9933| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9934| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9935| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9936| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9937| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9938| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9939| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9940| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9941| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9942| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9943| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9944| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9945| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9946| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9947| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9948| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9949| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9950| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9951| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9952| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9953| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9954| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9955| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9956| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9957| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9958| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9959| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9960| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9961| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9962| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9963| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9964| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9965| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9966| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9967| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9968| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9969| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9970| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9971| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9972| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9973| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9974| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9975| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9976| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9977| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9978| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9979| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9980| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9981| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9982| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9983| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9984| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9985| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9986| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9987| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9988| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9989| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9990| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9991| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9992| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9993| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9994| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9995|
9996| SecurityFocus - https://www.securityfocus.com/bid/:
9997| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9998| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9999| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10000| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10001| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10002| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10003| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10004| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10005| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10006| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10007| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10008| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10009| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10010| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10011| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10012| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10013| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10014| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10015| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10016| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10017| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10018| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10019| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10020| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10021| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10022| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10023| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10024| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10025| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10026| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10027| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10028| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10029| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10030| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10031| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10032| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10033| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10034| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10035| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10036| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10037| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10038| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10039| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10040| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10041| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10042| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10043| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10044| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10045| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10046| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10047| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10048| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10049| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10050| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10051| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10052| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10053| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10054| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10055| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10056| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10057| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10058| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10059| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10060| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10061| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10062| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10063| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10064| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10065| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10066| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10067| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10068| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10069| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10070| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10071| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10072| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10073| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10074| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10075| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10076| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10077| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10078| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10079| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10080| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10081| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10082| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10083| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10084| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10085| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10086| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10087| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10088| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10089| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10090| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10091| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10092| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10093| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10094| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10095| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10096| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10097| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10098| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10099| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10100| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10101| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10102| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10103| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10104| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10105| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10106| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10107| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10108| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10109| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10110| [100447] Apache2Triad Multiple Security Vulnerabilities
10111| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10112| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10113| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10114| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10115| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10116| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10117| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10118| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10119| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10120| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10121| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10122| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10123| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10124| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10125| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10126| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10127| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10128| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10129| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10130| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10131| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10132| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10133| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10134| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10135| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10136| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10137| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10138| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10139| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10140| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10141| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10142| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10143| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10144| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10145| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10146| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10147| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10148| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10149| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10150| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10151| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10152| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10153| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10154| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10155| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10156| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10157| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10158| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10159| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10160| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10161| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10162| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10163| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10164| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10165| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10166| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10167| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10168| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10169| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10170| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10171| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10172| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10173| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10174| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10175| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10176| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10177| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10178| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10179| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10180| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10181| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10182| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10183| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10184| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10185| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10186| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10187| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10188| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10189| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10190| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10191| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10192| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10193| [95675] Apache Struts Remote Code Execution Vulnerability
10194| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10195| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10196| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10197| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10198| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10199| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10200| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10201| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10202| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10203| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10204| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10205| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10206| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10207| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10208| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10209| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10210| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10211| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10212| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10213| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10214| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10215| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10216| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10217| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10218| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10219| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10220| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10221| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10222| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10223| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10224| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10225| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10226| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10227| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10228| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10229| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10230| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10231| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10232| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10233| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10234| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10235| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10236| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10237| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10238| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10239| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10240| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10241| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10242| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10243| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10244| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10245| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10246| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10247| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10248| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10249| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10250| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10251| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10252| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10253| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10254| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10255| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10256| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10257| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10258| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10259| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10260| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10261| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10262| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10263| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10264| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10265| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10266| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10267| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10268| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10269| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10270| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10271| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10272| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10273| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10274| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10275| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10276| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10277| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10278| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10279| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10280| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10281| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10282| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10283| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10284| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10285| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10286| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10287| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10288| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10289| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10290| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10291| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10292| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10293| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10294| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10295| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10296| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10297| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10298| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10299| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10300| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10301| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10302| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10303| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10304| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10305| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10306| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10307| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10308| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10309| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10310| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10311| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10312| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10313| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10314| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10315| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10316| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10317| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10318| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10319| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10320| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10321| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10322| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10323| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10324| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10325| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10326| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10327| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10328| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10329| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10330| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10331| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10332| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10333| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10334| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10335| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10336| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10337| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10338| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10339| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10340| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10341| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10342| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10343| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10344| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10345| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10346| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10347| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10348| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10349| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10350| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10351| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10352| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10353| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10354| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10355| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10356| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10357| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10358| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10359| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10360| [76933] Apache James Server Unspecified Command Execution Vulnerability
10361| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10362| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10363| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10364| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10365| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10366| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10367| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10368| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10369| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10370| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10371| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10372| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10373| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10374| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10375| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10376| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10377| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10378| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10379| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10380| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10381| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10382| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10383| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10384| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10385| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10386| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10387| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10388| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10389| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10390| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10391| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10392| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10393| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10394| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10395| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10396| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10397| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10398| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10399| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10400| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10401| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10402| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10403| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10404| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10405| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10406| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10407| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10408| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10409| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10410| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10411| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10412| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10413| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10414| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10415| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10416| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10417| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10418| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10419| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10420| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10421| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10422| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10423| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10424| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10425| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10426| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10427| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10428| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10429| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10430| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10431| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10432| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10433| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10434| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10435| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10436| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10437| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10438| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10439| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10440| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10441| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10442| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10443| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10444| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10445| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10446| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10447| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10448| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10449| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10450| [68229] Apache Harmony PRNG Entropy Weakness
10451| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10452| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10453| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10454| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10455| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10456| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10457| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10458| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10459| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10460| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10461| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10462| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10463| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10464| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10465| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10466| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10467| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10468| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10469| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10470| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10471| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10472| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10473| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10474| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10475| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10476| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10477| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10478| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10479| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10480| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10481| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10482| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10483| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10484| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10485| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10486| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10487| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10488| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10489| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10490| [64780] Apache CloudStack Unauthorized Access Vulnerability
10491| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10492| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10493| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10494| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10495| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10496| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10497| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10498| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10499| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10500| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10501| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10502| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10503| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10504| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10505| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10506| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10507| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10508| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10509| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10510| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10511| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10512| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10513| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10514| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10515| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10516| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10517| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10518| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10519| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10520| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10521| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10522| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10523| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10524| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10525| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10526| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10527| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10528| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10529| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10530| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10531| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10532| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10533| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10534| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10535| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10536| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10537| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10538| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10539| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10540| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10541| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10542| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10543| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10544| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10545| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10546| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10547| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10548| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10549| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10550| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10551| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10552| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10553| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10554| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10555| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10556| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10557| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10558| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10559| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10560| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10561| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10562| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10563| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10564| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10565| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10566| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10567| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10568| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10569| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10570| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10571| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10572| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10573| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10574| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10575| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10576| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10577| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10578| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10579| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10580| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10581| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10582| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10583| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10584| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10585| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10586| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10587| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10588| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10589| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10590| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10591| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10592| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10593| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10594| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10595| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10596| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10597| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10598| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10599| [54798] Apache Libcloud Man In The Middle Vulnerability
10600| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10601| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10602| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10603| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10604| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10605| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10606| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10607| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10608| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10609| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10610| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10611| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10612| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10613| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10614| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10615| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10616| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10617| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10618| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10619| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10620| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10621| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10622| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10623| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10624| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10625| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10626| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10627| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10628| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10629| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10630| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10631| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10632| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10633| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10634| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10635| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10636| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10637| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10638| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10639| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10640| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10641| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10642| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10643| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10644| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10645| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10646| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10647| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10648| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10649| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10650| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10651| [49290] Apache Wicket Cross Site Scripting Vulnerability
10652| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10653| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10654| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10655| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10656| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10657| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10658| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10659| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10660| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10661| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10662| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10663| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10664| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10665| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10666| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10667| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10668| [46953] Apache MPM-ITK Module Security Weakness
10669| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10670| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10671| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10672| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10673| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10674| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10675| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10676| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10677| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10678| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10679| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10680| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10681| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10682| [44616] Apache Shiro Directory Traversal Vulnerability
10683| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10684| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10685| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10686| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10687| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10688| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10689| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10690| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10691| [42492] Apache CXF XML DTD Processing Security Vulnerability
10692| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10693| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10694| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10695| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10696| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10697| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10698| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10699| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10700| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10701| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10702| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10703| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10704| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10705| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10706| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10707| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10708| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10709| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10710| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10711| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10712| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10713| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10714| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10715| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10716| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10717| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10718| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10719| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10720| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10721| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10722| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10723| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10724| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10725| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10726| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10727| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10728| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10729| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10730| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10731| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10732| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10733| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10734| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10735| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10736| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10737| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10738| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10739| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10740| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10741| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10742| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10743| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10744| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10745| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10746| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10747| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10748| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10749| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10750| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10751| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10752| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10753| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10754| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10755| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10756| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10757| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10758| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10759| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10760| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10761| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10762| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10763| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10764| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10765| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10766| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10767| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10768| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10769| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10770| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10771| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10772| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10773| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10774| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10775| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10776| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10777| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10778| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10779| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10780| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10781| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10782| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10783| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10784| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10785| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10786| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10787| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10788| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10789| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10790| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10791| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10792| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10793| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10794| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10795| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10796| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10797| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10798| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10799| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10800| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10801| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10802| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10803| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10804| [20527] Apache Mod_TCL Remote Format String Vulnerability
10805| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10806| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10807| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10808| [19106] Apache Tomcat Information Disclosure Vulnerability
10809| [18138] Apache James SMTP Denial Of Service Vulnerability
10810| [17342] Apache Struts Multiple Remote Vulnerabilities
10811| [17095] Apache Log4Net Denial Of Service Vulnerability
10812| [16916] Apache mod_python FileSession Code Execution Vulnerability
10813| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10814| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10815| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10816| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10817| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10818| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10819| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10820| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10821| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10822| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10823| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10824| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10825| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10826| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10827| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10828| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10829| [14106] Apache HTTP Request Smuggling Vulnerability
10830| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10831| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10832| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10833| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10834| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10835| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10836| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10837| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10838| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10839| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10840| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10841| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10842| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10843| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10844| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10845| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10846| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10847| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10848| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10849| [11094] Apache mod_ssl Denial Of Service Vulnerability
10850| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10851| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10852| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10853| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10854| [10478] ClueCentral Apache Suexec Patch Security Weakness
10855| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10856| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10857| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10858| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10859| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10860| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10861| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10862| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10863| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10864| [9733] Apache Cygwin Directory Traversal Vulnerability
10865| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10866| [9590] Apache-SSL Client Certificate Forging Vulnerability
10867| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10868| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10869| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10870| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10871| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10872| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10873| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10874| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10875| [8898] Red Hat Apache Directory Index Default Configuration Error
10876| [8883] Apache Cocoon Directory Traversal Vulnerability
10877| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10878| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10879| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10880| [8707] Apache htpasswd Password Entropy Weakness
10881| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10882| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10883| [8226] Apache HTTP Server Multiple Vulnerabilities
10884| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10885| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10886| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10887| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10888| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10889| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10890| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10891| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10892| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10893| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10894| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10895| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10896| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10897| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10898| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10899| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10900| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10901| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10902| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10903| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10904| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10905| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10906| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10907| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10908| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10909| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10910| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10911| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10912| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10913| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10914| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10915| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10916| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10917| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10918| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10919| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10920| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10921| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10922| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10923| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10924| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10925| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10926| [5485] Apache 2.0 Path Disclosure Vulnerability
10927| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10928| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10929| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10930| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10931| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10932| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10933| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10934| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10935| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10936| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10937| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10938| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10939| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10940| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10941| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10942| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10943| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10944| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10945| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10946| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10947| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10948| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10949| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10950| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10951| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10952| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10953| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10954| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10955| [3596] Apache Split-Logfile File Append Vulnerability
10956| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10957| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10958| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10959| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10960| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10961| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10962| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10963| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10964| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10965| [3169] Apache Server Address Disclosure Vulnerability
10966| [3009] Apache Possible Directory Index Disclosure Vulnerability
10967| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10968| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10969| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10970| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10971| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10972| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10973| [2216] Apache Web Server DoS Vulnerability
10974| [2182] Apache /tmp File Race Vulnerability
10975| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10976| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10977| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10978| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10979| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10980| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10981| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10982| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10983| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10984| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10985| [1457] Apache::ASP source.asp Example Script Vulnerability
10986| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10987| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10988|
10989| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10990| [86258] Apache CloudStack text fields cross-site scripting
10991| [85983] Apache Subversion mod_dav_svn module denial of service
10992| [85875] Apache OFBiz UEL code execution
10993| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10994| [85871] Apache HTTP Server mod_session_dbd unspecified
10995| [85756] Apache Struts OGNL expression command execution
10996| [85755] Apache Struts DefaultActionMapper class open redirect
10997| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10998| [85574] Apache HTTP Server mod_dav denial of service
10999| [85573] Apache Struts Showcase App OGNL code execution
11000| [85496] Apache CXF denial of service
11001| [85423] Apache Geronimo RMI classloader code execution
11002| [85326] Apache Santuario XML Security for C++ buffer overflow
11003| [85323] Apache Santuario XML Security for Java spoofing
11004| [85319] Apache Qpid Python client SSL spoofing
11005| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11006| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11007| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11008| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11009| [84952] Apache Tomcat CVE-2012-3544 denial of service
11010| [84763] Apache Struts CVE-2013-2135 security bypass
11011| [84762] Apache Struts CVE-2013-2134 security bypass
11012| [84719] Apache Subversion CVE-2013-2088 command execution
11013| [84718] Apache Subversion CVE-2013-2112 denial of service
11014| [84717] Apache Subversion CVE-2013-1968 denial of service
11015| [84577] Apache Tomcat security bypass
11016| [84576] Apache Tomcat symlink
11017| [84543] Apache Struts CVE-2013-2115 security bypass
11018| [84542] Apache Struts CVE-2013-1966 security bypass
11019| [84154] Apache Tomcat session hijacking
11020| [84144] Apache Tomcat denial of service
11021| [84143] Apache Tomcat information disclosure
11022| [84111] Apache HTTP Server command execution
11023| [84043] Apache Virtual Computing Lab cross-site scripting
11024| [84042] Apache Virtual Computing Lab cross-site scripting
11025| [83782] Apache CloudStack information disclosure
11026| [83781] Apache CloudStack security bypass
11027| [83720] Apache ActiveMQ cross-site scripting
11028| [83719] Apache ActiveMQ denial of service
11029| [83718] Apache ActiveMQ denial of service
11030| [83263] Apache Subversion denial of service
11031| [83262] Apache Subversion denial of service
11032| [83261] Apache Subversion denial of service
11033| [83259] Apache Subversion denial of service
11034| [83035] Apache mod_ruid2 security bypass
11035| [82852] Apache Qpid federation_tag security bypass
11036| [82851] Apache Qpid qpid::framing::Buffer denial of service
11037| [82758] Apache Rave User RPC API information disclosure
11038| [82663] Apache Subversion svn_fs_file_length() denial of service
11039| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11040| [82641] Apache Qpid AMQP denial of service
11041| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11042| [82618] Apache Commons FileUpload symlink
11043| [82360] Apache HTTP Server manager interface cross-site scripting
11044| [82359] Apache HTTP Server hostnames cross-site scripting
11045| [82338] Apache Tomcat log/logdir information disclosure
11046| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11047| [82268] Apache OpenJPA deserialization command execution
11048| [81981] Apache CXF UsernameTokens security bypass
11049| [81980] Apache CXF WS-Security security bypass
11050| [81398] Apache OFBiz cross-site scripting
11051| [81240] Apache CouchDB directory traversal
11052| [81226] Apache CouchDB JSONP code execution
11053| [81225] Apache CouchDB Futon user interface cross-site scripting
11054| [81211] Apache Axis2/C SSL spoofing
11055| [81167] Apache CloudStack DeployVM information disclosure
11056| [81166] Apache CloudStack AddHost API information disclosure
11057| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11058| [80518] Apache Tomcat cross-site request forgery security bypass
11059| [80517] Apache Tomcat FormAuthenticator security bypass
11060| [80516] Apache Tomcat NIO denial of service
11061| [80408] Apache Tomcat replay-countermeasure security bypass
11062| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11063| [80317] Apache Tomcat slowloris denial of service
11064| [79984] Apache Commons HttpClient SSL spoofing
11065| [79983] Apache CXF SSL spoofing
11066| [79830] Apache Axis2/Java SSL spoofing
11067| [79829] Apache Axis SSL spoofing
11068| [79809] Apache Tomcat DIGEST security bypass
11069| [79806] Apache Tomcat parseHeaders() denial of service
11070| [79540] Apache OFBiz unspecified
11071| [79487] Apache Axis2 SAML security bypass
11072| [79212] Apache Cloudstack code execution
11073| [78734] Apache CXF SOAP Action security bypass
11074| [78730] Apache Qpid broker denial of service
11075| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11076| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11077| [78562] Apache mod_pagespeed module security bypass
11078| [78454] Apache Axis2 security bypass
11079| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11080| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11081| [78321] Apache Wicket unspecified cross-site scripting
11082| [78183] Apache Struts parameters denial of service
11083| [78182] Apache Struts cross-site request forgery
11084| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11085| [77987] mod_rpaf module for Apache denial of service
11086| [77958] Apache Struts skill name code execution
11087| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11088| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11089| [77568] Apache Qpid broker security bypass
11090| [77421] Apache Libcloud spoofing
11091| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11092| [77046] Oracle Solaris Apache HTTP Server information disclosure
11093| [76837] Apache Hadoop information disclosure
11094| [76802] Apache Sling CopyFrom denial of service
11095| [76692] Apache Hadoop symlink
11096| [76535] Apache Roller console cross-site request forgery
11097| [76534] Apache Roller weblog cross-site scripting
11098| [76152] Apache CXF elements security bypass
11099| [76151] Apache CXF child policies security bypass
11100| [75983] MapServer for Windows Apache file include
11101| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11102| [75558] Apache POI denial of service
11103| [75545] PHP apache_request_headers() buffer overflow
11104| [75302] Apache Qpid SASL security bypass
11105| [75211] Debian GNU/Linux apache 2 cross-site scripting
11106| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11107| [74871] Apache OFBiz FlexibleStringExpander code execution
11108| [74870] Apache OFBiz multiple cross-site scripting
11109| [74750] Apache Hadoop unspecified spoofing
11110| [74319] Apache Struts XSLTResult.java file upload
11111| [74313] Apache Traffic Server header buffer overflow
11112| [74276] Apache Wicket directory traversal
11113| [74273] Apache Wicket unspecified cross-site scripting
11114| [74181] Apache HTTP Server mod_fcgid module denial of service
11115| [73690] Apache Struts OGNL code execution
11116| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11117| [73100] Apache MyFaces in directory traversal
11118| [73096] Apache APR hash denial of service
11119| [73052] Apache Struts name cross-site scripting
11120| [73030] Apache CXF UsernameToken security bypass
11121| [72888] Apache Struts lastName cross-site scripting
11122| [72758] Apache HTTP Server httpOnly information disclosure
11123| [72757] Apache HTTP Server MPM denial of service
11124| [72585] Apache Struts ParameterInterceptor security bypass
11125| [72438] Apache Tomcat Digest security bypass
11126| [72437] Apache Tomcat Digest security bypass
11127| [72436] Apache Tomcat DIGEST security bypass
11128| [72425] Apache Tomcat parameter denial of service
11129| [72422] Apache Tomcat request object information disclosure
11130| [72377] Apache HTTP Server scoreboard security bypass
11131| [72345] Apache HTTP Server HTTP request denial of service
11132| [72229] Apache Struts ExceptionDelegator command execution
11133| [72089] Apache Struts ParameterInterceptor directory traversal
11134| [72088] Apache Struts CookieInterceptor command execution
11135| [72047] Apache Geronimo hash denial of service
11136| [72016] Apache Tomcat hash denial of service
11137| [71711] Apache Struts OGNL expression code execution
11138| [71654] Apache Struts interfaces security bypass
11139| [71620] Apache ActiveMQ failover denial of service
11140| [71617] Apache HTTP Server mod_proxy module information disclosure
11141| [71508] Apache MyFaces EL security bypass
11142| [71445] Apache HTTP Server mod_proxy security bypass
11143| [71203] Apache Tomcat servlets privilege escalation
11144| [71181] Apache HTTP Server ap_pregsub() denial of service
11145| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11146| [70336] Apache HTTP Server mod_proxy information disclosure
11147| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11148| [69472] Apache Tomcat AJP security bypass
11149| [69396] Apache HTTP Server ByteRange filter denial of service
11150| [69394] Apache Wicket multi window support cross-site scripting
11151| [69176] Apache Tomcat XML information disclosure
11152| [69161] Apache Tomcat jsvc information disclosure
11153| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11154| [68541] Apache Tomcat sendfile information disclosure
11155| [68420] Apache XML Security denial of service
11156| [68238] Apache Tomcat JMX information disclosure
11157| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11158| [67804] Apache Subversion control rules information disclosure
11159| [67803] Apache Subversion control rules denial of service
11160| [67802] Apache Subversion baselined denial of service
11161| [67672] Apache Archiva multiple cross-site scripting
11162| [67671] Apache Archiva multiple cross-site request forgery
11163| [67564] Apache APR apr_fnmatch() denial of service
11164| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11165| [67515] Apache Tomcat annotations security bypass
11166| [67480] Apache Struts s:submit information disclosure
11167| [67414] Apache APR apr_fnmatch() denial of service
11168| [67356] Apache Struts javatemplates cross-site scripting
11169| [67354] Apache Struts Xwork cross-site scripting
11170| [66676] Apache Tomcat HTTP BIO information disclosure
11171| [66675] Apache Tomcat web.xml security bypass
11172| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11173| [66241] Apache HttpComponents information disclosure
11174| [66154] Apache Tomcat ServletSecurity security bypass
11175| [65971] Apache Tomcat ServletSecurity security bypass
11176| [65876] Apache Subversion mod_dav_svn denial of service
11177| [65343] Apache Continuum unspecified cross-site scripting
11178| [65162] Apache Tomcat NIO connector denial of service
11179| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11180| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11181| [65159] Apache Tomcat ServletContect security bypass
11182| [65050] Apache CouchDB web-based administration UI cross-site scripting
11183| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11184| [64473] Apache Subversion blame -g denial of service
11185| [64472] Apache Subversion walk() denial of service
11186| [64407] Apache Axis2 CVE-2010-0219 code execution
11187| [63926] Apache Archiva password privilege escalation
11188| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11189| [63493] Apache Archiva credentials cross-site request forgery
11190| [63477] Apache Tomcat HttpOnly session hijacking
11191| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11192| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11193| [62959] Apache Shiro filters security bypass
11194| [62790] Apache Perl cgi module denial of service
11195| [62576] Apache Qpid exchange denial of service
11196| [62575] Apache Qpid AMQP denial of service
11197| [62354] Apache Qpid SSL denial of service
11198| [62235] Apache APR-util apr_brigade_split_line() denial of service
11199| [62181] Apache XML-RPC SAX Parser information disclosure
11200| [61721] Apache Traffic Server cache poisoning
11201| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11202| [61186] Apache CouchDB Futon cross-site request forgery
11203| [61169] Apache CXF DTD denial of service
11204| [61070] Apache Jackrabbit search.jsp SQL injection
11205| [61006] Apache SLMS Quoting cross-site request forgery
11206| [60962] Apache Tomcat time cross-site scripting
11207| [60883] Apache mod_proxy_http information disclosure
11208| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11209| [60264] Apache Tomcat Transfer-Encoding denial of service
11210| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11211| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11212| [59413] Apache mod_proxy_http timeout information disclosure
11213| [59058] Apache MyFaces unencrypted view state cross-site scripting
11214| [58827] Apache Axis2 xsd file include
11215| [58790] Apache Axis2 modules cross-site scripting
11216| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11217| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11218| [58056] Apache ActiveMQ .jsp source code disclosure
11219| [58055] Apache Tomcat realm name information disclosure
11220| [58046] Apache HTTP Server mod_auth_shadow security bypass
11221| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11222| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11223| [57429] Apache CouchDB algorithms information disclosure
11224| [57398] Apache ActiveMQ Web console cross-site request forgery
11225| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11226| [56653] Apache HTTP Server DNS spoofing
11227| [56652] Apache HTTP Server DNS cross-site scripting
11228| [56625] Apache HTTP Server request header information disclosure
11229| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11230| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11231| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11232| [55857] Apache Tomcat WAR files directory traversal
11233| [55856] Apache Tomcat autoDeploy attribute security bypass
11234| [55855] Apache Tomcat WAR directory traversal
11235| [55210] Intuit component for Joomla! Apache information disclosure
11236| [54533] Apache Tomcat 404 error page cross-site scripting
11237| [54182] Apache Tomcat admin default password
11238| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11239| [53666] Apache HTTP Server Solaris pollset support denial of service
11240| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11241| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11242| [53041] mod_proxy_ftp module for Apache denial of service
11243| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11244| [51953] Apache Tomcat Path Disclosure
11245| [51952] Apache Tomcat Path Traversal
11246| [51951] Apache stronghold-status Information Disclosure
11247| [51950] Apache stronghold-info Information Disclosure
11248| [51949] Apache PHP Source Code Disclosure
11249| [51948] Apache Multiviews Attack
11250| [51946] Apache JServ Environment Status Information Disclosure
11251| [51945] Apache error_log Information Disclosure
11252| [51944] Apache Default Installation Page Pattern Found
11253| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11254| [51942] Apache AXIS XML External Entity File Retrieval
11255| [51941] Apache AXIS Sample Servlet Information Leak
11256| [51940] Apache access_log Information Disclosure
11257| [51626] Apache mod_deflate denial of service
11258| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11259| [51365] Apache Tomcat RequestDispatcher security bypass
11260| [51273] Apache HTTP Server Incomplete Request denial of service
11261| [51195] Apache Tomcat XML information disclosure
11262| [50994] Apache APR-util xml/apr_xml.c denial of service
11263| [50993] Apache APR-util apr_brigade_vprintf denial of service
11264| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11265| [50930] Apache Tomcat j_security_check information disclosure
11266| [50928] Apache Tomcat AJP denial of service
11267| [50884] Apache HTTP Server XML ENTITY denial of service
11268| [50808] Apache HTTP Server AllowOverride privilege escalation
11269| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11270| [50059] Apache mod_proxy_ajp information disclosure
11271| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11272| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11273| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11274| [49921] Apache ActiveMQ Web interface cross-site scripting
11275| [49898] Apache Geronimo Services/Repository directory traversal
11276| [49725] Apache Tomcat mod_jk module information disclosure
11277| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11278| [49712] Apache Struts unspecified cross-site scripting
11279| [49213] Apache Tomcat cal2.jsp cross-site scripting
11280| [48934] Apache Tomcat POST doRead method information disclosure
11281| [48211] Apache Tomcat header HTTP request smuggling
11282| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11283| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11284| [47709] Apache Roller "
11285| [47104] Novell Netware ApacheAdmin console security bypass
11286| [47086] Apache HTTP Server OS fingerprinting unspecified
11287| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11288| [45791] Apache Tomcat RemoteFilterValve security bypass
11289| [44435] Oracle WebLogic Apache Connector buffer overflow
11290| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11291| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11292| [44156] Apache Tomcat RequestDispatcher directory traversal
11293| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11294| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11295| [42987] Apache HTTP Server mod_proxy module denial of service
11296| [42915] Apache Tomcat JSP files path disclosure
11297| [42914] Apache Tomcat MS-DOS path disclosure
11298| [42892] Apache Tomcat unspecified unauthorized access
11299| [42816] Apache Tomcat Host Manager cross-site scripting
11300| [42303] Apache 403 error cross-site scripting
11301| [41618] Apache-SSL ExpandCert() authentication bypass
11302| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11303| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11304| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11305| [40562] Apache Geronimo init information disclosure
11306| [40478] Novell Web Manager webadmin-apache.conf security bypass
11307| [40411] Apache Tomcat exception handling information disclosure
11308| [40409] Apache Tomcat native (APR based) connector weak security
11309| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11310| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11311| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11312| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11313| [39804] Apache Tomcat SingleSignOn information disclosure
11314| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11315| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11316| [39608] Apache HTTP Server balancer manager cross-site request forgery
11317| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11318| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11319| [39472] Apache HTTP Server mod_status cross-site scripting
11320| [39201] Apache Tomcat JULI logging weak security
11321| [39158] Apache HTTP Server Windows SMB shares information disclosure
11322| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11323| [38951] Apache::AuthCAS Perl module cookie SQL injection
11324| [38800] Apache HTTP Server 413 error page cross-site scripting
11325| [38211] Apache Geronimo SQLLoginModule authentication bypass
11326| [37243] Apache Tomcat WebDAV directory traversal
11327| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11328| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11329| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11330| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11331| [36782] Apache Geronimo MEJB unauthorized access
11332| [36586] Apache HTTP Server UTF-7 cross-site scripting
11333| [36468] Apache Geronimo LoginModule security bypass
11334| [36467] Apache Tomcat functions.jsp cross-site scripting
11335| [36402] Apache Tomcat calendar cross-site request forgery
11336| [36354] Apache HTTP Server mod_proxy module denial of service
11337| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11338| [36336] Apache Derby lock table privilege escalation
11339| [36335] Apache Derby schema privilege escalation
11340| [36006] Apache Tomcat "
11341| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11342| [35999] Apache Tomcat \"
11343| [35795] Apache Tomcat CookieExample cross-site scripting
11344| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11345| [35384] Apache HTTP Server mod_cache module denial of service
11346| [35097] Apache HTTP Server mod_status module cross-site scripting
11347| [35095] Apache HTTP Server Prefork MPM module denial of service
11348| [34984] Apache HTTP Server recall_headers information disclosure
11349| [34966] Apache HTTP Server MPM content spoofing
11350| [34965] Apache HTTP Server MPM information disclosure
11351| [34963] Apache HTTP Server MPM multiple denial of service
11352| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11353| [34869] Apache Tomcat JSP example Web application cross-site scripting
11354| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11355| [34496] Apache Tomcat JK Connector security bypass
11356| [34377] Apache Tomcat hello.jsp cross-site scripting
11357| [34212] Apache Tomcat SSL configuration security bypass
11358| [34210] Apache Tomcat Accept-Language cross-site scripting
11359| [34209] Apache Tomcat calendar application cross-site scripting
11360| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11361| [34167] Apache Axis WSDL file path disclosure
11362| [34068] Apache Tomcat AJP connector information disclosure
11363| [33584] Apache HTTP Server suEXEC privilege escalation
11364| [32988] Apache Tomcat proxy module directory traversal
11365| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11366| [32708] Debian Apache tty privilege escalation
11367| [32441] ApacheStats extract() PHP call unspecified
11368| [32128] Apache Tomcat default account
11369| [31680] Apache Tomcat RequestParamExample cross-site scripting
11370| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11371| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11372| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11373| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11374| [29550] Apache mod_tcl set_var() format string
11375| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11376| [28357] Apache HTTP Server mod_alias script source information disclosure
11377| [28063] Apache mod_rewrite off-by-one buffer overflow
11378| [27902] Apache Tomcat URL information disclosure
11379| [26786] Apache James SMTP server denial of service
11380| [25680] libapache2 /tmp/svn file upload
11381| [25614] Apache Struts lookupMap cross-site scripting
11382| [25613] Apache Struts ActionForm denial of service
11383| [25612] Apache Struts isCancelled() security bypass
11384| [24965] Apache mod_python FileSession command execution
11385| [24716] Apache James spooler memory leak denial of service
11386| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11387| [24158] Apache Geronimo jsp-examples cross-site scripting
11388| [24030] Apache auth_ldap module multiple format strings
11389| [24008] Apache mod_ssl custom error message denial of service
11390| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11391| [23612] Apache mod_imap referer field cross-site scripting
11392| [23173] Apache Struts error message cross-site scripting
11393| [22942] Apache Tomcat directory listing denial of service
11394| [22858] Apache Multi-Processing Module code allows denial of service
11395| [22602] RHSA-2005:582 updates for Apache httpd not installed
11396| [22520] Apache mod-auth-shadow "
11397| [22466] ApacheTop symlink
11398| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11399| [22006] Apache HTTP Server byte-range filter denial of service
11400| [21567] Apache mod_ssl off-by-one buffer overflow
11401| [21195] Apache HTTP Server header HTTP request smuggling
11402| [20383] Apache HTTP Server htdigest buffer overflow
11403| [19681] Apache Tomcat AJP12 request denial of service
11404| [18993] Apache HTTP server check_forensic symlink attack
11405| [18790] Apache Tomcat Manager cross-site scripting
11406| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11407| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11408| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11409| [17961] Apache Web server ServerTokens has not been set
11410| [17930] Apache HTTP Server HTTP GET request denial of service
11411| [17785] Apache mod_include module buffer overflow
11412| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11413| [17473] Apache HTTP Server Satisfy directive allows access to resources
11414| [17413] Apache htpasswd buffer overflow
11415| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11416| [17382] Apache HTTP Server IPv6 apr_util denial of service
11417| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11418| [17273] Apache HTTP Server speculative mode denial of service
11419| [17200] Apache HTTP Server mod_ssl denial of service
11420| [16890] Apache HTTP Server server-info request has been detected
11421| [16889] Apache HTTP Server server-status request has been detected
11422| [16705] Apache mod_ssl format string attack
11423| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11424| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11425| [16230] Apache HTTP Server PHP denial of service
11426| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11427| [15958] Apache HTTP Server authentication modules memory corruption
11428| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11429| [15540] Apache HTTP Server socket starvation denial of service
11430| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11431| [15422] Apache HTTP Server mod_access information disclosure
11432| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11433| [15293] Apache for Cygwin "
11434| [15065] Apache-SSL has a default password
11435| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11436| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11437| [14751] Apache Mod_python output filter information disclosure
11438| [14125] Apache HTTP Server mod_userdir module information disclosure
11439| [14075] Apache HTTP Server mod_php file descriptor leak
11440| [13703] Apache HTTP Server account
11441| [13689] Apache HTTP Server configuration allows symlinks
11442| [13688] Apache HTTP Server configuration allows SSI
11443| [13687] Apache HTTP Server Server: header value
11444| [13685] Apache HTTP Server ServerTokens value
11445| [13684] Apache HTTP Server ServerSignature value
11446| [13672] Apache HTTP Server config allows directory autoindexing
11447| [13671] Apache HTTP Server default content
11448| [13670] Apache HTTP Server config file directive references outside content root
11449| [13668] Apache HTTP Server httpd not running in chroot environment
11450| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11451| [13664] Apache HTTP Server config file contains ScriptAlias entry
11452| [13663] Apache HTTP Server CGI support modules loaded
11453| [13661] Apache HTTP Server config file contains AddHandler entry
11454| [13660] Apache HTTP Server 500 error page not CGI script
11455| [13659] Apache HTTP Server 413 error page not CGI script
11456| [13658] Apache HTTP Server 403 error page not CGI script
11457| [13657] Apache HTTP Server 401 error page not CGI script
11458| [13552] Apache HTTP Server mod_cgid module information disclosure
11459| [13550] Apache GET request directory traversal
11460| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11461| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11462| [13429] Apache Tomcat non-HTTP request denial of service
11463| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11464| [13295] Apache weak password encryption
11465| [13254] Apache Tomcat .jsp cross-site scripting
11466| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11467| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11468| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11469| [12662] Apache HTTP Server rotatelogs denial of service
11470| [12554] Apache Tomcat stores password in plain text
11471| [12553] Apache HTTP Server redirects and subrequests denial of service
11472| [12552] Apache HTTP Server FTP proxy server denial of service
11473| [12551] Apache HTTP Server prefork MPM denial of service
11474| [12550] Apache HTTP Server weaker than expected encryption
11475| [12549] Apache HTTP Server type-map file denial of service
11476| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11477| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11478| [12091] Apache HTTP Server apr_password_validate denial of service
11479| [12090] Apache HTTP Server apr_psprintf code execution
11480| [11804] Apache HTTP Server mod_access_referer denial of service
11481| [11750] Apache HTTP Server could leak sensitive file descriptors
11482| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11483| [11703] Apache long slash path allows directory listing
11484| [11695] Apache HTTP Server LF (Line Feed) denial of service
11485| [11694] Apache HTTP Server filestat.c denial of service
11486| [11438] Apache HTTP Server MIME message boundaries information disclosure
11487| [11412] Apache HTTP Server error log terminal escape sequence injection
11488| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11489| [11195] Apache Tomcat web.xml could be used to read files
11490| [11194] Apache Tomcat URL appended with a null character could list directories
11491| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11492| [11126] Apache HTTP Server illegal character file disclosure
11493| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11494| [11124] Apache HTTP Server DOS device name denial of service
11495| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11496| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11497| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11498| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11499| [10499] Apache HTTP Server WebDAV HTTP POST view source
11500| [10457] Apache HTTP Server mod_ssl "
11501| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11502| [10414] Apache HTTP Server htdigest multiple buffer overflows
11503| [10413] Apache HTTP Server htdigest temporary file race condition
11504| [10412] Apache HTTP Server htpasswd temporary file race condition
11505| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11506| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11507| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11508| [10280] Apache HTTP Server shared memory scorecard overwrite
11509| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11510| [10241] Apache HTTP Server Host: header cross-site scripting
11511| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11512| [10208] Apache HTTP Server mod_dav denial of service
11513| [10206] HP VVOS Apache mod_ssl denial of service
11514| [10200] Apache HTTP Server stderr denial of service
11515| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11516| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11517| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11518| [10098] Slapper worm targets OpenSSL/Apache systems
11519| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11520| [9875] Apache HTTP Server .var file request could disclose installation path
11521| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11522| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11523| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11524| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11525| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11526| [9396] Apache Tomcat null character to threads denial of service
11527| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11528| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11529| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11530| [8932] Apache Tomcat example class information disclosure
11531| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11532| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11533| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11534| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11535| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11536| [8400] Apache HTTP Server mod_frontpage buffer overflows
11537| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11538| [8308] Apache "
11539| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11540| [8119] Apache and PHP OPTIONS request reveals "
11541| [8054] Apache is running on the system
11542| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11543| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11544| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11545| [7836] Apache HTTP Server log directory denial of service
11546| [7815] Apache for Windows "
11547| [7810] Apache HTTP request could result in unexpected behavior
11548| [7599] Apache Tomcat reveals installation path
11549| [7494] Apache "
11550| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11551| [7363] Apache Web Server hidden HTTP requests
11552| [7249] Apache mod_proxy denial of service
11553| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11554| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11555| [7059] Apache "
11556| [7057] Apache "
11557| [7056] Apache "
11558| [7055] Apache "
11559| [7054] Apache "
11560| [6997] Apache Jakarta Tomcat error message may reveal information
11561| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11562| [6970] Apache crafted HTTP request could reveal the internal IP address
11563| [6921] Apache long slash path allows directory listing
11564| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11565| [6527] Apache Web Server for Windows and OS2 denial of service
11566| [6316] Apache Jakarta Tomcat may reveal JSP source code
11567| [6305] Apache Jakarta Tomcat directory traversal
11568| [5926] Linux Apache symbolic link
11569| [5659] Apache Web server discloses files when used with php script
11570| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11571| [5204] Apache WebDAV directory listings
11572| [5197] Apache Web server reveals CGI script source code
11573| [5160] Apache Jakarta Tomcat default installation
11574| [5099] Trustix Secure Linux installs Apache with world writable access
11575| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11576| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11577| [4931] Apache source.asp example file allows users to write to files
11578| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11579| [4205] Apache Jakarta Tomcat delivers file contents
11580| [2084] Apache on Debian by default serves the /usr/doc directory
11581| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11582| [697] Apache HTTP server beck exploit
11583| [331] Apache cookies buffer overflow
11584|
11585| Exploit-DB - https://www.exploit-db.com:
11586| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11587| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11588| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11589| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11590| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11591| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11592| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11593| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11594| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11595| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11596| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11597| [29859] Apache Roller OGNL Injection
11598| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11599| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11600| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11601| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11602| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11603| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11604| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11605| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11606| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11607| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11608| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11609| [27096] Apache Geronimo 1.0 Error Page XSS
11610| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11611| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11612| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11613| [25986] Plesk Apache Zeroday Remote Exploit
11614| [25980] Apache Struts includeParams Remote Code Execution
11615| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11616| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11617| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11618| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11619| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11620| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11621| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11622| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11623| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11624| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11625| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11626| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11627| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11628| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11629| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11630| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11631| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11632| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11633| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11634| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11635| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11636| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11637| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11638| [21719] Apache 2.0 Path Disclosure Vulnerability
11639| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11640| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11641| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11642| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11643| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11644| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11645| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11646| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11647| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11648| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11649| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11650| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11651| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11652| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11653| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11654| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11655| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11656| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11657| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11658| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11659| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11660| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11661| [20558] Apache 1.2 Web Server DoS Vulnerability
11662| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11663| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11664| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11665| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11666| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11667| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11668| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11669| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11670| [19231] PHP apache_request_headers Function Buffer Overflow
11671| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11672| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11673| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11674| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11675| [18442] Apache httpOnly Cookie Disclosure
11676| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11677| [18221] Apache HTTP Server Denial of Service
11678| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11679| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11680| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11681| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11682| [16782] Apache Win32 Chunked Encoding
11683| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11684| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11685| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11686| [15319] Apache 2.2 (Windows) Local Denial of Service
11687| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11688| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11689| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11690| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11691| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11692| [12330] Apache OFBiz - Multiple XSS
11693| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11694| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11695| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11696| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11697| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11698| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11699| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11700| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11701| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11702| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11703| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11704| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11705| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11706| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11707| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11708| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11709| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11710| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11711| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11712| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11713| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11714| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11715| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11716| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11717| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11718| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11719| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11720| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11721| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11722| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11723| [466] htpasswd Apache 1.3.31 - Local Exploit
11724| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11725| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11726| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11727| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11728| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11729| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11730| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11731| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11732| [9] Apache HTTP Server 2.x Memory Leak Exploit
11733|
11734| OpenVAS (Nessus) - http://www.openvas.org:
11735| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11736| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11737| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11738| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11739| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11740| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11741| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11742| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11743| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11744| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11745| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11746| [900571] Apache APR-Utils Version Detection
11747| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11748| [900496] Apache Tiles Multiple XSS Vulnerability
11749| [900493] Apache Tiles Version Detection
11750| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11751| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11752| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11753| [870175] RedHat Update for apache RHSA-2008:0004-01
11754| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11755| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11756| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11757| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11758| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11759| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11760| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11761| [855821] Solaris Update for Apache 1.3 122912-19
11762| [855812] Solaris Update for Apache 1.3 122911-19
11763| [855737] Solaris Update for Apache 1.3 122911-17
11764| [855731] Solaris Update for Apache 1.3 122912-17
11765| [855695] Solaris Update for Apache 1.3 122911-16
11766| [855645] Solaris Update for Apache 1.3 122912-16
11767| [855587] Solaris Update for kernel update and Apache 108529-29
11768| [855566] Solaris Update for Apache 116973-07
11769| [855531] Solaris Update for Apache 116974-07
11770| [855524] Solaris Update for Apache 2 120544-14
11771| [855494] Solaris Update for Apache 1.3 122911-15
11772| [855478] Solaris Update for Apache Security 114145-11
11773| [855472] Solaris Update for Apache Security 113146-12
11774| [855179] Solaris Update for Apache 1.3 122912-15
11775| [855147] Solaris Update for kernel update and Apache 108528-29
11776| [855077] Solaris Update for Apache 2 120543-14
11777| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11778| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11779| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11780| [841209] Ubuntu Update for apache2 USN-1627-1
11781| [840900] Ubuntu Update for apache2 USN-1368-1
11782| [840798] Ubuntu Update for apache2 USN-1259-1
11783| [840734] Ubuntu Update for apache2 USN-1199-1
11784| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11785| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11786| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11787| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11788| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11789| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11790| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11791| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11792| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11793| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11794| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11795| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11796| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11797| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11798| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11799| [835188] HP-UX Update for Apache HPSBUX02308
11800| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11801| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11802| [835172] HP-UX Update for Apache HPSBUX02365
11803| [835168] HP-UX Update for Apache HPSBUX02313
11804| [835148] HP-UX Update for Apache HPSBUX01064
11805| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11806| [835131] HP-UX Update for Apache HPSBUX00256
11807| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11808| [835104] HP-UX Update for Apache HPSBUX00224
11809| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11810| [835101] HP-UX Update for Apache HPSBUX01232
11811| [835080] HP-UX Update for Apache HPSBUX02273
11812| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11813| [835044] HP-UX Update for Apache HPSBUX01019
11814| [835040] HP-UX Update for Apache PHP HPSBUX00207
11815| [835025] HP-UX Update for Apache HPSBUX00197
11816| [835023] HP-UX Update for Apache HPSBUX01022
11817| [835022] HP-UX Update for Apache HPSBUX02292
11818| [835005] HP-UX Update for Apache HPSBUX02262
11819| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11820| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11821| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11822| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11823| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11824| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11825| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11826| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11827| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11828| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11829| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11830| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11831| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11832| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11833| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11834| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11835| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11836| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11837| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11838| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11839| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11840| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11841| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11842| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11843| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11844| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11845| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11846| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11847| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11848| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11849| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11850| [801942] Apache Archiva Multiple Vulnerabilities
11851| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11852| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11853| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11854| [801284] Apache Derby Information Disclosure Vulnerability
11855| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11856| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11857| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11858| [800680] Apache APR Version Detection
11859| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11860| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11861| [800677] Apache Roller Version Detection
11862| [800279] Apache mod_jk Module Version Detection
11863| [800278] Apache Struts Cross Site Scripting Vulnerability
11864| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11865| [800276] Apache Struts Version Detection
11866| [800271] Apache Struts Directory Traversal Vulnerability
11867| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11868| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11869| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11870| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11871| [103074] Apache Continuum Cross Site Scripting Vulnerability
11872| [103073] Apache Continuum Detection
11873| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11874| [101023] Apache Open For Business Weak Password security check
11875| [101020] Apache Open For Business HTML injection vulnerability
11876| [101019] Apache Open For Business service detection
11877| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11878| [100923] Apache Archiva Detection
11879| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11880| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11881| [100813] Apache Axis2 Detection
11882| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11883| [100795] Apache Derby Detection
11884| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11885| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11886| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11887| [100514] Apache Multiple Security Vulnerabilities
11888| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11889| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11890| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11891| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11892| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11893| [72612] FreeBSD Ports: apache22
11894| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11895| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11896| [71512] FreeBSD Ports: apache
11897| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11898| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11899| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11900| [70737] FreeBSD Ports: apache
11901| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11902| [70600] FreeBSD Ports: apache
11903| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11904| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11905| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11906| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11907| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11908| [67868] FreeBSD Ports: apache
11909| [66816] FreeBSD Ports: apache
11910| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11911| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11912| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11913| [66081] SLES11: Security update for Apache 2
11914| [66074] SLES10: Security update for Apache 2
11915| [66070] SLES9: Security update for Apache 2
11916| [65998] SLES10: Security update for apache2-mod_python
11917| [65893] SLES10: Security update for Apache 2
11918| [65888] SLES10: Security update for Apache 2
11919| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11920| [65510] SLES9: Security update for Apache 2
11921| [65472] SLES9: Security update for Apache
11922| [65467] SLES9: Security update for Apache
11923| [65450] SLES9: Security update for apache2
11924| [65390] SLES9: Security update for Apache2
11925| [65363] SLES9: Security update for Apache2
11926| [65309] SLES9: Security update for Apache and mod_ssl
11927| [65296] SLES9: Security update for webdav apache module
11928| [65283] SLES9: Security update for Apache2
11929| [65249] SLES9: Security update for Apache 2
11930| [65230] SLES9: Security update for Apache 2
11931| [65228] SLES9: Security update for Apache 2
11932| [65212] SLES9: Security update for apache2-mod_python
11933| [65209] SLES9: Security update for apache2-worker
11934| [65207] SLES9: Security update for Apache 2
11935| [65168] SLES9: Security update for apache2-mod_python
11936| [65142] SLES9: Security update for Apache2
11937| [65136] SLES9: Security update for Apache 2
11938| [65132] SLES9: Security update for apache
11939| [65131] SLES9: Security update for Apache 2 oes/CORE
11940| [65113] SLES9: Security update for apache2
11941| [65072] SLES9: Security update for apache and mod_ssl
11942| [65017] SLES9: Security update for Apache 2
11943| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11944| [64783] FreeBSD Ports: apache
11945| [64774] Ubuntu USN-802-2 (apache2)
11946| [64653] Ubuntu USN-813-2 (apache2)
11947| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11948| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11949| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11950| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11951| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11952| [64443] Ubuntu USN-802-1 (apache2)
11953| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11954| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11955| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11956| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11957| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11958| [64201] Ubuntu USN-787-1 (apache2)
11959| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11960| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11961| [63565] FreeBSD Ports: apache
11962| [63562] Ubuntu USN-731-1 (apache2)
11963| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11964| [61185] FreeBSD Ports: apache
11965| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11966| [60387] Slackware Advisory SSA:2008-045-02 apache
11967| [58826] FreeBSD Ports: apache-tomcat
11968| [58825] FreeBSD Ports: apache-tomcat
11969| [58804] FreeBSD Ports: apache
11970| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11971| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11972| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11973| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11974| [57335] Debian Security Advisory DSA 1167-1 (apache)
11975| [57201] Debian Security Advisory DSA 1131-1 (apache)
11976| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11977| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11978| [57145] FreeBSD Ports: apache
11979| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11980| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11981| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11982| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11983| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11984| [56067] FreeBSD Ports: apache
11985| [55803] Slackware Advisory SSA:2005-310-04 apache
11986| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11987| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11988| [55355] FreeBSD Ports: apache
11989| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11990| [55261] Debian Security Advisory DSA 805-1 (apache2)
11991| [55259] Debian Security Advisory DSA 803-1 (apache)
11992| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11993| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11994| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11995| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11996| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11997| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11998| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11999| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12000| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12001| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12002| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12003| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12004| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12005| [54439] FreeBSD Ports: apache
12006| [53931] Slackware Advisory SSA:2004-133-01 apache
12007| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12008| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12009| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12010| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12011| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12012| [53848] Debian Security Advisory DSA 131-1 (apache)
12013| [53784] Debian Security Advisory DSA 021-1 (apache)
12014| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12015| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12016| [53735] Debian Security Advisory DSA 187-1 (apache)
12017| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12018| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12019| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12020| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12021| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12022| [53282] Debian Security Advisory DSA 594-1 (apache)
12023| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12024| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12025| [53215] Debian Security Advisory DSA 525-1 (apache)
12026| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12027| [52529] FreeBSD Ports: apache+ssl
12028| [52501] FreeBSD Ports: apache
12029| [52461] FreeBSD Ports: apache
12030| [52390] FreeBSD Ports: apache
12031| [52389] FreeBSD Ports: apache
12032| [52388] FreeBSD Ports: apache
12033| [52383] FreeBSD Ports: apache
12034| [52339] FreeBSD Ports: apache+mod_ssl
12035| [52331] FreeBSD Ports: apache
12036| [52329] FreeBSD Ports: ru-apache+mod_ssl
12037| [52314] FreeBSD Ports: apache
12038| [52310] FreeBSD Ports: apache
12039| [15588] Detect Apache HTTPS
12040| [15555] Apache mod_proxy content-length buffer overflow
12041| [15554] Apache mod_include priviledge escalation
12042| [14771] Apache <= 1.3.33 htpasswd local overflow
12043| [14177] Apache mod_access rule bypass
12044| [13644] Apache mod_rootme Backdoor
12045| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12046| [12280] Apache Connection Blocking Denial of Service
12047| [12239] Apache Error Log Escape Sequence Injection
12048| [12123] Apache Tomcat source.jsp malformed request information disclosure
12049| [12085] Apache Tomcat servlet/JSP container default files
12050| [11438] Apache Tomcat Directory Listing and File disclosure
12051| [11204] Apache Tomcat Default Accounts
12052| [11092] Apache 2.0.39 Win32 directory traversal
12053| [11046] Apache Tomcat TroubleShooter Servlet Installed
12054| [11042] Apache Tomcat DOS Device Name XSS
12055| [11041] Apache Tomcat /servlet Cross Site Scripting
12056| [10938] Apache Remote Command Execution via .bat files
12057| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12058| [10773] MacOS X Finder reveals contents of Apache Web files
12059| [10766] Apache UserDir Sensitive Information Disclosure
12060| [10756] MacOS X Finder reveals contents of Apache Web directories
12061| [10752] Apache Auth Module SQL Insertion Attack
12062| [10704] Apache Directory Listing
12063| [10678] Apache /server-info accessible
12064| [10677] Apache /server-status accessible
12065| [10440] Check for Apache Multiple / vulnerability
12066|
12067| SecurityTracker - https://www.securitytracker.com:
12068| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12069| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12070| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12071| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12072| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12073| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12074| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12075| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12076| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12077| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12078| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12079| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12080| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12081| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12082| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12083| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12084| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12085| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12086| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12087| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12088| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12089| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12090| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12091| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12092| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12093| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12094| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12095| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12096| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12097| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12098| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12099| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12100| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12101| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12102| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12103| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12104| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12105| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12106| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12107| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12108| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12109| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12110| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12111| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12112| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12113| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12114| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12115| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12116| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12117| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12118| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12119| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12120| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12121| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12122| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12123| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12124| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12125| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12126| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12127| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12128| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12129| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12130| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12131| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12132| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12133| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12134| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12135| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12136| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12137| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12138| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12139| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12140| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12141| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12142| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12143| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12144| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12145| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12146| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12147| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12148| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12149| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12150| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12151| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12152| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12153| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12154| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12155| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12156| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12157| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12158| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12159| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12160| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12161| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12162| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12163| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12164| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12165| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12166| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12167| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12168| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12169| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12170| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12171| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12172| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12173| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12174| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12175| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12176| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12177| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12178| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12179| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12180| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12181| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12182| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12183| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12184| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12185| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12186| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12187| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12188| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12189| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12190| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12191| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12192| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12193| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12194| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12195| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12196| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12197| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12198| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12199| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12200| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12201| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12202| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12203| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12204| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12205| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12206| [1008920] Apache mod_digest May Validate Replayed Client Responses
12207| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12208| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12209| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12210| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12211| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12212| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12213| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12214| [1008029] Apache mod_alias Contains a Buffer Overflow
12215| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12216| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12217| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12218| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12219| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12220| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12221| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12222| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12223| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12224| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12225| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12226| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12227| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12228| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12229| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12230| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12231| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12232| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12233| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12234| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12235| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12236| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12237| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12238| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12239| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12240| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12241| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12242| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12243| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12244| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12245| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12246| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12247| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12248| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12249| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12250| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12251| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12252| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12253| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12254| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12255| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12256| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12257| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12258| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12259| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12260| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12261| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12262| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12263| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12264| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12265| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12266| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12267| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12268| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12269| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12270| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12271|
12272| OSVDB - http://www.osvdb.org:
12273| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12274| [96077] Apache CloudStack Global Settings Multiple Field XSS
12275| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12276| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12277| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12278| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12279| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12280| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12281| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12282| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12283| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12284| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12285| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12286| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12287| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12288| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12289| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12290| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12291| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12292| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12293| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12294| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12295| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12296| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12297| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12298| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12299| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12300| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12301| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12302| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12303| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12304| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12305| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12306| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12307| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12308| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12309| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12310| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12311| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12312| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12313| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12314| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12315| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12316| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12317| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12318| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12319| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12320| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12321| [94279] Apache Qpid CA Certificate Validation Bypass
12322| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12323| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12324| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12325| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12326| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12327| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12328| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12329| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12330| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12331| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12332| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12333| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12334| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12335| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12336| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12337| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12338| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12339| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12340| [93541] Apache Solr json.wrf Callback XSS
12341| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12342| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12343| [93520] Apache CloudStack Default SSL Key Weakness
12344| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12345| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12346| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12347| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12348| [93515] Apache HBase table.jsp name Parameter XSS
12349| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12350| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12351| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12352| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12353| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12354| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12355| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12356| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12357| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12358| [93252] Apache Tomcat FORM Authenticator Session Fixation
12359| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12360| [93171] Apache Sling HtmlResponse Error Message XSS
12361| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12362| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12363| [93168] Apache Click ErrorReport.java id Parameter XSS
12364| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12365| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12366| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12367| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12368| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12369| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12370| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12371| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12372| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12373| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12374| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12375| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12376| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12377| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12378| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12379| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12380| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12381| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12382| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12383| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12384| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12385| [93144] Apache Solr Admin Command Execution CSRF
12386| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12387| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12388| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12389| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12390| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12391| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12392| [92748] Apache CloudStack VM Console Access Restriction Bypass
12393| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12394| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12395| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12396| [92706] Apache ActiveMQ Debug Log Rendering XSS
12397| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12398| [92270] Apache Tomcat Unspecified CSRF
12399| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12400| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12401| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12402| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12403| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12404| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12405| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12406| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12407| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12408| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12409| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12410| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12411| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12412| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12413| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12414| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12415| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12416| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12417| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12418| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12419| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12420| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12421| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12422| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12423| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12424| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12425| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12426| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12427| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12428| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12429| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12430| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12431| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12432| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12433| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12434| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12435| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12436| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12437| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12438| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12439| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12440| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12441| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12442| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12443| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12444| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12445| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12446| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12447| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12448| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12449| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12450| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12451| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12452| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12453| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12454| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12455| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12456| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12457| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12458| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12459| [86901] Apache Tomcat Error Message Path Disclosure
12460| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12461| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12462| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12463| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12464| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12465| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12466| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12467| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12468| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12469| [85430] Apache mod_pagespeed Module Unspecified XSS
12470| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12471| [85249] Apache Wicket Unspecified XSS
12472| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12473| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12474| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12475| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12476| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12477| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12478| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12479| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12480| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12481| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12482| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12483| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12484| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12485| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12486| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12487| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12488| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12489| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12490| [83339] Apache Roller Blogger Roll Unspecified XSS
12491| [83270] Apache Roller Unspecified Admin Action CSRF
12492| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12493| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12494| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12495| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12496| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12497| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12498| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12499| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12500| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12501| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12502| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12503| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12504| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12505| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12506| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12507| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12508| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12509| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12510| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12511| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12512| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12513| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12514| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12515| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12516| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12517| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12518| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12519| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12520| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12521| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12522| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12523| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12524| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12525| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12526| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12527| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12528| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12529| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12530| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12531| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12532| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12533| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12534| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12535| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12536| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12537| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12538| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12539| [77593] Apache Struts Conversion Error OGNL Expression Injection
12540| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12541| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12542| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12543| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12544| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12545| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12546| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12547| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12548| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12549| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12550| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12551| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12552| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12553| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12554| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12555| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12556| [74725] Apache Wicket Multi Window Support Unspecified XSS
12557| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12558| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12559| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12560| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12561| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12562| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12563| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12564| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12565| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12566| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12567| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12568| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12569| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12570| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12571| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12572| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12573| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12574| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12575| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12576| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12577| [73154] Apache Archiva Multiple Unspecified CSRF
12578| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12579| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12580| [72238] Apache Struts Action / Method Names <
12581| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12582| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12583| [71557] Apache Tomcat HTML Manager Multiple XSS
12584| [71075] Apache Archiva User Management Page XSS
12585| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12586| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12587| [70924] Apache Continuum Multiple Admin Function CSRF
12588| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12589| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12590| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12591| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12592| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12593| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12594| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12595| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12596| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12597| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12598| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12599| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12600| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12601| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12602| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12603| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12604| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12605| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12606| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12607| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12608| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12609| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12610| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12611| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12612| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12613| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12614| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12615| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12616| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12617| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12618| [65054] Apache ActiveMQ Jetty Error Handler XSS
12619| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12620| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12621| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12622| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12623| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12624| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12625| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12626| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12627| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12628| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12629| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12630| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12631| [63895] Apache HTTP Server mod_headers Unspecified Issue
12632| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12633| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12634| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12635| [63140] Apache Thrift Service Malformed Data Remote DoS
12636| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12637| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12638| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12639| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12640| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12641| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12642| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12643| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12644| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12645| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12646| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12647| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12648| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12649| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12650| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12651| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12652| [60678] Apache Roller Comment Email Notification Manipulation DoS
12653| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12654| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12655| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12656| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12657| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12658| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12659| [60232] PHP on Apache php.exe Direct Request Remote DoS
12660| [60176] Apache Tomcat Windows Installer Admin Default Password
12661| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12662| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12663| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12664| [59944] Apache Hadoop jobhistory.jsp XSS
12665| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12666| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12667| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12668| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12669| [59019] Apache mod_python Cookie Salting Weakness
12670| [59018] Apache Harmony Error Message Handling Overflow
12671| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12672| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12673| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12674| [59010] Apache Solr get-file.jsp XSS
12675| [59009] Apache Solr action.jsp XSS
12676| [59008] Apache Solr analysis.jsp XSS
12677| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12678| [59006] Apache Beehive select / checkbox Tag XSS
12679| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12680| [59004] Apache Beehive Error Message XSS
12681| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12682| [59002] Apache Jetspeed default-page.psml URI XSS
12683| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12684| [59000] Apache CXF Unsigned Message Policy Bypass
12685| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12686| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12687| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12688| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12689| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12690| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12691| [58993] Apache Hadoop browseBlock.jsp XSS
12692| [58991] Apache Hadoop browseDirectory.jsp XSS
12693| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12694| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12695| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12696| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12697| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12698| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12699| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12700| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12701| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12702| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12703| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12704| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12705| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12706| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12707| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12708| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12709| [58974] Apache Sling /apps Script User Session Management Access Weakness
12710| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12711| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12712| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12713| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12714| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12715| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12716| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12717| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12718| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12719| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12720| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12721| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12722| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12723| [58805] Apache Derby Unauthenticated Database / Admin Access
12724| [58804] Apache Wicket Header Contribution Unspecified Issue
12725| [58803] Apache Wicket Session Fixation
12726| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12727| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12728| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12729| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12730| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12731| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12732| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12733| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12734| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12735| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12736| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12737| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12738| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12739| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12740| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12741| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12742| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12743| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12744| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12745| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12746| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12747| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12748| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12749| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12750| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12751| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12752| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12753| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12754| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12755| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12756| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12757| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12758| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12759| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12760| [58755] Apache Harmony DRLVM Non-public Class Member Access
12761| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12762| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12763| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12764| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12765| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12766| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12767| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12768| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12769| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12770| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12771| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12772| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12773| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12774| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12775| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12776| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12777| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12778| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12779| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12780| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12781| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12782| [58724] Apache Roller Logout Functionality Failure Session Persistence
12783| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12784| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12785| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12786| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12787| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12788| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12789| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12790| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12791| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12792| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12793| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12794| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12795| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12796| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12797| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12798| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12799| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12800| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12801| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12802| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12803| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12804| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12805| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12806| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12807| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12808| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12809| [58687] Apache Axis Invalid wsdl Request XSS
12810| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12811| [58685] Apache Velocity Template Designer Privileged Code Execution
12812| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12813| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12814| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12815| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12816| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12817| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12818| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12819| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12820| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12821| [58667] Apache Roller Database Cleartext Passwords Disclosure
12822| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12823| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12824| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12825| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12826| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12827| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12828| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12829| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12830| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12831| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12832| [56984] Apache Xerces2 Java Malformed XML Input DoS
12833| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12834| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12835| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12836| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12837| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12838| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12839| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12840| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12841| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12842| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12843| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12844| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12845| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12846| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12847| [55056] Apache Tomcat Cross-application TLD File Manipulation
12848| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12849| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12850| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12851| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12852| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12853| [54589] Apache Jserv Nonexistent JSP Request XSS
12854| [54122] Apache Struts s:a / s:url Tag href Element XSS
12855| [54093] Apache ActiveMQ Web Console JMS Message XSS
12856| [53932] Apache Geronimo Multiple Admin Function CSRF
12857| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12858| [53930] Apache Geronimo /console/portal/ URI XSS
12859| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12860| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12861| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12862| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12863| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12864| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12865| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12866| [53380] Apache Struts Unspecified XSS
12867| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12868| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12869| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12870| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12871| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12872| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12873| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12874| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12875| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12876| [51151] Apache Roller Search Function q Parameter XSS
12877| [50482] PHP with Apache php_value Order Unspecified Issue
12878| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12879| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12880| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12881| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12882| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12883| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12884| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12885| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12886| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12887| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12888| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12889| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12890| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12891| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12892| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12893| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12894| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12895| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12896| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12897| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12898| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12899| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12900| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12901| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12902| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12903| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12904| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12905| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12906| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12907| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12908| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12909| [43452] Apache Tomcat HTTP Request Smuggling
12910| [43309] Apache Geronimo LoginModule Login Method Bypass
12911| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12912| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12913| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12914| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12915| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12916| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12917| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12918| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12919| [42091] Apache Maven Site Plugin Installation Permission Weakness
12920| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12921| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12922| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12923| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12924| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12925| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12926| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12927| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12928| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12929| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12930| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12931| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12932| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12933| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12934| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12935| [40262] Apache HTTP Server mod_status refresh XSS
12936| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12937| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12938| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12939| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12940| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12941| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12942| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12943| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12944| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12945| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12946| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12947| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12948| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12949| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12950| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12951| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12952| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12953| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12954| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12955| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12956| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12957| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12958| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12959| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12960| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12961| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12962| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12963| [36079] Apache Tomcat Manager Uploaded Filename XSS
12964| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12965| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12966| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12967| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12968| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12969| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12970| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12971| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12972| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12973| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12974| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12975| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12976| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12977| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12978| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12979| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12980| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12981| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12982| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12983| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12984| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12985| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12986| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12987| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12988| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12989| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12990| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12991| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12992| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12993| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12994| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12995| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12996| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12997| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12998| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12999| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13000| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13001| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13002| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13003| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13004| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13005| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13006| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13007| [24365] Apache Struts Multiple Function Error Message XSS
13008| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13009| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13010| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13011| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13012| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13013| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13014| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13015| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13016| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13017| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13018| [22459] Apache Geronimo Error Page XSS
13019| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13020| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13021| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13022| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13023| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13024| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13025| [21021] Apache Struts Error Message XSS
13026| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13027| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13028| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13029| [20439] Apache Tomcat Directory Listing Saturation DoS
13030| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13031| [20285] Apache HTTP Server Log File Control Character Injection
13032| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13033| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13034| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13035| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13036| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13037| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13038| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13039| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13040| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13041| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13042| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13043| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13044| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13045| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13046| [18233] Apache HTTP Server htdigest user Variable Overfow
13047| [17738] Apache HTTP Server HTTP Request Smuggling
13048| [16586] Apache HTTP Server Win32 GET Overflow DoS
13049| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13050| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13051| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13052| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13053| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13054| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13055| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13056| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13057| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13058| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13059| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13060| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13061| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13062| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13063| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13064| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13065| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13066| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13067| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13068| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13069| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13070| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13071| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13072| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13073| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13074| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13075| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13076| [13304] Apache Tomcat realPath.jsp Path Disclosure
13077| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13078| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13079| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13080| [12848] Apache HTTP Server htdigest realm Variable Overflow
13081| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13082| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13083| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13084| [12557] Apache HTTP Server prefork MPM accept Error DoS
13085| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13086| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13087| [12231] Apache Tomcat web.xml Arbitrary File Access
13088| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13089| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13090| [12178] Apache Jakarta Lucene results.jsp XSS
13091| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13092| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13093| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13094| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13095| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13096| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13097| [10471] Apache Xerces-C++ XML Parser DoS
13098| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13099| [10068] Apache HTTP Server htpasswd Local Overflow
13100| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13101| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13102| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13103| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13104| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13105| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13106| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13107| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13108| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13109| [9714] Apache Authentication Module Threaded MPM DoS
13110| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13111| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13112| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13113| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13114| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13115| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13116| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13117| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13118| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13119| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13120| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13121| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13122| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13123| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13124| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13125| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13126| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13127| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13128| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13129| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13130| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13131| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13132| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13133| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13134| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13135| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13136| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13137| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13138| [9208] Apache Tomcat .jsp Encoded Newline XSS
13139| [9204] Apache Tomcat ROOT Application XSS
13140| [9203] Apache Tomcat examples Application XSS
13141| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13142| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13143| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13144| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13145| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13146| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13147| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13148| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13149| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13150| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13151| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13152| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13153| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13154| [7611] Apache HTTP Server mod_alias Local Overflow
13155| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13156| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13157| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13158| [6882] Apache mod_python Malformed Query String Variant DoS
13159| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13160| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13161| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13162| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13163| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13164| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13165| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13166| [5278] Apache Tomcat web.xml Restriction Bypass
13167| [5051] Apache Tomcat Null Character DoS
13168| [4973] Apache Tomcat servlet Mapping XSS
13169| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13170| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13171| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13172| [4568] mod_survey For Apache ENV Tags SQL Injection
13173| [4553] Apache HTTP Server ApacheBench Overflow DoS
13174| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13175| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13176| [4383] Apache HTTP Server Socket Race Condition DoS
13177| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13178| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13179| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13180| [4231] Apache Cocoon Error Page Server Path Disclosure
13181| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13182| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13183| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13184| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13185| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13186| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13187| [3322] mod_php for Apache HTTP Server Process Hijack
13188| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13189| [2885] Apache mod_python Malformed Query String DoS
13190| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13191| [2733] Apache HTTP Server mod_rewrite Local Overflow
13192| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13193| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13194| [2149] Apache::Gallery Privilege Escalation
13195| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13196| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13197| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13198| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13199| [872] Apache Tomcat Multiple Default Accounts
13200| [862] Apache HTTP Server SSI Error Page XSS
13201| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13202| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13203| [845] Apache Tomcat MSDOS Device XSS
13204| [844] Apache Tomcat Java Servlet Error Page XSS
13205| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13206| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13207| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13208| [775] Apache mod_python Module Importing Privilege Function Execution
13209| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13210| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13211| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13212| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13213| [637] Apache HTTP Server UserDir Directive Username Enumeration
13214| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13215| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13216| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13217| [561] Apache Web Servers mod_status /server-status Information Disclosure
13218| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13219| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13220| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13221| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13222| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13223| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13224| [376] Apache Tomcat contextAdmin Arbitrary File Access
13225| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13226| [222] Apache HTTP Server test-cgi Arbitrary File Access
13227| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13228| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13229|_
13230Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
13231Device type: general purpose|WAP|storage-misc|specialized
13232Running (JUST GUESSING): Linux 2.6.X|3.X (91%), Ruckus embedded (91%), Synology DiskStation Manager 5.X (89%), Crestron 2-Series (87%), Asus embedded (86%), HP embedded (85%)
13233OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3.10 cpe:/h:ruckus:zoneflex_r710 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:crestron:2_series cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/h:hp:p2000_g3
13234Aggressive OS guesses: Linux 2.6.32 (91%), Linux 3.10 (91%), Linux 3.2 (91%), Linux 3.4 - 3.10 (91%), Linux 3.5 (91%), Linux 3.8 (91%), Ruckus ZoneFlex R710 WAP (Linux 3.4) (91%), Linux 2.6.32 - 3.10 (90%), Linux 2.6.32 - 3.13 (90%), Linux 2.6.32 - 3.9 (90%)
13235No exact OS matches for host (test conditions non-ideal).
13236Uptime guess: 6.164 days (since Sat Jan 11 15:25:04 2020)
13237Network Distance: 19 hops
13238TCP Sequence Prediction: Difficulty=260 (Good luck!)
13239IP ID Sequence Generation: All zeros
13240
13241TRACEROUTE (using port 443/tcp)
13242HOP RTT ADDRESS
132431 60.87 ms 10.253.204.1
132442 100.86 ms 104.245.145.177
132453 100.92 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
132464 100.93 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
132475 100.93 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
132486 100.96 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
132497 100.99 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
132508 101.02 ms be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178)
132519 101.02 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
1325210 101.02 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
1325311 110.66 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
1325412 202.55 ms ae-16.r24.osakjp02.jp.bb.gin.ntt.net (129.250.3.61)
1325513 327.50 ms ae-1.r02.osakjp02.jp.bb.gin.ntt.net (129.250.2.40)
1325614 327.57 ms ae-1.a01.osakjp02.jp.bb.gin.ntt.net (129.250.3.232)
1325715 327.55 ms xe-0-0-22-3.a01.osakjp02.jp.ce.gin.ntt.net (61.200.80.218)
1325816 ... 18
1325919 257.01 ms 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13260
13261NSE: Script Post-scanning.
13262Initiating NSE at 19:20
13263Completed NSE at 19:20, 0.00s elapsed
13264Initiating NSE at 19:20
13265Completed NSE at 19:20, 0.00s elapsed
13266#######################################################################################################################################
13267Version: 1.11.13-static
13268OpenSSL 1.0.2-chacha (1.0.2g-dev)
13269
13270Connected to 210.152.243.182
13271
13272Testing SSL server 210.152.243.182 on port 443 using SNI name 210.152.243.182
13273
13274 TLS Fallback SCSV:
13275Server supports TLS Fallback SCSV
13276
13277 TLS renegotiation:
13278Secure session renegotiation supported
13279
13280 TLS Compression:
13281Compression disabled
13282
13283 Heartbleed:
13284TLS 1.2 not vulnerable to heartbleed
13285TLS 1.1 not vulnerable to heartbleed
13286TLS 1.0 not vulnerable to heartbleed
13287
13288 Supported Server Cipher(s):
13289Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
13290Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
13291Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
13292Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
13293Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
13294Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
13295Accepted TLSv1.2 256 bits AES256-GCM-SHA384
13296Accepted TLSv1.2 256 bits AES256-SHA256
13297Accepted TLSv1.2 256 bits AES256-SHA
13298Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
13299Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
13300Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
13301Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
13302Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
13303Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
13304Accepted TLSv1.2 128 bits AES128-GCM-SHA256
13305Accepted TLSv1.2 128 bits AES128-SHA256
13306Accepted TLSv1.2 128 bits AES128-SHA
13307Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
13308Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
13309Accepted TLSv1.2 112 bits DES-CBC3-SHA
13310Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
13311Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
13312Accepted TLSv1.1 256 bits AES256-SHA
13313Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
13314Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
13315Accepted TLSv1.1 128 bits AES128-SHA
13316Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
13317Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
13318Accepted TLSv1.1 112 bits DES-CBC3-SHA
13319Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
13320Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
13321Accepted TLSv1.0 256 bits AES256-SHA
13322Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
13323Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
13324Accepted TLSv1.0 128 bits AES128-SHA
13325Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
13326Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
13327Accepted TLSv1.0 112 bits DES-CBC3-SHA
13328
13329 SSL Certificate:
13330Signature Algorithm: sha256WithRSAEncryption
13331RSA Key Strength: 2048
13332
13333Subject: www.e-kujira.or.jp
13334Altnames: DNS:www.e-kujira.or.jp, DNS:e-kujira.or.jp
13335Issuer: JPRS Domain Validation Authority - G2
13336
13337Not valid before: Jun 4 03:40:06 2019 GMT
13338Not valid after: Aug 31 14:59:59 2020 GMT
13339######################################################################################################################################
13340-+--------------------------------------------------+-----------+-----------+
13341| App Name | URL to Application | Potential Exploit | Username | Password |
13342+------------+-----------------------------------------+--------------------------------------------------+-----------+-----------+
13343| phpMyAdmin | https://210.152.243.182:443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | Not Found | Not Found |
13344+------------+-----------------------------------------+--------------------------------------------------+-----------+-----------+
13345#######################################################################################################################################
13346Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:26 EST
13347NSE: Loaded 47 scripts for scanning.
13348NSE: Script Pre-scanning.
13349Initiating NSE at 19:26
13350Completed NSE at 19:26, 0.00s elapsed
13351Initiating NSE at 19:26
13352Completed NSE at 19:26, 0.00s elapsed
13353Initiating Parallel DNS resolution of 1 host. at 19:26
13354Completed Parallel DNS resolution of 1 host. at 19:26, 0.02s elapsed
13355Initiating SYN Stealth Scan at 19:26
13356Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [65535 ports]
13357Discovered open port 110/tcp on 210.152.243.182
13358Discovered open port 587/tcp on 210.152.243.182
13359Discovered open port 443/tcp on 210.152.243.182
13360Discovered open port 21/tcp on 210.152.243.182
13361Discovered open port 80/tcp on 210.152.243.182
13362SYN Stealth Scan Timing: About 5.70% done; ETC: 19:35 (0:08:33 remaining)
13363SYN Stealth Scan Timing: About 14.76% done; ETC: 19:33 (0:05:52 remaining)
13364SYN Stealth Scan Timing: About 22.04% done; ETC: 19:33 (0:05:22 remaining)
13365SYN Stealth Scan Timing: About 30.41% done; ETC: 19:33 (0:04:58 remaining)
13366SYN Stealth Scan Timing: About 39.40% done; ETC: 19:33 (0:04:06 remaining)
13367SYN Stealth Scan Timing: About 47.63% done; ETC: 19:33 (0:03:29 remaining)
13368SYN Stealth Scan Timing: About 57.56% done; ETC: 19:32 (0:02:42 remaining)
13369SYN Stealth Scan Timing: About 70.18% done; ETC: 19:32 (0:01:46 remaining)
13370SYN Stealth Scan Timing: About 84.21% done; ETC: 19:32 (0:00:53 remaining)
13371Completed SYN Stealth Scan at 19:31, 310.19s elapsed (65535 total ports)
13372Initiating Service scan at 19:31
13373Scanning 5 services on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13374Completed Service scan at 19:32, 20.82s elapsed (5 services on 1 host)
13375Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13376Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13377Initiating Traceroute at 19:32
13378Completed Traceroute at 19:32, 3.14s elapsed
13379Initiating Parallel DNS resolution of 15 hosts. at 19:32
13380Completed Parallel DNS resolution of 15 hosts. at 19:32, 0.33s elapsed
13381NSE: Script scanning 210.152.243.182.
13382Initiating NSE at 19:32
13383#######################################################################################################################################
13384Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-17 19:32 EST
13385NSE: Loaded 47 scripts for scanning.
13386NSE: Script Pre-scanning.
13387Initiating NSE at 19:32
13388Completed NSE at 19:32, 0.00s elapsed
13389Initiating NSE at 19:32
13390Completed NSE at 19:32, 0.00s elapsed
13391Initiating Parallel DNS resolution of 1 host. at 19:32
13392Completed Parallel DNS resolution of 1 host. at 19:32, 0.03s elapsed
13393Initiating UDP Scan at 19:32
13394Scanning 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182) [15 ports]
13395Completed UDP Scan at 19:32, 2.20s elapsed (15 total ports)
13396Initiating Service scan at 19:32
13397Scanning 13 services on 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13398Service scan Timing: About 7.69% done; ETC: 19:53 (0:19:36 remaining)
13399Completed Service scan at 19:34, 102.59s elapsed (13 services on 1 host)
13400Initiating OS detection (try #1) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13401Retrying OS detection (try #2) against 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13402Initiating Traceroute at 19:34
13403Completed Traceroute at 19:34, 7.05s elapsed
13404Initiating Parallel DNS resolution of 1 host. at 19:34
13405Completed Parallel DNS resolution of 1 host. at 19:34, 0.00s elapsed
13406NSE: Script scanning 210.152.243.182.
13407Initiating NSE at 19:34
13408Completed NSE at 19:34, 7.24s elapsed
13409Initiating NSE at 19:34
13410Completed NSE at 19:34, 1.28s elapsed
13411Nmap scan report for 210-152-243-182.jp-west.compute.idcfcloud.com (210.152.243.182)
13412Host is up (0.11s latency).
13413
13414PORT STATE SERVICE VERSION
1341553/udp open|filtered domain
1341667/udp open|filtered dhcps
1341768/udp open|filtered dhcpc
1341869/udp open|filtered tftp
1341988/udp open|filtered kerberos-sec
13420123/udp open|filtered ntp
13421137/udp filtered netbios-ns
13422138/udp filtered netbios-dgm
13423139/udp open|filtered netbios-ssn
13424161/udp open|filtered snmp
13425162/udp open|filtered snmptrap
13426389/udp open|filtered ldap
13427500/udp open|filtered isakmp
13428|_ike-version: ERROR: Script execution failed (use -d to debug)
13429520/udp open|filtered route
134302049/udp open|filtered nfs
13431Too many fingerprints match this host to give specific OS details
13432
13433TRACEROUTE (using port 138/udp)
13434HOP RTT ADDRESS
134351 38.74 ms 10.253.204.1
134362 ... 3
134374 30.62 ms 10.253.204.1
134385 92.47 ms 10.253.204.1
134396 92.47 ms 10.253.204.1
134407 92.48 ms 10.253.204.1
134418 92.47 ms 10.253.204.1
134429 61.01 ms 10.253.204.1
1344310 30.10 ms 10.253.204.1
1344411 ... 18
1344519 31.00 ms 10.253.204.1
1344620 33.82 ms 10.253.204.1
1344721 33.00 ms 10.253.204.1
1344822 ... 29
1344930 31.38 ms 10.253.204.1
13450
13451NSE: Script Post-scanning.
13452Initiating NSE at 19:34
13453Completed NSE at 19:34, 0.00s elapsed
13454Initiating NSE at 19:34
13455Completed NSE at 19:34, 0.00s elapsed
13456#######################################################################################################################################
13457 Anonymous JTSEC #OpWhales Full Recon #17