· 5 years ago · Feb 07, 2020, 07:04 AM
1#####################################################################################################################################
2=======================================================================================================================================
3Hostname wwwa.cao.go.jp ISP Internet Initiative Japan Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 07 Feb 2020 13:33 JST
8City Unknown Postal Code Unknown
9IP Address (IPv6) 2001:240:1b0:1::34 Latitude 36
10 Longitude 138
11======================================================================================================================================
12#####################################################################################################################################
13> wwwa.cao.go.jp
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: wwwa.cao.go.jp
19Address: 210.149.141.34
20Name: wwwa.cao.go.jp
21Address: 2001:240:1b0:1::34
22>
23####################################################################################################################################
24Domain Information:
25a. [Domain Name] CAO.GO.JP
26g. [Organization] Cabinet Office
27l. [Organization Type] Government
28m. [Administrative Contact] TT42847JP
29n. [Technical Contact] TS46015JP
30p. [Name Server] dns-b.iij.ad.jp
31p. [Name Server] dns-c.iij.ad.jp
32s. [Signing Key]
33[State] Connected (2020/12/31)
34[Registered Date] 2000/12/06
35[Connected Date] 2000/12/27
36[Last Update] 2020/01/01 01:07:14 (JST)
37#####################################################################################################################################
38[+] Target : wwwa.cao.go.jp
39
40[+] IP Address : 210.149.141.34
41
42[+] Headers :
43
44[+] Date : Fri, 07 Feb 2020 04:43:48 GMT
45[+] Server : Apache
46[+] X-Frame-Options : SAMEORIGIN
47[+] Last-Modified : Mon, 03 Dec 2018 01:38:56 GMT
48[+] ETag : "1f10-57c143650ac00"
49[+] Accept-Ranges : bytes
50[+] Content-Length : 7952
51[+] Cache-Control : no-store
52[+] Expires : Fri, 07 Feb 2020 04:43:48 GMT
53[+] Pragma : no-cache
54[+] Keep-Alive : timeout=15, max=100
55[+] Connection : Keep-Alive
56[+] Content-Type : text/html
57
58[+] SSL Certificate Information :
59
60[-] SSL is not Present on Target URL...Skipping...
61
62[+] Whois Lookup :
63
64[+] NIR : {'query': '210.149.141.34', 'raw': None, 'nets': [{'cidr': '210.149.141.0/24', 'name': 'Cabinet Office, Government Of Japan', 'handle': 'CAO-WEB2018', 'range': '210.149.141.1 - 210.149.141.255', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': None, 'created': None, 'updated': '2018-06-08T08:05:03', 'contacts': {'admin': {'email': 's.unyou1@cao.go.jp', 'organization': 'Cabinet Office, Government of Japan', 'division': '', 'phone': '03-6257-1366', 'fax': '', 'updated': '2018-06-08T04:29:03'}, 'tech': {'email': 's.unyou1@cao.go.jp', 'organization': 'Cabinet Office, Government of Japan', 'division': '', 'phone': '03-6257-1366', 'fax': '', 'updated': '2018-06-08T04:29:03'}}}]}
65[+] ASN Registry : apnic
66[+] ASN : 2497
67[+] ASN CIDR : 210.149.0.0/16
68[+] ASN Country Code : JP
69[+] ASN Date : 1996-12-30
70[+] ASN Description : IIJ Internet Initiative Japan Inc., JP
71[+] cidr : 210.144.0.0/12
72[+] name : JPNIC-NET-JP
73[+] handle : JNIC1-AP
74[+] range : 210.144.0.0 - 210.159.255.255
75[+] description : Japan Network Information Center
76[+] country : JP
77[+] state : None
78[+] city : None
79[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
80Chiyoda-ku, Tokyo 101-0047, Japan
81[+] postal_code : None
82[+] emails : ['hostmaster@nic.ad.jp']
83[+] created : None
84[+] updated : None
85
86[+] Crawling Target...
87
88[+] Looking for robots.txt........[ Not Found ]
89[+] Looking for sitemap.xml.......[ Not Found ]
90[+] Extracting CSS Links..........[ 2 ]
91[+] Extracting Javascript Links...[ 2 ]
92[+] Extracting Internal Links.....[ 0 ]
93[+] Extracting External Links.....[ 9 ]
94[+] Extracting Images.............[ 5 ]
95
96[+] Total Links Extracted : 18
97
98[+] Dumping Links in /opt/FinalRecon/dumps/wwwa.cao.go.jp.dump
99[+] Completed!
100#####################################################################################################################################
101[i] Scanning Site: http://wwwa.cao.go.jp
102
103
104
105B A S I C I N F O
106====================
107
108
109[+] Site Title: 404 Not Found - 内閣府
110[+] IP address: 210.149.141.34
111[+] Web Server: Apache
112[+] CMS: Could Not Detect
113[+] Cloudflare: Not Detected
114[+] Robots File: Could NOT Find robots.txt!
115
116
117
118
119W H O I S L O O K U P
120========================
121
122 [ JPRS database provides information on network administration. Its use is ]
123[ restricted to network administration purposes. For further information, ]
124[ use 'whois -h whois.jprs.jp help'. To suppress Japanese output, add'/e' ]
125[ at the end of command, e.g. 'whois -h whois.jprs.jp xxx/e'. ]
126
127No match!!
128
129With JPRS WHOIS, you can query the following domain name information
130sponsored by JPRS.
131 - All of registered JP domain name
132 - gTLD domain name of which sponsoring registrar is JPRS
133Detail: https://jprs.jp/about/dom-search/jprs-whois/ (only in Japanese)
134
135For IP address information, please refer to the following WHOIS servers:
136 - JPNIC WHOIS (whois.nic.ad.jp)
137 - APNIC WHOIS (whois.apnic.net)
138 - ARIN WHOIS (whois.arin.net)
139 - RIPE WHOIS (whois.ripe.net)
140 - LACNIC WHOIS (whois.lacnic.net)
141 - AfriNIC WHOIS (whois.afrinic.net)
142
143
144
145
146
147G E O I P L O O K U P
148=========================
149
150[i] IP Address: 210.149.141.34
151[i] Country: Japan
152[i] State:
153[i] City:
154[i] Latitude: 35.69
155[i] Longitude: 139.69
156
157
158
159
160H T T P H E A D E R S
161=======================
162
163
164[i] HTTP/1.1 200 OK
165[i] Date: Fri, 07 Feb 2020 04:44:02 GMT
166[i] Server: Apache
167[i] X-Frame-Options: SAMEORIGIN
168[i] Last-Modified: Mon, 03 Dec 2018 01:38:56 GMT
169[i] ETag: "1f10-57c143650ac00"
170[i] Accept-Ranges: bytes
171[i] Content-Length: 7952
172[i] Cache-Control: no-store
173[i] Expires: Fri, 07 Feb 2020 04:44:02 GMT
174[i] Pragma: no-cache
175[i] Connection: close
176[i] Content-Type: text/html
177
178
179
180
181D N S L O O K U P
182===================
183
184wwwa.cao.go.jp. 599 IN SOA cao-web-ns11.cao.go.jp. hostmaster.cao-web-ns11.cao.go.jp. 2018112804 3600 1800 21600 86400
185wwwa.cao.go.jp. 599 IN NS ns12.cao.go.jp.
186wwwa.cao.go.jp. 599 IN NS ns11.cao.go.jp.
187wwwa.cao.go.jp. 29 IN A 210.149.141.34
188wwwa.cao.go.jp. 29 IN AAAA 2001:240:1b0:1::34
189
190
191
192
193S U B N E T C A L C U L A T I O N
194====================================
195
196Address = 2001:240:1b0:1::34
197Network = 2001:240:1b0:1::34 / 128
198Netmask = ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
199Wildcard Mask = ::
200Hosts Bits = 0
201Max. Hosts = 0 (2^0 - 1)
202Host Range = { 2001:240:1b0:1::35 - 2001:240:1b0:1::34 }
203
204
205
206N M A P P O R T S C A N
207============================
208
209Starting Nmap 7.70 ( https://nmap.org ) at 2020-02-07 04:44 UTC
210Nmap scan report for wwwa.cao.go.jp (210.149.141.34)
211Host is up (0.17s latency).
212Other addresses for wwwa.cao.go.jp (not scanned): 2001:240:1b0:1::34
213
214PORT STATE SERVICE
21521/tcp filtered ftp
21622/tcp filtered ssh
21723/tcp filtered telnet
21880/tcp open http
219110/tcp filtered pop3
220143/tcp filtered imap
221443/tcp closed https
2223389/tcp filtered ms-wbt-server
223
224Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
225####################################################################################################################################
226[+] Starting At 2020-02-06 23:45:06.148013
227[+] Collecting Information On: http://wwwa.cao.go.jp/notice/20191101notice.html
228[#] Status: 200
229--------------------------------------------------
230[#] Web Server Detected: Apache
231- Date: Fri, 07 Feb 2020 04:44:56 GMT
232- Server: Apache
233- X-Frame-Options: SAMEORIGIN
234- Last-Modified: Wed, 13 Nov 2019 06:12:47 GMT
235- ETag: "2309-5973440f57d52"
236- Accept-Ranges: bytes
237- Content-Length: 8969
238- Cache-Control: no-store
239- Expires: Fri, 07 Feb 2020 04:44:56 GMT
240- Pragma: no-cache
241- Keep-Alive: timeout=15, max=100
242- Connection: Keep-Alive
243- Content-Type: text/html
244--------------------------------------------------
245[#] Finding Location..!
246[#] status: fail
247[#] message: invalid query
248[#] query: cao.go.jp
249--------------------------------------------------
250[x] Didn't Detect WAF Presence on: http://wwwa.cao.go.jp/notice/20191101notice.html
251--------------------------------------------------
252[#] Starting Reverse DNS
253[-] Failed ! Fail
254--------------------------------------------------
255[!] Scanning Open Port
256--------------------------------------------------
257[+] Getting SSL Info
258[Errno -2] Name or service not known
259--------------------------------------------------
260[+] Collecting Information Disclosure!
261[#] Detecting sitemap.xml file
262[-] sitemap.xml file not Found!?
263[#] Detecting robots.txt file
264[-] robots.txt file not Found!?
265[#] Detecting GNU Mailman
266[-] GNU Mailman App Not Detected!?
267--------------------------------------------------
268[+] Crawling Url Parameter On: http://wwwa.cao.go.jp/notice/20191101notice.html
269--------------------------------------------------
270[#] Searching Html Form !
271[+] Html Form Discovered
272[#] action: https://nsearch.cao.go.jp/cao/search.x
273[#] class: None
274[#] id: searchBox
275[#] method: get
276--------------------------------------------------
277[!] Found 1 dom parameter
278[#] http://wwwa.cao.go.jp/notice/20191101notice.html/#container
279--------------------------------------------------
280[!] 2 Internal Dynamic Parameter Discovered
281[+] https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=ja
282[+] https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=en
283--------------------------------------------------
284[-] No external Dynamic Paramter Found!?
285--------------------------------------------------
286[!] 8 Internal links Discovered
287[+] https://www.cao.go.jp/common3/css/import.css
288[+] https://www.cao.go.jp/common3/css/print.css
289[+] https://www.cao.go.jp/index.html
290[+] https://www.cao.go.jp/search/notice-search.html
291[+] https://www.cao.go.jp/index.html
292[+] https://www.cao.go.jp/
293[+] https://www.cao.go.jp/
294[+] https://www.cao.go.jp/index-e.html
295--------------------------------------------------
296[-] No External Link Found!?
297--------------------------------------------------
298[#] Mapping Subdomain..
299[-] No Any Subdomain Found
300[!] Found 0 Subdomain
301--------------------------------------------------
302[!] Done At 2020-02-06 23:47:29.604496
303#####################################################################################################################################
304[INFO] ------TARGET info------
305[*] TARGET: http://wwwa.cao.go.jp/notice/20191101notice.html
306[*] TARGET IP: 210.149.141.34
307[INFO] NO load balancer detected for wwwa.cao.go.jp...
308[*] DNS servers: cao-web-ns11.cao.go.jp.
309[*] TARGET server: Apache
310[*] CC: JP
311[*] Country: Japan
312[*] RegionCode: 13
313[*] RegionName: Tokyo
314[*] City: Tokyo
315[*] ASN: AS2497
316[*] BGP_PREFIX: 210.149.0.0/16
317[*] ISP: IIJ Internet Initiative Japan Inc., JP
318[INFO] DNS enumeration:
319[*] webconf.cao.go.jp 210.149.142.75 210.149.142.72
320[INFO] Possible abuse mails are:
321[*] abuse@cao.go.jp
322[*] abuse@wwwa.cao.go.jp
323[*] mune@catv.ne.jp
324[INFO] NO PAC (Proxy Auto Configuration) file FOUND
325[INFO] Checking for HTTP status codes recursively from /notice/20191101notice.html
326[INFO] Status code Folders
327[*] 200 http://wwwa.cao.go.jp/notice/
328[INFO] Starting FUZZing in http://wwwa.cao.go.jp/FUzZzZzZzZz...
329[INFO] Status code Folders
330[ALERT] Look in the source code. It may contain passwords
331[INFO] SAME content in http://wwwa.cao.go.jp/ AND http://210.149.141.34/
332[INFO] Links found from http://wwwa.cao.go.jp/notice/20191101notice.html:
333[*] https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=en
334[*] https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=ja
335[*] https://www.cao.go.jp/
336[*] https://www.cao.go.jp/index-e.html
337[*] https://www.cao.go.jp/index.html
338[*] https://www.cao.go.jp/search/notice-search.html
339[*] http://wwwa.cao.go.jp/notice/20191101notice.html#container
340cut: intervalle de champ incorrecte
341Saisissez « cut --help » pour plus d'informations.
342[INFO] Shodan detected the following opened ports on 210.149.141.34:
343[*] 80
344[INFO] ------VirusTotal SECTION------
345[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
346[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
347[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
348[INFO] ------Alexa Rank SECTION------
349[INFO] Percent of Visitors Rank in Country:
350[INFO] Percent of Search Traffic:
351[INFO] Percent of Unique Visits:
352[INFO] Total Sites Linking In:
353[*] Total Sites
354[INFO] Useful links related to wwwa.cao.go.jp - 210.149.141.34:
355[*] https://www.virustotal.com/pt/ip-address/210.149.141.34/information/
356[*] https://www.hybrid-analysis.com/search?host=210.149.141.34
357[*] https://www.shodan.io/host/210.149.141.34
358[*] https://www.senderbase.org/lookup/?search_string=210.149.141.34
359[*] https://www.alienvault.com/open-threat-exchange/ip/210.149.141.34
360[*] http://pastebin.com/search?q=210.149.141.34
361[*] http://urlquery.net/search.php?q=210.149.141.34
362[*] http://www.alexa.com/siteinfo/wwwa.cao.go.jp
363[*] http://www.google.com/safebrowsing/diagnostic?site=wwwa.cao.go.jp
364[*] https://censys.io/ipv4/210.149.141.34
365[*] https://www.abuseipdb.com/check/210.149.141.34
366[*] https://urlscan.io/search/#210.149.141.34
367[*] https://github.com/search?q=210.149.141.34&type=Code
368[INFO] Useful links related to AS2497 - 210.149.0.0/16:
369[*] http://www.google.com/safebrowsing/diagnostic?site=AS:2497
370[*] https://www.senderbase.org/lookup/?search_string=210.149.0.0/16
371[*] http://bgp.he.net/AS2497
372[*] https://stat.ripe.net/AS2497
373[INFO] Date: 06/02/20 | Time: 23:45:53
374[INFO] Total time: 0 minute(s) and 45 second(s)
375#####################################################################################################################################
376Trying "cao.go.jp"
377;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24128
378;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
379
380;; QUESTION SECTION:
381;cao.go.jp. IN ANY
382
383;; ANSWER SECTION:
384cao.go.jp. 600 IN TXT "v=spf1 include:spf.securemx.jp include:spf-nmg.cao.go.jp ip4:202.238.158.83 ip4:202.238.158.84 include:v6spf.cao.go.jp include:spf.dox.jp -all"
385cao.go.jp. 600 IN MX 40 mx.securemx.jp.
386cao.go.jp. 600 IN MX 60 mx6.securemx.jp.
387cao.go.jp. 600 IN SOA dns-b.iij.ad.jp. dns-managers.iij.ad.jp. 1558944276 3600 1800 3600000 900
388cao.go.jp. 600 IN NS dns-c.iij.ad.jp.
389cao.go.jp. 600 IN NS dns-b.iij.ad.jp.
390
391Received 326 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 144 ms
392####################################################################################################################################
393
394; <<>> DiG 9.11.14-3-Debian <<>> +trace cao.go.jp any
395;; global options: +cmd
396. 80363 IN NS e.root-servers.net.
397. 80363 IN NS l.root-servers.net.
398. 80363 IN NS g.root-servers.net.
399. 80363 IN NS j.root-servers.net.
400. 80363 IN NS i.root-servers.net.
401. 80363 IN NS m.root-servers.net.
402. 80363 IN NS k.root-servers.net.
403. 80363 IN NS d.root-servers.net.
404. 80363 IN NS a.root-servers.net.
405. 80363 IN NS c.root-servers.net.
406. 80363 IN NS h.root-servers.net.
407. 80363 IN NS f.root-servers.net.
408. 80363 IN NS b.root-servers.net.
409. 80363 IN RRSIG NS 8 0 518400 20200219170000 20200206160000 33853 . rsR5J0PJjRW1vqOZPQ8urFpaJv+DEsmhpQ8olfPr8gDEfMISYEV3ZLH3 lmp9Z5qYWazGipeZZoh0kbjLB4VvrW8mJu9/XoC3muRDpnZc05ywEWZ0 /eLHqg/0S0zD18lpjtgObqHxGupc/AmrsOFSZ2PPpJbMA9sbiNq02v9m MS9jffMdF9mLBrdL/PkGlUHLmNpSIXsfm5ziYFcwhV9KEBgEjMp2I85t oupyCdfUETxRWGyzvU2SdORJ2/yrHrm6XO3+CX7+E+EiH5WTvxazBhWf Xheh+GOMn7Y6hUm9uDAoK5HMgbA0lMgnQK+YgICAAhzEZv/ci4w2uVaI 2Tqdow==
410;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 157 ms
411
412jp. 172800 IN NS c.dns.jp.
413jp. 172800 IN NS f.dns.jp.
414jp. 172800 IN NS d.dns.jp.
415jp. 172800 IN NS h.dns.jp.
416jp. 172800 IN NS b.dns.jp.
417jp. 172800 IN NS g.dns.jp.
418jp. 172800 IN NS e.dns.jp.
419jp. 172800 IN NS a.dns.jp.
420jp. 86400 IN DS 39595 8 1 1CC05D3654844B375BE8FDFB8933A21C9E9897DD
421jp. 86400 IN DS 39595 8 2 2871D562754FD45AC0452440D806ABB8E6BA967B2032B166FD2761E8 73553387
422jp. 86400 IN RRSIG DS 8 1 86400 20200219170000 20200206160000 33853 . Yu3Ho5sL2B5HfXgHHOLcX+5/nvJao7z7piXuitudNTibrKC1WdrkDcLy 0RILR61n3ieHu2DJV1xfaMV9gB6mbHjMITUSqs2gbflqxela4VcX6FZ9 zs1bnGeFxIRHXqYDd5bJbi51ZUbk+anvXbfy0p90j/9BhtaDyz5w2/5a 1r7oCMX0rM7Y0FTLg2knhk/BXoKEf1w0ZQDRBahtmnLIv3a0bqthmsgC 0adzuPc+JkvtcP7iH2NzFHB9fXyN4Z4D9G8tv2YOxKhgGvv9LCWTaJ57 m24JHkp5FH2Xyjz0ztf/A/rrduw9Fx01uW1FYNdWQSFK98MR1pUKB3L7 tvIydA==
423;; Received 893 bytes from 2001:500:200::b#53(b.root-servers.net) in 71 ms
424
425cao.go.jp. 86400 IN NS dns-b.iij.ad.jp.
426cao.go.jp. 86400 IN NS dns-c.iij.ad.jp.
427OE13L4BIO34NV1OHO24HICB70I655ARB.jp. 900 IN NSEC3 1 1 5 F07F38698C OEGMQ06D9RCS3KBJM9CHH0NBGIBKHK8N TXT RRSIG
428OE13L4BIO34NV1OHO24HICB70I655ARB.jp. 900 IN RRSIG NSEC3 8 2 900 20200302174503 20200201174503 2661 jp. QC5MjqIDh2sHLx57Y7HbtzfbbFc8YdFX0aM4YfdUTU667yAUO+/fmBxz bkU3pxvh8MFvOpIuUY1NydTBsj8UEWyiZ4ndpx8n/nyfZ5LCV/j3yNGv uC2BZJlw4nkmGot7CS/cjb5qN+kI1zD/L396iShm4F/j34tgkBLCXqUC 7fo=
429LSP0RM3871G1HU8LS24EL9ADGR37I01A.jp. 900 IN NSEC3 1 1 5 F07F38698C LTJBFTBB5OHSKTE2IFG9AGNCK63NIQ4G TXT RRSIG
430LSP0RM3871G1HU8LS24EL9ADGR37I01A.jp. 900 IN RRSIG NSEC3 8 2 900 20200302174503 20200201174503 2661 jp. fuwbk8eIgUULcRdcmt4gwc3egT/qckjnr7WiHuAQEgdkCCe3tpIyGybE 0H6DwVeoAhOPE7xSq90c1fHF7/BkrB1A8nTdzPL8P/3TL7mQvfKZYSCq DoR8STEClAInGU0j25SYeNhSUtWQh1HxhifH62jhyjP/LQGwpWLiuiUd ydo=
431;; Received 605 bytes from 2001:502:ad09::5#53(c.dns.jp) in 35 ms
432
433cao.go.jp. 600 IN SOA dns-b.iij.ad.jp. dns-managers.iij.ad.jp. 1558944276 3600 1800 3600000 900
434cao.go.jp. 600 IN NS dns-b.iij.ad.jp.
435cao.go.jp. 600 IN NS dns-c.iij.ad.jp.
436cao.go.jp. 600 IN MX 60 mx6.securemx.jp.
437cao.go.jp. 600 IN MX 40 mx.securemx.jp.
438cao.go.jp. 600 IN TXT "v=spf1 include:spf.securemx.jp include:spf-nmg.cao.go.jp ip4:202.238.158.83 ip4:202.238.158.84 include:v6spf.cao.go.jp include:spf.dox.jp -all"
439;; Received 365 bytes from 202.232.2.14#53(dns-b.iij.ad.jp) in 321 ms
440####################################################################################################################################
441[*] Performing General Enumeration of Domain: cao.go.jp
442[-] DNSSEC is not configured for cao.go.jp
443[*] SOA dns-b.iij.ad.jp 202.232.2.14
444[*] NS dns-c.iij.ad.jp 210.130.1.15
445[*] Bind Version for 210.130.1.15 IIJ-DNS-SERVICE
446[*] NS dns-c.iij.ad.jp 2001:240:bb81::2:15
447[*] Bind Version for 2001:240:bb81::2:15 IIJ-DNS-SERVICE
448[*] NS dns-b.iij.ad.jp 202.232.2.14
449[*] Bind Version for 202.232.2.14 IIJ-DNS-SERVICE
450[*] NS dns-b.iij.ad.jp 2001:240:bb81::2:14
451[*] Bind Version for 2001:240:bb81::2:14 IIJ-DNS-SERVICE
452[*] MX mx.securemx.jp 210.130.202.122
453[*] MX mx.securemx.jp 210.130.202.98
454[*] MX mx.securemx.jp 210.130.202.97
455[*] MX mx.securemx.jp 210.130.202.123
456[*] MX mx6.securemx.jp 2001:240:bb81::4:521
457[*] MX mx6.securemx.jp 2001:240:bb81::4:501
458[*] MX mx6.securemx.jp 2001:240:bb81::4:520
459[*] MX mx6.securemx.jp 2001:240:bb81::4:500
460[*] TXT cao.go.jp v=spf1 include:spf.securemx.jp include:spf-nmg.cao.go.jp ip4:202.238.158.83 ip4:202.238.158.84 include:v6spf.cao.go.jp include:spf.dox.jp -all
461[*] Enumerating SRV Records
462[*] SRV _sip._tls.cao.go.jp sip.cao.go.jp 210.149.142.71 443 0
463[*] SRV _sip._tls.cao.go.jp sip.cao.go.jp 210.149.142.74 443 0
464[+] 2 Records Found
465#####################################################################################################################################
466[*] Processing domain cao.go.jp
467[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
468[+] Getting nameservers
469210.130.1.15 - dns-c.iij.ad.jp
470202.232.2.14 - dns-b.iij.ad.jp
471[-] Zone transfer failed
472
473[+] TXT records found
474"v=spf1 include:spf.securemx.jp include:spf-nmg.cao.go.jp ip4:202.238.158.83 ip4:202.238.158.84 include:v6spf.cao.go.jp include:spf.dox.jp -all"
475
476[+] MX records found, added to target list
47760 mx6.securemx.jp.
47840 mx.securemx.jp.
479
480[*] Scanning cao.go.jp for A records
481210.149.142.73 - av.cao.go.jp
482210.149.142.76 - av.cao.go.jp
483210.149.141.157 - cms.cao.go.jp
484210.149.141.151 - log.cao.go.jp
485127.0.0.1 - localhost.cao.go.jp
486210.149.141.153 - monitoring.cao.go.jp
487210.149.141.10 - ns11.cao.go.jp
488202.232.87.54 - ns12.cao.go.jp
489210.149.142.71 - sip.cao.go.jp
490210.149.142.74 - sip.cao.go.jp
491210.149.141.81 - stage.cao.go.jp
492210.149.142.75 - webconf.cao.go.jp
493210.149.142.72 - webconf.cao.go.jp
494203.180.216.219 - www.cao.go.jp
495210.149.141.32 - www5.cao.go.jp
496####################################################################################################################################
497Domains still to check: 1
498 Checking if the hostname cao.go.jp. given is in fact a domain...
499
500Analyzing domain: cao.go.jp.
501 Checking NameServers using system default resolver...
502 IP: 210.130.1.15 (Japan)
503 HostName: dns-c.iij.ad.jp Type: NS
504 HostName: sys-c.do.2iij.net Type: PTR
505 IP: 202.232.2.14 (Japan)
506 HostName: dns-b.iij.ad.jp Type: NS
507 HostName: sys-b.do.2iij.net Type: PTR
508
509 Checking MailServers using system default resolver...
510 WARNING!! There are no MX records for this domain
511
512 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
513 No zone transfer found on nameserver 210.130.1.15
514 No zone transfer found on nameserver 202.232.2.14
515
516 Checking SPF record...
517
518 Checking SPF record...
519 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.130.202.128/29, but only the network IP
520 New IP found: 210.130.202.128
521 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.130.202.48/29, but only the network IP
522 New IP found: 210.130.202.48
523 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.130.202.152/29, but only the network IP
524 New IP found: 210.130.202.152
525 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.130.202.160/28, but only the network IP
526 New IP found: 210.130.202.160
527 There are no IPv4 addresses in the SPF. Maybe IPv6.
528
529 Checking SPF record...
530
531 Checking SPF record...
532
533 Checking SPF record...
534 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 118.67.107.0/24, but only the network IP
535 New IP found: 118.67.107.0
536 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 182.236.75.0/24, but only the network IP
537 New IP found: 182.236.75.0
538 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 182.236.82.0/23, but only the network IP
539 New IP found: 182.236.82.0
540 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 101.97.26.0/24, but only the network IP
541 New IP found: 101.97.26.0
542 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 42.125.251.0/24, but only the network IP
543 New IP found: 42.125.251.0
544 New IP found: 202.143.90.187
545 New IP found: 54.248.123.160
546 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.129.128.0/25, but only the network IP
547 New IP found: 210.129.128.0
548 New IP found: 160.16.125.241
549 New IP found: 202.238.158.83
550 New IP found: 202.238.158.84
551
552 Checking SPF record...
553 No SPF record
554
555 Checking SPF record...
556 New IP found: 203.180.90.38
557 New IP found: 203.180.90.39
558 New IP found: 202.232.173.185
559 New IP found: 202.232.173.186
560 New IP found: 210.149.162.118
561 New IP found: 210.149.162.119
562 New IP found: 203.180.155.136
563 New IP found: 203.180.155.137
564 There are no IPv4 addresses in the SPF. Maybe IPv6.
565 There are no IPv4 addresses in the SPF. Maybe IPv6.
566 There are no IPv4 addresses in the SPF. Maybe IPv6.
567 There are no IPv4 addresses in the SPF. Maybe IPv6.
568
569 Checking 192 most common hostnames using system default resolver...
570 IP: 203.180.216.219 (Japan)
571 HostName: www.cao.go.jp. Type: A
572 IP: 210.149.141.151 (Japan)
573 HostName: log.cao.go.jp. Type: A
574
575 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
576 Checking netblock 210.130.202.0
577 Checking netblock 202.238.158.0
578 Checking netblock 182.236.82.0
579 Checking netblock 182.236.75.0
580 Checking netblock 118.67.107.0
581 Checking netblock 160.16.125.0
582 Checking netblock 54.248.123.0
583 Checking netblock 42.125.251.0
584 Checking netblock 210.149.162.0
585 Checking netblock 210.130.1.0
586 Checking netblock 202.143.90.0
587 Checking netblock 203.180.155.0
588 Checking netblock 210.149.141.0
589 Checking netblock 101.97.26.0
590 Checking netblock 202.232.2.0
591 Checking netblock 210.129.128.0
592 Checking netblock 203.180.90.0
593 Checking netblock 202.232.173.0
594 Checking netblock 203.180.216.0
595
596 Searching for cao.go.jp. emails in Google
597 yoshinori.miyajima@cao.go.jp
598 sosei-daigaku.t3a@cao.go.jp
599
600 Checking 27 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
601 Host 210.130.202.160 is up (reset ttl 64)
602 Host 210.130.202.128 is up (reset ttl 64)
603 Host 202.238.158.84 is up (reset ttl 64)
604 Host 202.238.158.83 is up (reset ttl 64)
605 Host 182.236.82.0 is up (reset ttl 64)
606 Host 182.236.75.0 is up (reset ttl 64)
607 Host 118.67.107.0 is up (reset ttl 64)
608 Host 160.16.125.241 is up (reset ttl 64)
609 Host 54.248.123.160 is up (reset ttl 64)
610 Host 42.125.251.0 is up (reset ttl 64)
611 Host 210.130.202.152 is up (reset ttl 64)
612 Host 210.149.162.119 is up (reset ttl 64)
613 Host 210.149.162.118 is up (reset ttl 64)
614 Host 210.130.1.15 is up (reset ttl 64)
615 Host 202.143.90.187 is up (reset ttl 64)
616 Host 203.180.155.136 is up (reset ttl 64)
617 Host 203.180.155.137 is up (reset ttl 64)
618 Host 210.149.141.151 is up (reset ttl 64)
619 Host 101.97.26.0 is up (reset ttl 64)
620 Host 202.232.2.14 is up (reset ttl 64)
621 Host 210.129.128.0 is up (reset ttl 64)
622 Host 203.180.90.39 is up (reset ttl 64)
623 Host 203.180.90.38 is up (reset ttl 64)
624 Host 210.130.202.48 is up (reset ttl 64)
625 Host 202.232.173.186 is up (reset ttl 64)
626 Host 202.232.173.185 is up (reset ttl 64)
627 Host 203.180.216.219 is up (reset ttl 64)
628
629 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
630 Scanning ip 210.130.202.160 ():
631 Scanning ip 210.130.202.128 ():
632 Scanning ip 202.238.158.84 ():
633 Scanning ip 202.238.158.83 ():
634 Scanning ip 182.236.82.0 ():
635 Scanning ip 182.236.75.0 ():
636 Scanning ip 118.67.107.0 ():
637 Scanning ip 160.16.125.241 ():
638 80/tcp open http syn-ack ttl 43 Apache httpd
639 | http-methods:
640 |_ Supported Methods: GET HEAD POST OPTIONS
641 |_http-server-header: Apache
642 |_http-title: Did not follow redirect to https://160.16.125.241/
643 |_https-redirect: ERROR: Script execution failed (use -d to debug)
644 443/tcp open ssl/https syn-ack ttl 41 Apache
645 | http-methods:
646 |_ Supported Methods: GET HEAD POST
647 |_http-server-header: Apache
648 |_http-title: 400 Bad Request
649 |_ssl-date: 2020-02-07T05:08:16+00:00; -10s from scanner time.
650 |_clock-skew: -10s
651 Scanning ip 54.248.123.160 ():
652 Scanning ip 42.125.251.0 ():
653 Scanning ip 210.130.202.152 ():
654 Scanning ip 210.149.162.119 ():
655 Device type: WAP|broadband router|remote management
656 Scanning ip 210.149.162.118 ():
657 Device type: WAP|broadband router|remote management
658 Scanning ip 210.130.1.15 (sys-c.do.2iij.net (PTR)):
659 Scanning ip 202.143.90.187 ():
660 Scanning ip 203.180.155.136 ():
661 Scanning ip 203.180.155.137 ():
662 Scanning ip 210.149.141.151 (log.cao.go.jp.):
663 Scanning ip 101.97.26.0 ():
664 Scanning ip 202.232.2.14 (sys-b.do.2iij.net (PTR)):
665 53/tcp open domain syn-ack ttl 49 (unknown banner: IIJ-DNS-SERVICE)
666 | dns-nsid:
667 |_ bind.version: IIJ-DNS-SERVICE
668 | fingerprint-strings:
669 | DNSVersionBindReqTCP:
670 | version
671 | bind
672 |_ IIJ-DNS-SERVICE
673 Scanning ip 210.129.128.0 ():
674 Scanning ip 203.180.90.39 ():
675 Scanning ip 203.180.90.38 ():
676 Scanning ip 210.130.202.48 ():
677 Scanning ip 202.232.173.186 ():
678 Device type: WAP|broadband router|remote management
679 Scanning ip 202.232.173.185 ():
680 Device type: WAP|broadband router|remote management
681 Scanning ip 203.180.216.219 (www.cao.go.jp.):
682 80/tcp open http syn-ack ttl 49 nginx
683 |_http-title: 400 Bad Request
684 443/tcp open ssl/http syn-ack ttl 49 nginx
685 |_http-title: 400 Bad Request
686 | ssl-cert: Subject: commonName=*.cao.go.jp/organizationName=Cabinet Office/stateOrProvinceName=Tokyo/countryName=JP
687 | Subject Alternative Name: DNS:*.cao.go.jp, DNS:cao.go.jp
688 | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
689 | Public Key type: rsa
690 | Public Key bits: 2048
691 | Signature Algorithm: sha256WithRSAEncryption
692 | Not valid before: 2018-09-07T06:50:57
693 | Not valid after: 2020-09-07T06:50:57
694 | MD5: 7e01 7105 ae6c 563d 9f3e dd19 1d48 5a1d
695 |_SHA-1: f27e efda 3798 07e0 aacb abbb aa39 3911 ce3d 5c90
696 |_ssl-date: TLS randomness does not represent time
697 | tls-alpn:
698 |_ http/1.1
699 | tls-nextprotoneg:
700 |_ http/1.1
701 WebCrawling domain's web servers... up to 50 max links.
702
703 + URL to crawl: http://www.cao.go.jp.
704 + Date: 2020-02-07
705
706 + Crawling URL: http://www.cao.go.jp.:
707 + Links:
708 + Crawling http://www.cao.go.jp.
709 + Searching for directories...
710 + Searching open folders...
711
712
713 + URL to crawl: https://www.cao.go.jp.
714 + Date: 2020-02-07
715
716 + Crawling URL: https://www.cao.go.jp.:
717 + Links:
718 + Crawling https://www.cao.go.jp.
719 + Searching for directories...
720 + Searching open folders...
721
722--Finished--
723Summary information for domain cao.go.jp.
724-----------------------------------------
725 Domain Specific Information:
726 Email: yoshinori.miyajima@cao.go.jp
727 Email: sosei-daigaku.t3a@cao.go.jp
728
729 Domain Ips Information:
730 IP: 210.130.202.160
731 Type: SPF
732 Is Active: True (reset ttl 64)
733 IP: 210.130.202.128
734 Type: SPF
735 Is Active: True (reset ttl 64)
736 IP: 202.238.158.84
737 Type: SPF
738 Is Active: True (reset ttl 64)
739 IP: 202.238.158.83
740 Type: SPF
741 Is Active: True (reset ttl 64)
742 IP: 182.236.82.0
743 Type: SPF
744 Is Active: True (reset ttl 64)
745 IP: 182.236.75.0
746 Type: SPF
747 Is Active: True (reset ttl 64)
748 IP: 118.67.107.0
749 Type: SPF
750 Is Active: True (reset ttl 64)
751 IP: 160.16.125.241
752 Type: SPF
753 Is Active: True (reset ttl 64)
754 Port: 80/tcp open http syn-ack ttl 43 Apache httpd
755 Script Info: | http-methods:
756 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
757 Script Info: |_http-server-header: Apache
758 Script Info: |_http-title: Did not follow redirect to https://160.16.125.241/
759 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
760 Port: 443/tcp open ssl/https syn-ack ttl 41 Apache
761 Script Info: | http-methods:
762 Script Info: |_ Supported Methods: GET HEAD POST
763 Script Info: |_http-server-header: Apache
764 Script Info: |_http-title: 400 Bad Request
765 Script Info: |_ssl-date: 2020-02-07T05:08:16+00:00; -10s from scanner time.
766 Script Info: |_clock-skew: -10s
767 IP: 54.248.123.160
768 Type: SPF
769 Is Active: True (reset ttl 64)
770 IP: 42.125.251.0
771 Type: SPF
772 Is Active: True (reset ttl 64)
773 IP: 210.130.202.152
774 Type: SPF
775 Is Active: True (reset ttl 64)
776 IP: 210.149.162.119
777 Type: SPF
778 Is Active: True (reset ttl 64)
779 Script Info: Device type: WAP|broadband router|remote management
780 IP: 210.149.162.118
781 Type: SPF
782 Is Active: True (reset ttl 64)
783 Script Info: Device type: WAP|broadband router|remote management
784 IP: 210.130.1.15
785 HostName: dns-c.iij.ad.jp Type: NS
786 HostName: sys-c.do.2iij.net Type: PTR
787 Country: Japan
788 Is Active: True (reset ttl 64)
789 IP: 202.143.90.187
790 Type: SPF
791 Is Active: True (reset ttl 64)
792 IP: 203.180.155.136
793 Type: SPF
794 Is Active: True (reset ttl 64)
795 IP: 203.180.155.137
796 Type: SPF
797 Is Active: True (reset ttl 64)
798 IP: 210.149.141.151
799 HostName: log.cao.go.jp. Type: A
800 Country: Japan
801 Is Active: True (reset ttl 64)
802 IP: 101.97.26.0
803 Type: SPF
804 Is Active: True (reset ttl 64)
805 IP: 202.232.2.14
806 HostName: dns-b.iij.ad.jp Type: NS
807 HostName: sys-b.do.2iij.net Type: PTR
808 Country: Japan
809 Is Active: True (reset ttl 64)
810 Port: 53/tcp open domain syn-ack ttl 49 (unknown banner: IIJ-DNS-SERVICE)
811 Script Info: | dns-nsid:
812 Script Info: |_ bind.version: IIJ-DNS-SERVICE
813 Script Info: | fingerprint-strings:
814 Script Info: | DNSVersionBindReqTCP:
815 Script Info: | version
816 Script Info: | bind
817 Script Info: |_ IIJ-DNS-SERVICE
818 IP: 210.129.128.0
819 Type: SPF
820 Is Active: True (reset ttl 64)
821 IP: 203.180.90.39
822 Type: SPF
823 Is Active: True (reset ttl 64)
824 IP: 203.180.90.38
825 Type: SPF
826 Is Active: True (reset ttl 64)
827 IP: 210.130.202.48
828 Type: SPF
829 Is Active: True (reset ttl 64)
830 IP: 202.232.173.186
831 Type: SPF
832 Is Active: True (reset ttl 64)
833 Script Info: Device type: WAP|broadband router|remote management
834 IP: 202.232.173.185
835 Type: SPF
836 Is Active: True (reset ttl 64)
837 Script Info: Device type: WAP|broadband router|remote management
838 IP: 203.180.216.219
839 HostName: www.cao.go.jp. Type: A
840 Country: Japan
841 Is Active: True (reset ttl 64)
842 Port: 80/tcp open http syn-ack ttl 49 nginx
843 Script Info: |_http-title: 400 Bad Request
844 Port: 443/tcp open ssl/http syn-ack ttl 49 nginx
845 Script Info: |_http-title: 400 Bad Request
846 Script Info: | ssl-cert: Subject: commonName=*.cao.go.jp/organizationName=Cabinet Office/stateOrProvinceName=Tokyo/countryName=JP
847 Script Info: | Subject Alternative Name: DNS:*.cao.go.jp, DNS:cao.go.jp
848 Script Info: | Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
849 Script Info: | Public Key type: rsa
850 Script Info: | Public Key bits: 2048
851 Script Info: | Signature Algorithm: sha256WithRSAEncryption
852 Script Info: | Not valid before: 2018-09-07T06:50:57
853 Script Info: | Not valid after: 2020-09-07T06:50:57
854 Script Info: | MD5: 7e01 7105 ae6c 563d 9f3e dd19 1d48 5a1d
855 Script Info: |_SHA-1: f27e efda 3798 07e0 aacb abbb aa39 3911 ce3d 5c90
856 Script Info: |_ssl-date: TLS randomness does not represent time
857 Script Info: | tls-alpn:
858 Script Info: |_ http/1.1
859 Script Info: | tls-nextprotoneg:
860 Script Info: |_ http/1.1
861
862--------------End Summary --------------
863-----------------------------------------
864#####################################################################################################################################
865traceroute to wwwa.cao.go.jp (210.149.141.34), 30 hops max, 60 byte packets
866 1 10.253.204.1 (10.253.204.1) 62.009 ms 63.391 ms 63.366 ms
867 2 R43.static.amanah.com (104.245.144.129) 63.336 ms 63.307 ms 63.278 ms
868 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 63.274 ms 63.242 ms 91.332 ms
869 4 te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 63.170 ms 91.287 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 63.072 ms
870 5 te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153) 63.013 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 62.981 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161) 62.947 ms
871 6 be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 91.104 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 40.187 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 37.429 ms
872 7 be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 84.182 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 84.186 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 84.093 ms
873 8 be2766.ccr41.ord03.atlas.cogentco.com (154.54.46.178) 84.100 ms 84.064 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18) 83.998 ms
874 9 ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121) 84.057 ms 84.060 ms 112.775 ms
87510 ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191) 83.913 ms 83.845 ms 81.813 ms
87611 ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42) 190.829 ms 190.838 ms 112.589 ms
87712 ae-11.r04.sttlwa01.us.bb.gin.ntt.net (129.250.2.6) 154.727 ms ae-29.r05.sttlwa01.us.bb.gin.ntt.net (129.250.2.89) 122.892 ms 154.747 ms
87813 ae-0.a01.sttlwa01.us.bb.gin.ntt.net (129.250.5.86) 154.709 ms ae-1.a01.sttlwa01.us.bb.gin.ntt.net (129.250.5.98) 154.641 ms 154.625 ms
87914 ae-0.iij.sttlwa01.us.bb.gin.ntt.net (131.103.116.22) 154.611 ms 154.600 ms 154.585 ms
88015 tky009bb01.IIJ.Net (58.138.88.229) 248.571 ms tky008bb00.IIJ.Net (58.138.88.137) 218.119 ms tky009bb01.IIJ.Net (58.138.88.229) 248.513 ms
88116 ykh002bb00.IIJ.Net (58.138.89.145) 218.085 ms 218.076 ms 218.019 ms
88217 ykh002ip60.IIJ.Net (58.138.120.242) 217.936 ms ykh002ip60.IIJ.Net (58.138.120.226) 235.285 ms ykh002ip60.IIJ.Net (58.138.120.6) 211.222 ms
88318 210.130.163.202 (210.130.163.202) 285.419 ms 285.416 ms 285.401 ms
884#####################################################################################################################################
885----- cao.go.jp -----
886
887
888Host's addresses:
889__________________
890
891
892
893Name Servers:
894______________
895
896dns-b.iij.ad.jp. 73035 IN A 202.232.2.14
897dns-c.iij.ad.jp. 16471 IN A 210.130.1.15
898
899
900Mail (MX) Servers:
901___________________
902
903mx.securemx.jp. 316 IN A 210.130.202.122
904mx.securemx.jp. 316 IN A 210.130.202.98
905mx.securemx.jp. 316 IN A 210.130.202.97
906mx.securemx.jp. 316 IN A 210.130.202.123
907
908
909Google Results:
910________________
911
912wwwa.cao.go.jp. 30 IN A 210.149.141.34
913www5.cao.go.jp. 30 IN A 210.149.141.32
914www8.cao.go.jp. 30 IN A 210.149.141.33
915
916
917Brute forcing with /usr/share/dnsenum/dns.txt:
918_______________________________________________
919
920av.cao.go.jp. 324 IN A 210.149.142.73
921av.cao.go.jp. 324 IN A 210.149.142.76
922form.cao.go.jp. 600 IN A 210.149.141.162
923log.cao.go.jp. 316 IN A 210.149.141.151
924www.cao.go.jp. 199 IN CNAME p00s209-1521.cas.iijgio.jp.
925p00s209-1521.cas.iijgio.jp. 300 IN A 203.180.216.219
926
927
928Launching Whois Queries:
929_________________________
930
931 whois ip result: 210.149.142.0 -> 210.149.142.0/24
932 whois ip result: 210.149.141.0 -> 210.149.141.0/24
933
934
935cao.go.jp_________
936
937 210.149.142.0/24
938 210.149.141.0/24
939
940####################################################################################################################################
941URLCrazy Domain Report
942Domain : wwwa.cao.go.jp
943Keyboard : qwerty
944At : 2020-02-07 00:00:56 -0500
945
946# Please wait. 140 hostnames to process
947
948Typo Type Typo DNS-A CC-A DNS-MX Extn
949---------------------------------------------------------------------------------------------------------------------------------
950Character Omission wwa.cao.go.jp ? jp
951Character Omission www.cao.go.jp 203.180.216.219 JP,JAPAN jp
952Character Omission wwwa.ao.go.jp ? jp
953Character Omission wwwa.ca.go.jp ? jp
954Character Omission wwwa.cao.g.jp ? jp
955Character Omission wwwa.cao.o.jp ? jp
956Character Omission wwwa.caogo.jp 210.225.95.241 US,UNITED STATES rscql.net jp
957Character Omission wwwa.co.go.jp ? jp
958Character Omission wwwacao.go.jp ? jp
959Character Repeat wwwa.caao.go.jp ? jp
960Character Repeat wwwa.cao.ggo.jp ? jp
961Character Repeat wwwa.cao.goo.jp ? jp
962Character Repeat wwwa.caoo.go.jp ? jp
963Character Repeat wwwa.ccao.go.jp ? jp
964Character Repeat wwwaa.cao.go.jp ? jp
965Character Repeat wwwwa.cao.go.jp ? jp
966Character Swap wwaw.cao.go.jp ? jp
967Character Swap www.acao.go.jp ? jp
968Character Swap wwwa.aco.go.jp ? jp
969Character Swap wwwa.ca.ogo.jp 210.188.240.2 JP,JAPAN jp
970Character Swap wwwa.cao.og.jp ? jp
971Character Swap wwwa.caog.o.jp ? jp
972Character Swap wwwa.coa.go.jp ? jp
973Character Swap wwwac.ao.go.jp ? jp
974Character Replacement ewwa.cao.go.jp ? jp
975Character Replacement qwwa.cao.go.jp ? jp
976Character Replacement wewa.cao.go.jp ? jp
977Character Replacement wqwa.cao.go.jp ? jp
978Character Replacement wwea.cao.go.jp ? jp
979Character Replacement wwqa.cao.go.jp ? jp
980Character Replacement wwwa.cai.go.jp ? jp
981Character Replacement wwwa.cao.fo.jp ? jp
982Character Replacement wwwa.cao.gi.jp ? jp
983Character Replacement wwwa.cao.go.jo ? jo
984Character Replacement wwwa.cao.go.kp ? kp
985Character Replacement wwwa.cao.gp.jp ? jp
986Character Replacement wwwa.cao.ho.jp ? jp
987Character Replacement wwwa.cap.go.jp ? jp
988Character Replacement wwwa.cso.go.jp ? jp
989Character Replacement wwwa.vao.go.jp ? jp
990Character Replacement wwwa.xao.go.jp ? jp
991Character Replacement wwws.cao.go.jp ? jp
992Double Character Replacement eewa.cao.go.jp ? jp
993Double Character Replacement qqwa.cao.go.jp ? jp
994Double Character Replacement weea.cao.go.jp ? jp
995Double Character Replacement wqqa.cao.go.jp ? jp
996Character Insertion wewwa.cao.go.jp ? jp
997Character Insertion wqwwa.cao.go.jp ? jp
998Character Insertion wwewa.cao.go.jp ? jp
999Character Insertion wwqwa.cao.go.jp ? jp
1000Character Insertion wwwa.cao.gfo.jp ? jp
1001Character Insertion wwwa.cao.gho.jp ? jp
1002Character Insertion wwwa.cao.goi.jp ? jp
1003Character Insertion wwwa.cao.gop.jp 150.95.255.38 JP,JAPAN jp
1004Character Insertion wwwa.caoi.go.jp ? jp
1005Character Insertion wwwa.caop.go.jp ? jp
1006Character Insertion wwwa.caso.go.jp ? jp
1007Character Insertion wwwa.cvao.go.jp ? jp
1008Character Insertion wwwa.cxao.go.jp ? jp
1009Character Insertion wwwas.cao.go.jp ? jp
1010Character Insertion wwwea.cao.go.jp ? jp
1011Character Insertion wwwqa.cao.go.jp ? jp
1012Missing Dot wwwwwwa.cao.go.jp ? jp
1013Singular or Pluralise go.jp ? jp
1014Singular or Pluralise gos.jp 157.7.107.70 JP,JAPAN mx01.lolipop.jp jp
1015Vowel Swap wwwa.caa.ga.jp ? jp
1016Vowel Swap wwwa.cae.ge.jp ? jp
1017Vowel Swap wwwa.cai.gi.jp ? jp
1018Vowel Swap wwwa.cau.gu.jp ? jp
1019Vowel Swap wwwe.ceo.go.jp ? jp
1020Vowel Swap wwwi.cio.go.jp 52.68.4.243 US,UNITED STATES jp
1021Vowel Swap wwwo.coo.go.jp ? jp
1022Vowel Swap wwwu.cuo.go.jp ? jp
1023Bit Flipping 7wwa.cao.go.jp ? jp
1024Bit Flipping gwwa.cao.go.jp ? jp
1025Bit Flipping swwa.cao.go.jp ? jp
1026Bit Flipping uwwa.cao.go.jp ? jp
1027Bit Flipping vwwa.cao.go.jp ? jp
1028Bit Flipping w7wa.cao.go.jp ? jp
1029Bit Flipping wgwa.cao.go.jp ? jp
1030Bit Flipping wswa.cao.go.jp ? jp
1031Bit Flipping wuwa.cao.go.jp ? jp
1032Bit Flipping wvwa.cao.go.jp ? jp
1033Bit Flipping ww7a.cao.go.jp ? jp
1034Bit Flipping wwga.cao.go.jp ? jp
1035Bit Flipping wwsa.cao.go.jp ? jp
1036Bit Flipping wwua.cao.go.jp ? jp
1037Bit Flipping wwva.cao.go.jp ? jp
1038Bit Flipping wwwa.aao.go.jp ? jp
1039Bit Flipping wwwa.bao.go.jp ? jp
1040Bit Flipping wwwa.cag.go.jp ? jp
1041Bit Flipping wwwa.cak.go.jp ? jp
1042Bit Flipping wwwa.cam.go.jp ? jp
1043Bit Flipping wwwa.can.go.jp ? jp
1044Bit Flipping wwwa.cao.co.jp ? jp
1045Bit Flipping wwwa.cao.eo.jp ? jp
1046Bit Flipping wwwa.cao.gg.jp ? jp
1047Bit Flipping wwwa.cao.gk.jp ? jp
1048Bit Flipping wwwa.cao.gm.jp ? jp
1049Bit Flipping wwwa.cao.gn.jp ? jp
1050Bit Flipping wwwa.cao.oo.jp ? jp
1051Bit Flipping wwwa.cao.wo.jp ? jp
1052Bit Flipping wwwa.caongo.jp ? jp
1053Bit Flipping wwwa.cco.go.jp ? jp
1054Bit Flipping wwwa.ceo.go.jp ? jp
1055Bit Flipping wwwa.cio.go.jp 52.68.4.243 US,UNITED STATES jp
1056Bit Flipping wwwa.cqo.go.jp ? jp
1057Bit Flipping wwwa.gao.go.jp ? jp
1058Bit Flipping wwwa.kao.go.jp ? jp
1059Bit Flipping wwwa.sao.go.jp ? jp
1060Bit Flipping wwwancao.go.jp ? jp
1061Bit Flipping wwwc.cao.go.jp 210.149.141.35 JP,JAPAN jp
1062Bit Flipping wwwe.cao.go.jp ? jp
1063Bit Flipping wwwi.cao.go.jp ? jp
1064Bit Flipping wwwq.cao.go.jp ? jp
1065Homoglyphs vvvvvva.cao.go.jp ? jp
1066Homoglyphs vvvvwa.cao.go.jp ? jp
1067Homoglyphs vvwvva.cao.go.jp ? jp
1068Homoglyphs vvwwa.cao.go.jp ? jp
1069Homoglyphs wvvvva.cao.go.jp ? jp
1070Homoglyphs wvvwa.cao.go.jp ? jp
1071Homoglyphs wwvva.cao.go.jp ? jp
1072Homoglyphs wwwa.ca0.g0.jp ? jp
1073Homoglyphs wwwa.ca0.go.jp ? jp
1074Homoglyphs wwwa.cao.g0.jp ? jp
1075Wrong TLD go.ca 185.53.178.8 ca
1076Wrong TLD go.ch ? ch
1077Wrong TLD go.com 23.236.60.174 mx.go.com.cust.b.hostedemail.com com
1078Wrong TLD go.de 37.228.153.6 DE,GERMANY mail.go.de de
1079Wrong TLD go.edu ? edu
1080Wrong TLD go.es ? es
1081Wrong TLD go.fr 95.142.101.112 NL,NETHERLANDS mail.go.fr fr
1082Wrong TLD go.it ? it
1083Wrong TLD go.net 208.91.197.26 CO,COLOMBIA net
1084Wrong TLD go.nl ? mx2.vuurwerk.nl nl
1085Wrong TLD go.no 13.248.150.189 US,UNITED STATES mail.disneyonline.com no
1086Wrong TLD go.org 162.216.41.209 org
1087Wrong TLD go.ru 213.189.197.1 RU,RUSSIAN FEDERATION mx.go.ru ru
1088Wrong TLD go.se 91.237.66.110 SE,SWEDEN se
1089Wrong TLD go.us ? us
1090####################################################################################################################################
1091
1092[1/100] /?sa=X
1093 [x] Error downloading /?sa=X
1094[2/100] /advanced_search
1095 [x] Error downloading /advanced_search
1096[3/100] http://wwwa.cao.go.jp/oaep/press/press_mo_1.pdf
1097[4/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_3.pdf
1098 [x] Error in the parsing process
1099[5/100] http://wwwa.cao.go.jp/oaep/dl/yoko151006_e.pdf
1100[6/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14gaiyo.pdf
1101 [x] Error in the parsing process
1102[7/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_13shiryo.pdf
1103 [x] Error in the parsing process
1104[8/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_3.pdf
1105 [x] Error in the parsing process
1106[9/100] http://wwwa.cao.go.jp/oaep/dl/yoko151006.pdf
1107[10/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15gaiyo.pdf
1108 [x] Error in the parsing process
1109[11/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_4.pdf
1110 [x] Error in the parsing process
1111[12/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_4.pdf
1112 [x] Error in the parsing process
1113[13/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_2.pdf
1114 [x] Error in the parsing process
1115[14/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_5.pdf
1116 [x] Error in the parsing process
1117[15/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_4.pdf
1118 [x] Error in the parsing process
1119[16/100] http://wwwa.cao.go.jp/oaep/dl/yoko151006_2.pdf
1120[17/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19gaiyo.pdf
1121 [x] Error in the parsing process
1122[18/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_3.pdf
1123 [x] Error in the parsing process
1124[19/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_2.pdf
1125 [x] Error in the parsing process
1126[20/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_5.pdf
1127 [x] Error in the parsing process
1128[21/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_3.pdf
1129 [x] Error in the parsing process
1130[22/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_2.pdf
1131 [x] Error in the parsing process
1132[23/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2708.pdf
1133 [x] Error in the parsing process
1134[24/100] http://wwwa.cao.go.jp/oaep/press/press_mo_2.pdf
1135[25/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_1.pdf
1136 [x] Error in the parsing process
1137[26/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_5.pdf
1138 [x] Error in the parsing process
1139[27/100] http://wwwa.cao.go.jp/oaep/dl/houkoku1703.pdf
1140[28/100] http://wwwa.cao.go.jp/oaep/dl/houkoku1803.pdf
1141[29/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_1.pdf
1142 [x] Error in the parsing process
1143[30/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_16gaiyo.pdf
1144 [x] Error in the parsing process
1145[31/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_1.pdf
1146 [x] Error in the parsing process
1147[32/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_6.pdf
1148 [x] Error in the parsing process
1149[33/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_2.pdf
1150 [x] Error in the parsing process
1151[34/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_4.pdf
1152 [x] Error in the parsing process
1153[35/100] http://wwwa.cao.go.jp/oaep/dl/kento151006.pdf
1154[36/100] http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_1.pdf
1155 [x] Error in the parsing process
1156[37/100] http://wwwa.cao.go.jp/wlb/kanren/pdf/kanren8_8.pdf
1157 [x] Error in the parsing process
1158[38/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai03.pdf
1159 [x] Error in PDF metadata Software
1160 [x] Error in PDF metadata Creator
1161[39/100] http://wwwa.cao.go.jp/wlb/government/pdf/charter.pdf
1162 [x] Error in PDF metadata Creator
1163[40/100] http://wwwa.cao.go.jp/wlb/government/pdf/indicator.pdf
1164 [x] Error in the parsing process
1165[41/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai07.pdf
1166 [x] Error in PDF metadata Software
1167 [x] Error in PDF metadata Creator
1168[42/100] http://wwwa.cao.go.jp/wlb/event/pdf/h260203_event.pdf
1169 [x] Error in the parsing process
1170[43/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai00.pdf
1171 [x] Error in PDF metadata Software
1172 [x] Error in PDF metadata Creator
1173[44/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai06.pdf
1174 [x] Error in the parsing process
1175[45/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai04.pdf
1176 [x] Error in PDF metadata Software
1177 [x] Error in PDF metadata Creator
1178[46/100] http://wwwa.cao.go.jp/wlb/event/pdf/h251002_event.pdf
1179 [x] Error in the parsing process
1180[47/100] http://wwwa.cao.go.jp/wlb/research/sougo/s2.pdf
1181 [x] Error in the parsing process
1182[48/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/3_kouhyou.pdf
1183 [x] Error in the parsing process
1184[49/100] http://wwwa.cao.go.jp/wlb/event/pdf/h250117_WLB.pdf
1185 [x] Error in the parsing process
1186[50/100] http://wwwa.cao.go.jp/oaep/mo-supply/jigyouka.pdf
1187[51/100] http://wwwa.cao.go.jp/wlb/research/wlb_h3103/2.pdf
1188 [x] Error in the parsing process
1189[52/100] http://wwwa.cao.go.jp/wlb/research/sougo/s3.pdf
1190 [x] Error in the parsing process
1191[53/100] http://wwwa.cao.go.jp/wlb/research/sougo/s1.pdf
1192 [x] Error in the parsing process
1193[54/100] http://wwwa.cao.go.jp/wlb/research/sougo/s4.pdf
1194 [x] Error in the parsing process
1195[55/100] http://wwwa.cao.go.jp/wlb/research/sougo/sougo.pdf
1196 [x] Error in the parsing process
1197[56/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/5_naiyou.pdf
1198 [x] Error in the parsing process
1199[57/100] http://wwwa.cao.go.jp/oaep/mo-supply/gaiyou4.pdf
1200[58/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/8_chosahyou.pdf
1201 [x] Error in the parsing process
1202[59/100] http://wwwa.cao.go.jp/wlb/event/pdf/houkoku_170228.pdf
1203 [x] Error in the parsing process
1204[60/100] http://wwwa.cao.go.jp/wlb/event/pdf/siryo_symposium.pdf
1205 [x] Error in the parsing process
1206[61/100] http://wwwa.cao.go.jp/wlb/research/wlb_h3003/chapter4.pdf
1207 [x] Error in the parsing process
1208[62/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/7_kekka.pdf
1209 [x] Error in the parsing process
1210[63/100] http://wwwa.cao.go.jp/wlb/charter/pdf/process.pdf
1211 [x] Error in PDF metadata Creator
1212[64/100] http://wwwa.cao.go.jp/wlb/event/pdf/h250117_ishikawa.pdf
1213 [x] Error in the parsing process
1214[65/100] http://wwwa.cao.go.jp/oaep/mo-supply/gaiyou3.pdf
1215[66/100] http://wwwa.cao.go.jp/oaep/mo-supply/houkokusho.pdf
1216[67/100] http://wwwa.cao.go.jp/wlb/kanren/pdf/kanren8_3.pdf
1217 [x] Error in the parsing process
1218[68/100] http://wwwa.cao.go.jp/oaep/mo-supply/gaiyou2.pdf
1219[69/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai01.pdf
1220 [x] Error in PDF metadata Software
1221 [x] Error in PDF metadata Creator
1222[70/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai05.pdf
1223 [x] Error in PDF metadata Software
1224 [x] Error in PDF metadata Creator
1225[71/100] http://wwwa.cao.go.jp/wlb/event/pdf/chirashi_150227.pdf
1226 [x] Error in the parsing process
1227[72/100] http://wwwa.cao.go.jp/oaep/mo-supply/gaiyou5.pdf
1228[73/100] http://wwwa.cao.go.jp/wlb/local/pdf/h24_yamagata.pdf
1229 [x] Error in the parsing process
1230[74/100] http://wwwa.cao.go.jp/wlb/event/pdf/gaiyo_symposium.pdf
1231 [x] Error in the parsing process
1232[75/100] http://wwwa.cao.go.jp/wlb/research/wlb_h3103/4.pdf
1233 [x] Error in the parsing process
1234[76/100] http://wwwa.cao.go.jp/wlb/event/pdf/houkoku_181213.pdf
1235 [x] Error in the parsing process
1236[77/100] http://wwwa.cao.go.jp/wlb/research/shinsai/shinsai02.pdf
1237 [x] Error in PDF metadata Software
1238 [x] Error in PDF metadata Creator
1239[78/100] http://wwwa.cao.go.jp/wlb/event/pdf/chirashi.pdf
1240 [x] Error in the parsing process
1241[79/100] http://wwwa.cao.go.jp/wlb/event/pdf/h250117_koen.pdf
1242 [x] Error in the parsing process
1243[80/100] http://wwwa.cao.go.jp/wlb/government/pdf/gaiyou.pdf
1244 [x] Error in PDF metadata Creator
1245[81/100] http://wwwa.cao.go.jp/wlb/research/wlb_h3103/5.pdf
1246 [x] Error in the parsing process
1247[82/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2703_02/chapter4.pdf
1248 [x] Error in the parsing process
1249[83/100] http://wwwa.cao.go.jp/wlb/kanren/pdf/kanren8_2.pdf
1250 [x] Error in the parsing process
1251[84/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/1_gaiyou.pdf
1252 [x] Error in the parsing process
1253[85/100] http://wwwa.cao.go.jp/oaep/mo-supply/mo_secchi.pdf
1254[86/100] http://wwwa.cao.go.jp/wlb/event/pdf/houkoku_171218.pdf
1255 [x] Error in the parsing process
1256[87/100] http://wwwa.cao.go.jp/wlb/research/wlb_h2511/6_kekkapoint.pdf
1257 [x] Error in the parsing process
1258[88/100] http://wwwa.cao.go.jp/wlb/kanren/pdf/kanren8_4.pdf
1259 [x] Error in the parsing process
1260[89/100] http://wwwa.cao.go.jp/wlb/towa/pdf/role.pdf
1261 [x] Error in PDF metadata Creator
1262[90/100] http://wwwa.cao.go.jp/wlb/event/pdf/chirashi_170203.pdf
1263 [x] Error in the parsing process
1264[91/100] http://wwwa.cao.go.jp/wlb/kanren/pdf/kanren8_1.pdf
1265 [x] Error in the parsing process
1266[92/100] http://wwwa.cao.go.jp/oaep/mo-supply/gaiyou1.pdf
1267[93/100] http://wwwa.cao.go.jp/wlb/towa/pdf/figure.pdf
1268 [x] Error in PDF metadata Creator
1269[94/100] http://wwwa.cao.go.jp/wlb/change_jpn/pdf/khosi_form.pdf
1270 [x] Error in the parsing process
1271[95/100] http://wwwa.cao.go.jp/wlb/change_jpn/pdf/khosi_youkou.pdf
1272 [x] Error in the parsing process
1273[96/100] http://wwwa.cao.go.jp/wlb/event/pdf/houkoku_150320.pdf
1274 [x] Error in the parsing process
1275[97/100] http://wwwa.cao.go.jp/wlb/event/pdf/houkoku_150317.pdf
1276 [x] Error in the parsing process
1277[98/100] http://wwwa.cao.go.jp/wlb/event/pdf/chirashi_141119.pdf
1278 [x] Error in the parsing process
1279[99/100] http://wwwa.cao.go.jp/wlb/event/pdf/chirashi_150121.pdf
1280 [x] Error in the parsing process
1281[100/100] http://wwwa.cao.go.jp/oaep/mo-supply/mo_sankasha.pdf
1282
1283[+] List of software found:
1284-----------------------------
1285Acrobat Distiller 8.1.0 (Windows)
1286��Word u( Acrobat PDFMaker 8.1
1287Acrobat Distiller 11.0 (Windows)
1288PScript5.dll Version 5.2.2
1289Adobe PDF Library 11.0
1290��Word u( Acrobat PDFMaker 11
1291Acrobat Distiller 9.3.3 (Windows)
1292Acrobat Distiller 17.0 (Windows)
1293#####################################################################################################################################
1294[*] Processing domain wwwa.cao.go.jp
1295[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
1296[+] Getting nameservers
1297202.232.87.54 - ns12.cao.go.jp
1298210.149.141.10 - ns11.cao.go.jp
1299[-] Zone transfer failed
1300
1301[+] IPv6 (AAAA) records found. Try running dnscan with the -6 option.
13022001:240:1b0:1::34
1303
1304[*] Scanning wwwa.cao.go.jp for A records
1305210.149.141.34 - wwwa.cao.go.jp
1306#####################################################################################################################################
1307[+] wwwa.cao.go.jp has no SPF record!
1308[*] No DMARC record found. Looking for organizational record
1309[*] Found organizational DMARC record:
1310[*] v=DMARC1; p=reject; rua=mailto:dmarc-rua@report.securemx.jp,dmarc@cao.go.jp;ruf=mailto:dmarc@cao.go.jp
1311[*] No explicit organizational subdomain policy. Defaulting to organizational policy
1312[-] DMARC policy set to reject
1313[-] Spoofing not possible for wwwa.cao.go.jp
1314#####################################################################################################################################
1315INFO[0000] Starting to process queue....
1316INFO[0000] Starting to process permutations....
1317INFO[0000] FORBIDDEN http://cao-staging.s3.amazonaws.com (http://cao.go.jp)
1318INFO[0000] FORBIDDEN http://cao-test.s3.amazonaws.com (http://cao.go.jp)
1319INFO[0000] FORBIDDEN http://cao-media.s3.amazonaws.com (http://cao.go.jp)
1320INFO[0000] FORBIDDEN http://cao.s3.amazonaws.com (http://cao.go.jp)
1321INFO[0000] FORBIDDEN http://cao-data.s3.amazonaws.com (http://cao.go.jp)
1322INFO[0000] FORBIDDEN http://cao-backup.s3.amazonaws.com (http://cao.go.jp)
1323INFO[0000] FORBIDDEN http://cao-bucket.s3.amazonaws.com (http://cao.go.jp)
1324#####################################################################################################################################
1325WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1326Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:45 EST
1327Nmap scan report for wwwa.cao.go.jp (210.149.141.34)
1328Host is up (0.14s latency).
1329Other addresses for wwwa.cao.go.jp (not scanned): 2001:240:1b0:1::34
1330Not shown: 491 filtered ports, 4 closed ports
1331Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1332PORT STATE SERVICE
133380/tcp open http
1334
1335Nmap done: 1 IP address (1 host up) scanned in 9.60 seconds
1336#####################################################################################################################################
1337Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:45 EST
1338Nmap scan report for wwwa.cao.go.jp (210.149.141.34)
1339Host is up (0.037s latency).
1340Other addresses for wwwa.cao.go.jp (not scanned): 2001:240:1b0:1::34
1341Not shown: 2 filtered ports
1342PORT STATE SERVICE
134353/udp open|filtered domain
134467/udp open|filtered dhcps
134568/udp open|filtered dhcpc
134669/udp open|filtered tftp
134788/udp open|filtered kerberos-sec
1348123/udp open|filtered ntp
1349139/udp open|filtered netbios-ssn
1350161/udp open|filtered snmp
1351162/udp open|filtered snmptrap
1352389/udp open|filtered ldap
1353500/udp open|filtered isakmp
1354520/udp open|filtered route
13552049/udp open|filtered nfs
1356
1357Nmap done: 1 IP address (1 host up) scanned in 1.83 seconds
1358#####################################################################################################################################
1359HTTP/1.1 200 OK
1360Date: Fri, 07 Feb 2020 05:45:41 GMT
1361Server: Apache
1362X-Frame-Options: SAMEORIGIN
1363Last-Modified: Mon, 03 Dec 2018 01:38:56 GMT
1364ETag: "1f10-57c14365c6b39"
1365Accept-Ranges: bytes
1366Content-Length: 7952
1367Cache-Control: no-store
1368Expires: Fri, 07 Feb 2020 05:45:41 GMT
1369Pragma: no-cache
1370Content-Type: text/html
1371
1372Allow: POST,OPTIONS,GET,HEAD
1373#######################################################################################################################################
1374https://nsearch.cao.go.jp/cao/search.x
1375https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=en
1376https://nsearch.cao.go.jp/cao/search.x?mode_ja_cao=ja_cao&tmpl=ja
1377https://www.cao.go.jp/
1378https://www.cao.go.jp/common3/img/logo_footer.svg
1379https://www.cao.go.jp/common3/img/logo_pc.svg
1380https://www.cao.go.jp/common3/img/logo_sp.svg
1381https://www.cao.go.jp/common3/img/logo_tb.svg
1382https://www.cao.go.jp/index-e.html
1383https://www.cao.go.jp/index.html
1384https://www.cao.go.jp/notice/webaccessibility.html
1385https://www.cao.go.jp/sitemap.html
1386http://warp.da.ndl.go.jp/waid/10214
1387http://www.w3.org/1999/xhtml
1388text/javascript
1389-//W3C//DTD XHTML 1.0 Transitional//EN
1390#####################################################################################################################################
1391Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:46 EST
1392NSE: Loaded 161 scripts for scanning.
1393NSE: Script Pre-scanning.
1394Initiating NSE at 00:46
1395Completed NSE at 00:46, 0.00s elapsed
1396Initiating NSE at 00:46
1397Completed NSE at 00:46, 0.00s elapsed
1398Initiating Parallel DNS resolution of 1 host. at 00:46
1399Completed Parallel DNS resolution of 1 host. at 00:46, 0.02s elapsed
1400Initiating SYN Stealth Scan at 00:46
1401Scanning wwwa.cao.go.jp (210.149.141.34) [1 port]
1402Discovered open port 80/tcp on 210.149.141.34
1403Completed SYN Stealth Scan at 00:46, 0.25s elapsed (1 total ports)
1404Initiating Service scan at 00:46
1405Scanning 1 service on wwwa.cao.go.jp (210.149.141.34)
1406Completed Service scan at 00:47, 6.48s elapsed (1 service on 1 host)
1407Initiating OS detection (try #1) against wwwa.cao.go.jp (210.149.141.34)
1408Retrying OS detection (try #2) against wwwa.cao.go.jp (210.149.141.34)
1409Initiating Traceroute at 00:47
1410Completed Traceroute at 00:47, 0.40s elapsed
1411Initiating Parallel DNS resolution of 20 hosts. at 00:47
1412Completed Parallel DNS resolution of 20 hosts. at 00:47, 0.46s elapsed
1413NSE: Script scanning 210.149.141.34.
1414Initiating NSE at 00:47
1415Completed NSE at 00:48, 90.25s elapsed
1416Initiating NSE at 00:48
1417Completed NSE at 00:48, 0.95s elapsed
1418Nmap scan report for wwwa.cao.go.jp (210.149.141.34)
1419Host is up (0.22s latency).
1420Other addresses for wwwa.cao.go.jp (not scanned): 2001:240:1b0:1::34
1421
1422PORT STATE SERVICE VERSION
142380/tcp open http Apache httpd
1424| http-brute:
1425|_ Path "/" does not require authentication
1426|_http-chrono: Request times for /; avg: 739.20ms; min: 656.75ms; max: 885.45ms
1427| http-csrf:
1428| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=wwwa.cao.go.jp
1429| Found the following possible CSRF vulnerabilities:
1430|
1431| Path: http://wwwa.cao.go.jp:80/
1432| Form id: searchbox
1433|_ Form action: https://nsearch.cao.go.jp/cao/search.x
1434|_http-date: Fri, 07 Feb 2020 05:47:16 GMT; -11s from local time.
1435|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1436|_http-dombased-xss: Couldn't find any DOM based XSS.
1437|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1438|_http-errors: Couldn't find any error pages.
1439|_http-feed: Couldn't find any feeds.
1440|_http-fetch: Please enter the complete path of the directory to save data in.
1441| http-headers:
1442| Date: Fri, 07 Feb 2020 05:47:15 GMT
1443| Server: Apache
1444| X-Frame-Options: SAMEORIGIN
1445| Last-Modified: Mon, 03 Dec 2018 01:38:56 GMT
1446| ETag: "1f10-57c143650ac00"
1447| Accept-Ranges: bytes
1448| Content-Length: 7952
1449| Cache-Control: no-store
1450| Expires: Fri, 07 Feb 2020 05:47:15 GMT
1451| Pragma: no-cache
1452| Connection: close
1453| Content-Type: text/html
1454|
1455|_ (Request type: HEAD)
1456|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1457| http-methods:
1458|_ Supported Methods: GET HEAD POST OPTIONS
1459|_http-mobileversion-checker: No mobile version detected.
1460| http-php-version: Logo query returned unknown hash 38078a796be47252e6e67030c551c94e
1461|_Credits query returned unknown hash 38078a796be47252e6e67030c551c94e
1462| http-security-headers:
1463| X_Frame_Options:
1464| Header: X-Frame-Options: SAMEORIGIN
1465| Description: The browser must not display this content in any frame from a page of different origin than the content itself.
1466| Cache_Control:
1467| Header: Cache-Control: no-store
1468| Pragma:
1469| Header: Pragma: no-cache
1470| Expires:
1471|_ Header: Expires: Fri, 07 Feb 2020 05:47:06 GMT
1472|_http-server-header: Apache
1473| http-sitemap-generator:
1474| Directory structure:
1475| /
1476| Other: 1
1477| Longest directory structure:
1478| Depth: 0
1479| Dir: /
1480| Total files found (by extension):
1481|_ Other: 1
1482|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1483|_http-title: 404 Not Found - \xE5\x86\x85\xE9\x96\xA3\xE5\xBA\x9C
1484| http-vhosts:
1485|_127 names had status 200
1486|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1487|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1488|_http-xssed: No previously reported XSS vuln.
1489Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1490Device type: general purpose
1491Running (JUST GUESSING): FreeBSD 6.X (85%)
1492OS CPE: cpe:/o:freebsd:freebsd:6.2
1493Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
1494No exact OS matches for host (test conditions non-ideal).
1495Uptime guess: 5.863 days (since Sat Feb 1 04:06:15 2020)
1496Network Distance: 20 hops
1497TCP Sequence Prediction: Difficulty=261 (Good luck!)
1498IP ID Sequence Generation: Randomized
1499
1500TRACEROUTE (using port 80/tcp)
1501HOP RTT ADDRESS
15021 77.82 ms 10.253.204.1
15032 77.85 ms R43.static.amanah.com (104.245.144.129)
15043 77.89 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
15054 77.89 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
15065 77.89 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
15076 77.93 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
15087 107.83 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
15098 107.82 ms be2765.ccr41.ord03.atlas.cogentco.com (154.54.45.18)
15109 107.86 ms ae-11.r08.chcgil09.us.bb.gin.ntt.net (129.250.9.121)
151110 48.47 ms ae-0.r20.chcgil09.us.bb.gin.ntt.net (129.250.2.191)
151211 120.55 ms ae-7.r23.sttlwa01.us.bb.gin.ntt.net (129.250.3.42)
151312 150.77 ms ae-29.r05.sttlwa01.us.bb.gin.ntt.net (129.250.2.89)
151413 120.95 ms ae-1.a01.sttlwa01.us.bb.gin.ntt.net (129.250.5.98)
151514 120.91 ms ae-0.iij.sttlwa01.us.bb.gin.ntt.net (131.103.116.22)
151615 238.91 ms tky009bb01.IIJ.Net (58.138.88.229)
151716 238.93 ms ykh002bb01.IIJ.Net (58.138.89.149)
151817 208.84 ms ykh002ip60.IIJ.Net (58.138.120.2)
151918 274.54 ms 210.130.163.202
152019 274.50 ms 202.232.145.251
152120 243.63 ms 210.149.141.34
1522
1523NSE: Script Post-scanning.
1524Initiating NSE at 00:48
1525Completed NSE at 00:48, 0.00s elapsed
1526Initiating NSE at 00:48
1527Completed NSE at 00:48, 0.00s elapsed
1528#####################################################################################################################################
1529------------------------------------------------------------------------------------------------------------------------
1530
1531[ ! ] Starting SCANNER INURLBR 2.1 at [07-02-2020 00:49:02]
1532[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
1533It is the end user's responsibility to obey all applicable local, state and federal laws.
1534Developers assume no liability and are not responsible for any misuse or damage caused by this program
1535
1536[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/wwwa.cao.go.jp/output/inurlbr-wwwa.cao.go.jp ]
1537[ INFO ][ DORK ]::[ site:wwwa.cao.go.jp ]
1538[ INFO ][ SEARCHING ]:: {
1539[ INFO ][ ENGINE ]::[ GOOGLE - www.google.co.mz ]
1540
1541[ INFO ][ SEARCHING ]::
1542-[:::]
1543[ INFO ][ ENGINE ]::[ GOOGLE API ]
1544
1545[ INFO ][ SEARCHING ]::
1546-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1547[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.cm ID: 012873187529719969291:yexdhbzntue ]
1548
1549[ INFO ][ SEARCHING ]::
1550-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
1551
1552[ INFO ][ TOTAL FOUND VALUES ]:: [ 100 ]
1553
1554
1555 _[ - ]::--------------------------------------------------------------------------------------------------------------
1556|_[ + ] [ 0 / 100 ]-[00:49:16] [ - ]
1557|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/ ]
1558|_[ + ] Exploit::
1559|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1560|_[ + ] More details::
1561|_[ + ] Found:: UNIDENTIFIED
1562
1563 _[ - ]::--------------------------------------------------------------------------------------------------------------
1564|_[ + ] [ 1 / 100 ]-[00:49:17] [ - ]
1565|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/webaccessibility.html ]
1566|_[ + ] Exploit::
1567|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1568|_[ + ] More details::
1569|_[ + ] Found:: UNIDENTIFIED
1570
1571 _[ - ]::--------------------------------------------------------------------------------------------------------------
1572|_[ + ] [ 2 / 100 ]-[00:49:18] [ - ]
1573|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/webaccessibility.html ]
1574|_[ + ] Exploit::
1575|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1576|_[ + ] More details::
1577|_[ + ] Found:: UNIDENTIFIED
1578
1579 _[ - ]::--------------------------------------------------------------------------------------------------------------
1580|_[ + ] [ 3 / 100 ]-[00:49:19] [ - ]
1581|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/index.html ]
1582|_[ + ] Exploit::
1583|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1584|_[ + ] More details::
1585|_[ + ] Found:: UNIDENTIFIED
1586
1587 _[ - ]::--------------------------------------------------------------------------------------------------------------
1588|_[ + ] [ 4 / 100 ]-[00:49:20] [ - ]
1589|_[ + ] Target:: [ http://wwwa.cao.go.jp/oaep/index.html ]
1590|_[ + ] Exploit::
1591|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1592|_[ + ] More details::
1593|_[ + ] Found:: UNIDENTIFIED
1594
1595 _[ - ]::--------------------------------------------------------------------------------------------------------------
1596|_[ + ] [ 5 / 100 ]-[00:49:22] [ - ]
1597|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/research.html ]
1598|_[ + ] Exploit::
1599|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1600|_[ + ] More details::
1601|_[ + ] Found:: UNIDENTIFIED
1602
1603 _[ - ]::--------------------------------------------------------------------------------------------------------------
1604|_[ + ] [ 6 / 100 ]-[00:49:23] [ - ]
1605|_[ + ] Target:: [ http://wwwa.cao.go.jp/notice/index.html ]
1606|_[ + ] Exploit::
1607|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1608|_[ + ] More details::
1609|_[ + ] Found:: UNIDENTIFIED
1610
1611 _[ - ]::--------------------------------------------------------------------------------------------------------------
1612|_[ + ] [ 7 / 100 ]-[00:49:24] [ - ]
1613|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/iken.html ]
1614|_[ + ] Exploit::
1615|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1616|_[ + ] More details::
1617|_[ + ] Found:: UNIDENTIFIED
1618
1619 _[ - ]::--------------------------------------------------------------------------------------------------------------
1620|_[ + ] [ 8 / 100 ]-[00:49:25] [ - ]
1621|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/heiki.html ]
1622|_[ + ] Exploit::
1623|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1624|_[ + ] More details::
1625|_[ + ] Found:: UNIDENTIFIED
1626
1627 _[ - ]::--------------------------------------------------------------------------------------------------------------
1628|_[ + ] [ 9 / 100 ]-[00:49:25] [ - ]
1629|_[ + ] Target:: [ http://wwwa.cao.go.jp/shichoson_map/recommend.html ]
1630|_[ + ] Exploit::
1631|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1632|_[ + ] More details::
1633|_[ + ] Found:: UNIDENTIFIED
1634
1635 _[ - ]::--------------------------------------------------------------------------------------------------------------
1636|_[ + ] [ 10 / 100 ]-[00:49:26] [ - ]
1637|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/review.html ]
1638|_[ + ] Exploit::
1639|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1640|_[ + ] More details::
1641|_[ + ] Found:: UNIDENTIFIED
1642
1643 _[ - ]::--------------------------------------------------------------------------------------------------------------
1644|_[ + ] [ 11 / 100 ]-[00:49:27] [ - ]
1645|_[ + ] Target:: [ http://wwwa.cao.go.jp/notice/20191101notice.html ]
1646|_[ + ] Exploit::
1647|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1648|_[ + ] More details::
1649|_[ + ] Found:: UNIDENTIFIED
1650
1651 _[ - ]::--------------------------------------------------------------------------------------------------------------
1652|_[ + ] [ 12 / 100 ]-[00:49:28] [ - ]
1653|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/sitemap.html ]
1654|_[ + ] Exploit::
1655|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1656|_[ + ] More details::
1657|_[ + ] Found:: UNIDENTIFIED
1658
1659 _[ - ]::--------------------------------------------------------------------------------------------------------------
1660|_[ + ] [ 13 / 100 ]-[00:49:28] [ - ]
1661|_[ + ] Target:: [ http://wwwa.cao.go.jp/shichoson_map/sitemap.html ]
1662|_[ + ] Exploit::
1663|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1664|_[ + ] More details::
1665|_[ + ] Found:: UNIDENTIFIED
1666
1667 _[ - ]::--------------------------------------------------------------------------------------------------------------
1668|_[ + ] [ 14 / 100 ]-[00:49:33] [ - ]
1669|_[ + ] Target:: [ http://wwwa.cao.go.jp/oaep/press/press_mo_1.pdf ]
1670|_[ + ] Exploit::
1671|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1672|_[ + ] More details::
1673|_[ + ] Found:: UNIDENTIFIED
1674
1675 _[ - ]::--------------------------------------------------------------------------------------------------------------
1676|_[ + ] [ 15 / 100 ]-[00:49:39] [ - ]
1677|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_14gaiyo.pdf ]
1678|_[ + ] Exploit::
1679|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1680|_[ + ] More details::
1681|_[ + ] Found:: UNIDENTIFIED
1682
1683 _[ - ]::--------------------------------------------------------------------------------------------------------------
1684|_[ + ] [ 16 / 100 ]-[00:49:39] [ - ]
1685|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/sitemap.html ]
1686|_[ + ] Exploit::
1687|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1688|_[ + ] More details::
1689|_[ + ] Found:: UNIDENTIFIED
1690
1691 _[ - ]::--------------------------------------------------------------------------------------------------------------
1692|_[ + ] [ 17 / 100 ]-[00:49:44] [ - ]
1693|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_13shiryo.pdf ]
1694|_[ + ] Exploit::
1695|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1696|_[ + ] More details::
1697|_[ + ] Found:: UNIDENTIFIED
1698
1699 _[ - ]::--------------------------------------------------------------------------------------------------------------
1700|_[ + ] [ 18 / 100 ]-[00:49:49] [ - ]
1701|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_3.pdf ]
1702|_[ + ] Exploit::
1703|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1704|_[ + ] More details::
1705|_[ + ] Found:: UNIDENTIFIED
1706
1707 _[ - ]::--------------------------------------------------------------------------------------------------------------
1708|_[ + ] [ 19 / 100 ]-[00:49:54] [ ! ]
1709|_[ + ] Target:: [ ( POTENTIALLY VULNERABLE ) http://wwwa.cao.go.jp/oaep/dl/yoko151006.pdf ]
1710|_[ + ] Exploit::
1711|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1712|_[ + ] More details::
1713|_[ + ] Found:: POSTGRESQL-06 - VALUE: pg_
1714|_[ + ] VALUE SAVED IN THE FILE:: inurlbr-wwwa.cao.go.jp
1715
1716 _[ - ]::--------------------------------------------------------------------------------------------------------------
1717|_[ + ] [ 20 / 100 ]-[00:49:59] [ - ]
1718|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_15gaiyo.pdf ]
1719|_[ + ] Exploit::
1720|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1721|_[ + ] More details::
1722|_[ + ] Found:: UNIDENTIFIED
1723
1724 _[ - ]::--------------------------------------------------------------------------------------------------------------
1725|_[ + ] [ 21 / 100 ]-[00:50:04] [ - ]
1726|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_4.pdf ]
1727|_[ + ] Exploit::
1728|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1729|_[ + ] More details::
1730|_[ + ] Found:: UNIDENTIFIED
1731
1732 _[ - ]::--------------------------------------------------------------------------------------------------------------
1733|_[ + ] [ 22 / 100 ]-[00:50:09] [ - ]
1734|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_4.pdf ]
1735|_[ + ] Exploit::
1736|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1737|_[ + ] More details::
1738|_[ + ] Found:: UNIDENTIFIED
1739
1740 _[ - ]::--------------------------------------------------------------------------------------------------------------
1741|_[ + ] [ 23 / 100 ]-[00:50:14] [ - ]
1742|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_2.pdf ]
1743|_[ + ] Exploit::
1744|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1745|_[ + ] More details::
1746|_[ + ] Found:: UNIDENTIFIED
1747
1748 _[ - ]::--------------------------------------------------------------------------------------------------------------
1749|_[ + ] [ 24 / 100 ]-[00:50:19] [ - ]
1750|_[ + ] Target:: [ http://wwwa.cao.go.jp/oaep/dl/yoko151006_2.pdf ]
1751|_[ + ] Exploit::
1752|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1753|_[ + ] More details::
1754|_[ + ] Found:: UNIDENTIFIED
1755
1756 _[ - ]::--------------------------------------------------------------------------------------------------------------
1757|_[ + ] [ 25 / 100 ]-[00:50:24] [ - ]
1758|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_19gaiyo.pdf ]
1759|_[ + ] Exploit::
1760|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1761|_[ + ] More details::
1762|_[ + ] Found:: UNIDENTIFIED
1763
1764 _[ - ]::--------------------------------------------------------------------------------------------------------------
1765|_[ + ] [ 26 / 100 ]-[00:50:26] [ - ]
1766|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/kanren/kanren5.html ]
1767|_[ + ] Exploit::
1768|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1769|_[ + ] More details::
1770|_[ + ] Found:: UNIDENTIFIED
1771
1772 _[ - ]::--------------------------------------------------------------------------------------------------------------
1773|_[ + ] [ 27 / 100 ]-[00:50:31] [ - ]
1774|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_3.pdf ]
1775|_[ + ] Exploit::
1776|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1777|_[ + ] More details::
1778|_[ + ] Found:: UNIDENTIFIED
1779
1780 _[ - ]::--------------------------------------------------------------------------------------------------------------
1781|_[ + ] [ 28 / 100 ]-[00:50:36] [ - ]
1782|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_2.pdf ]
1783|_[ + ] Exploit::
1784|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1785|_[ + ] More details::
1786|_[ + ] Found:: UNIDENTIFIED
1787
1788 _[ - ]::--------------------------------------------------------------------------------------------------------------
1789|_[ + ] [ 29 / 100 ]-[00:50:37] [ - ]
1790|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/kanren/kanren2.html ]
1791|_[ + ] Exploit::
1792|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1793|_[ + ] More details::
1794|_[ + ] Found:: UNIDENTIFIED
1795
1796 _[ - ]::--------------------------------------------------------------------------------------------------------------
1797|_[ + ] [ 30 / 100 ]-[00:50:42] [ - ]
1798|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_5.pdf ]
1799|_[ + ] Exploit::
1800|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1801|_[ + ] More details::
1802|_[ + ] Found:: UNIDENTIFIED
1803
1804 _[ - ]::--------------------------------------------------------------------------------------------------------------
1805|_[ + ] [ 31 / 100 ]-[00:50:42] [ - ]
1806|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/kanren/kanren8.html ]
1807|_[ + ] Exploit::
1808|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1809|_[ + ] More details::
1810|_[ + ] Found:: UNIDENTIFIED
1811
1812 _[ - ]::--------------------------------------------------------------------------------------------------------------
1813|_[ + ] [ 32 / 100 ]-[00:50:43] [ - ]
1814|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/kanren/kanren3.html ]
1815|_[ + ] Exploit::
1816|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1817|_[ + ] More details::
1818|_[ + ] Found:: UNIDENTIFIED
1819
1820 _[ - ]::--------------------------------------------------------------------------------------------------------------
1821|_[ + ] [ 33 / 100 ]-[00:50:44] [ - ]
1822|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/towa/definition.html ]
1823|_[ + ] Exploit::
1824|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1825|_[ + ] More details::
1826|_[ + ] Found:: UNIDENTIFIED
1827
1828 _[ - ]::--------------------------------------------------------------------------------------------------------------
1829|_[ + ] [ 34 / 100 ]-[00:50:49] [ - ]
1830|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_3.pdf ]
1831|_[ + ] Exploit::
1832|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1833|_[ + ] More details::
1834|_[ + ] Found:: UNIDENTIFIED
1835
1836 _[ - ]::--------------------------------------------------------------------------------------------------------------
1837|_[ + ] [ 35 / 100 ]-[00:50:54] [ - ]
1838|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_2.pdf ]
1839|_[ + ] Exploit::
1840|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1841|_[ + ] More details::
1842|_[ + ] Found:: UNIDENTIFIED
1843
1844 _[ - ]::--------------------------------------------------------------------------------------------------------------
1845|_[ + ] [ 36 / 100 ]-[00:50:59] [ - ]
1846|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/research/wlb_h2708.pdf ]
1847|_[ + ] Exploit::
1848|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1849|_[ + ] More details::
1850|_[ + ] Found:: UNIDENTIFIED
1851
1852 _[ - ]::--------------------------------------------------------------------------------------------------------------
1853|_[ + ] [ 37 / 100 ]-[00:51:04] [ - ]
1854|_[ + ] Target:: [ http://wwwa.cao.go.jp/oaep/press/press_mo_2.pdf ]
1855|_[ + ] Exploit::
1856|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1857|_[ + ] More details::
1858|_[ + ] Found:: UNIDENTIFIED
1859
1860 _[ - ]::--------------------------------------------------------------------------------------------------------------
1861|_[ + ] [ 38 / 100 ]-[00:51:05] [ - ]
1862|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/keii/keii.html ]
1863|_[ + ] Exploit::
1864|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1865|_[ + ] More details::
1866|_[ + ] Found:: UNIDENTIFIED
1867
1868 _[ - ]::--------------------------------------------------------------------------------------------------------------
1869|_[ + ] [ 39 / 100 ]-[00:51:10] [ - ]
1870|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_14shiryo_1.pdf ]
1871|_[ + ] Exploit::
1872|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1873|_[ + ] More details::
1874|_[ + ] Found:: UNIDENTIFIED
1875
1876 _[ - ]::--------------------------------------------------------------------------------------------------------------
1877|_[ + ] [ 40 / 100 ]-[00:51:11] [ - ]
1878|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/index-e.html ]
1879|_[ + ] Exploit::
1880|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1881|_[ + ] More details::
1882|_[ + ] Found:: UNIDENTIFIED
1883
1884 _[ - ]::--------------------------------------------------------------------------------------------------------------
1885|_[ + ] [ 41 / 100 ]-[00:51:16] [ - ]
1886|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_5.pdf ]
1887|_[ + ] Exploit::
1888|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1889|_[ + ] More details::
1890|_[ + ] Found:: UNIDENTIFIED
1891
1892 _[ - ]::--------------------------------------------------------------------------------------------------------------
1893|_[ + ] [ 42 / 100 ]-[00:51:21] [ - ]
1894|_[ + ] Target:: [ http://wwwa.cao.go.jp/oaep/dl/houkoku1803.pdf ]
1895|_[ + ] Exploit::
1896|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1897|_[ + ] More details::
1898|_[ + ] Found:: UNIDENTIFIED
1899
1900 _[ - ]::--------------------------------------------------------------------------------------------------------------
1901|_[ + ] [ 43 / 100 ]-[00:51:26] [ - ]
1902|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/kanren/kanren1.html ]
1903|_[ + ] Exploit::
1904|_[ + ] Information Server:: , , IP::0
1905|_[ + ] More details::
1906|_[ + ] Found:: UNIDENTIFIED
1907
1908 _[ - ]::--------------------------------------------------------------------------------------------------------------
1909|_[ + ] [ 44 / 100 ]-[00:51:31] [ - ]
1910|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_16shiryo_1.pdf ]
1911|_[ + ] Exploit::
1912|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1913|_[ + ] More details::
1914|_[ + ] Found:: UNIDENTIFIED
1915
1916 _[ - ]::--------------------------------------------------------------------------------------------------------------
1917|_[ + ] [ 45 / 100 ]-[00:51:36] [ - ]
1918|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_16gaiyo.pdf ]
1919|_[ + ] Exploit::
1920|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1921|_[ + ] More details::
1922|_[ + ] Found:: UNIDENTIFIED
1923
1924 _[ - ]::--------------------------------------------------------------------------------------------------------------
1925|_[ + ] [ 46 / 100 ]-[00:51:37] [ - ]
1926|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/keii/keii_oboegaki03.html ]
1927|_[ + ] Exploit::
1928|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1929|_[ + ] More details::
1930|_[ + ] Found:: UNIDENTIFIED
1931
1932 _[ - ]::--------------------------------------------------------------------------------------------------------------
1933|_[ + ] [ 47 / 100 ]-[00:51:37] [ - ]
1934|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/company/index.html ]
1935|_[ + ] Exploit::
1936|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1937|_[ + ] More details::
1938|_[ + ] Found:: UNIDENTIFIED
1939
1940 _[ - ]::--------------------------------------------------------------------------------------------------------------
1941|_[ + ] [ 48 / 100 ]-[00:51:38] [ - ]
1942|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/keii/keii_oboegaki.html ]
1943|_[ + ] Exploit::
1944|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1945|_[ + ] More details::
1946|_[ + ] Found:: UNIDENTIFIED
1947
1948 _[ - ]::--------------------------------------------------------------------------------------------------------------
1949|_[ + ] [ 49 / 100 ]-[00:51:38] [ - ]
1950|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/change_jpn/campaign.html ]
1951|_[ + ] Exploit::
1952|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1953|_[ + ] More details::
1954|_[ + ] Found:: UNIDENTIFIED
1955
1956 _[ - ]::--------------------------------------------------------------------------------------------------------------
1957|_[ + ] [ 50 / 100 ]-[00:51:43] [ - ]
1958|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_1.pdf ]
1959|_[ + ] Exploit::
1960|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1961|_[ + ] More details::
1962|_[ + ] Found:: UNIDENTIFIED
1963
1964 _[ - ]::--------------------------------------------------------------------------------------------------------------
1965|_[ + ] [ 51 / 100 ]-[00:51:44] [ - ]
1966|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/towa/nanoka.html ]
1967|_[ + ] Exploit::
1968|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1969|_[ + ] More details::
1970|_[ + ] Found:: UNIDENTIFIED
1971
1972 _[ - ]::--------------------------------------------------------------------------------------------------------------
1973|_[ + ] [ 52 / 100 ]-[00:51:49] [ - ]
1974|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_19shiryo_6.pdf ]
1975|_[ + ] Exploit::
1976|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1977|_[ + ] More details::
1978|_[ + ] Found:: UNIDENTIFIED
1979
1980 _[ - ]::--------------------------------------------------------------------------------------------------------------
1981|_[ + ] [ 53 / 100 ]-[00:51:50] [ - ]
1982|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu16.html ]
1983|_[ + ] Exploit::
1984|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1985|_[ + ] More details::
1986|_[ + ] Found:: UNIDENTIFIED
1987
1988 _[ - ]::--------------------------------------------------------------------------------------------------------------
1989|_[ + ] [ 54 / 100 ]-[00:51:51] [ - ]
1990|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/change_jpn/intention.html ]
1991|_[ + ] Exploit::
1992|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
1993|_[ + ] More details::
1994|_[ + ] Found:: UNIDENTIFIED
1995
1996 _[ - ]::--------------------------------------------------------------------------------------------------------------
1997|_[ + ] [ 55 / 100 ]-[00:51:51] [ - ]
1998|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/en/heiki.html ]
1999|_[ + ] Exploit::
2000|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2001|_[ + ] More details::
2002|_[ + ] Found:: UNIDENTIFIED
2003
2004 _[ - ]::--------------------------------------------------------------------------------------------------------------
2005|_[ + ] [ 56 / 100 ]-[00:51:52] [ - ]
2006|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/towa/index.html ]
2007|_[ + ] Exploit::
2008|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2009|_[ + ] More details::
2010|_[ + ] Found:: UNIDENTIFIED
2011
2012 _[ - ]::--------------------------------------------------------------------------------------------------------------
2013|_[ + ] [ 57 / 100 ]-[00:51:53] [ - ]
2014|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/cn/heiki.html ]
2015|_[ + ] Exploit::
2016|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2017|_[ + ] More details::
2018|_[ + ] Found:: UNIDENTIFIED
2019
2020 _[ - ]::--------------------------------------------------------------------------------------------------------------
2021|_[ + ] [ 58 / 100 ]-[00:51:54] [ - ]
2022|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_haruba5.html ]
2023|_[ + ] Exploit::
2024|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2025|_[ + ] More details::
2026|_[ + ] Found:: UNIDENTIFIED
2027
2028 _[ - ]::--------------------------------------------------------------------------------------------------------------
2029|_[ + ] [ 59 / 100 ]-[00:51:55] [ - ]
2030|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu15.html ]
2031|_[ + ] Exploit::
2032|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2033|_[ + ] More details::
2034|_[ + ] Found:: UNIDENTIFIED
2035
2036 _[ - ]::--------------------------------------------------------------------------------------------------------------
2037|_[ + ] [ 60 / 100 ]-[00:51:56] [ - ]
2038|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu1.html ]
2039|_[ + ] Exploit::
2040|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2041|_[ + ] More details::
2042|_[ + ] Found:: UNIDENTIFIED
2043
2044 _[ - ]::--------------------------------------------------------------------------------------------------------------
2045|_[ + ] [ 61 / 100 ]-[00:51:57] [ - ]
2046|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/link/index.html ]
2047|_[ + ] Exploit::
2048|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2049|_[ + ] More details::
2050|_[ + ] Found:: UNIDENTIFIED
2051
2052 _[ - ]::--------------------------------------------------------------------------------------------------------------
2053|_[ + ] [ 62 / 100 ]-[00:51:57] [ - ]
2054|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu34.html ]
2055|_[ + ] Exploit::
2056|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2057|_[ + ] More details::
2058|_[ + ] Found:: UNIDENTIFIED
2059
2060 _[ - ]::--------------------------------------------------------------------------------------------------------------
2061|_[ + ] [ 63 / 100 ]-[00:51:58] [ - ]
2062|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/private/index.html ]
2063|_[ + ] Exploit::
2064|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2065|_[ + ] More details::
2066|_[ + ] Found:: UNIDENTIFIED
2067
2068 _[ - ]::--------------------------------------------------------------------------------------------------------------
2069|_[ + ] [ 64 / 100 ]-[00:52:03] [ - ]
2070|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/pdf/kaigi_15shiryo_1.pdf ]
2071|_[ + ] Exploit::
2072|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2073|_[ + ] More details::
2074|_[ + ] Found:: UNIDENTIFIED
2075
2076 _[ - ]::--------------------------------------------------------------------------------------------------------------
2077|_[ + ] [ 65 / 100 ]-[00:52:04] [ - ]
2078|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/change_jpn/kaeru_hosi.html ]
2079|_[ + ] Exploit::
2080|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2081|_[ + ] More details::
2082|_[ + ] Found:: UNIDENTIFIED
2083
2084 _[ - ]::--------------------------------------------------------------------------------------------------------------
2085|_[ + ] [ 66 / 100 ]-[00:52:05] [ - ]
2086|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu27.html ]
2087|_[ + ] Exploit::
2088|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2089|_[ + ] More details::
2090|_[ + ] Found:: UNIDENTIFIED
2091
2092 _[ - ]::--------------------------------------------------------------------------------------------------------------
2093|_[ + ] [ 67 / 100 ]-[00:52:06] [ - ]
2094|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu38.html ]
2095|_[ + ] Exploit::
2096|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2097|_[ + ] More details::
2098|_[ + ] Found:: UNIDENTIFIED
2099
2100 _[ - ]::--------------------------------------------------------------------------------------------------------------
2101|_[ + ] [ 68 / 100 ]-[00:52:06] [ - ]
2102|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/overseas/index.html ]
2103|_[ + ] Exploit::
2104|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2105|_[ + ] More details::
2106|_[ + ] Found:: UNIDENTIFIED
2107
2108 _[ - ]::--------------------------------------------------------------------------------------------------------------
2109|_[ + ] [ 69 / 100 ]-[00:52:07] [ - ]
2110|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu22.html ]
2111|_[ + ] Exploit::
2112|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2113|_[ + ] More details::
2114|_[ + ] Found:: UNIDENTIFIED
2115
2116 _[ - ]::--------------------------------------------------------------------------------------------------------------
2117|_[ + ] [ 70 / 100 ]-[00:52:08] [ - ]
2118|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu24.html ]
2119|_[ + ] Exploit::
2120|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2121|_[ + ] More details::
2122|_[ + ] Found:: UNIDENTIFIED
2123
2124 _[ - ]::--------------------------------------------------------------------------------------------------------------
2125|_[ + ] [ 71 / 100 ]-[00:52:08] [ - ]
2126|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu7.html ]
2127|_[ + ] Exploit::
2128|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2129|_[ + ] More details::
2130|_[ + ] Found:: UNIDENTIFIED
2131
2132 _[ - ]::--------------------------------------------------------------------------------------------------------------
2133|_[ + ] [ 72 / 100 ]-[00:52:09] [ - ]
2134|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/change_jpn/index.html ]
2135|_[ + ] Exploit::
2136|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2137|_[ + ] More details::
2138|_[ + ] Found:: UNIDENTIFIED
2139
2140 _[ - ]::--------------------------------------------------------------------------------------------------------------
2141|_[ + ] [ 73 / 100 ]-[00:52:10] [ - ]
2142|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/en/kaigi.html ]
2143|_[ + ] Exploit::
2144|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2145|_[ + ] More details::
2146|_[ + ] Found:: UNIDENTIFIED
2147
2148 _[ - ]::--------------------------------------------------------------------------------------------------------------
2149|_[ + ] [ 74 / 100 ]-[00:52:11] [ - ]
2150|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu48.html ]
2151|_[ + ] Exploit::
2152|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2153|_[ + ] More details::
2154|_[ + ] Found:: UNIDENTIFIED
2155
2156 _[ - ]::--------------------------------------------------------------------------------------------------------------
2157|_[ + ] [ 75 / 100 ]-[00:52:11] [ - ]
2158|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu42.html ]
2159|_[ + ] Exploit::
2160|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2161|_[ + ] More details::
2162|_[ + ] Found:: UNIDENTIFIED
2163
2164 _[ - ]::--------------------------------------------------------------------------------------------------------------
2165|_[ + ] [ 76 / 100 ]-[00:52:12] [ - ]
2166|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu43.html ]
2167|_[ + ] Exploit::
2168|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2169|_[ + ] More details::
2170|_[ + ] Found:: UNIDENTIFIED
2171
2172 _[ - ]::--------------------------------------------------------------------------------------------------------------
2173|_[ + ] [ 77 / 100 ]-[00:52:13] [ - ]
2174|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_haruba7.html ]
2175|_[ + ] Exploit::
2176|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2177|_[ + ] More details::
2178|_[ + ] Found:: UNIDENTIFIED
2179
2180 _[ - ]::--------------------------------------------------------------------------------------------------------------
2181|_[ + ] [ 78 / 100 ]-[00:52:13] [ - ]
2182|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu31.html ]
2183|_[ + ] Exploit::
2184|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2185|_[ + ] More details::
2186|_[ + ] Found:: UNIDENTIFIED
2187
2188 _[ - ]::--------------------------------------------------------------------------------------------------------------
2189|_[ + ] [ 79 / 100 ]-[00:52:14] [ - ]
2190|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu51.html ]
2191|_[ + ] Exploit::
2192|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2193|_[ + ] More details::
2194|_[ + ] Found:: UNIDENTIFIED
2195
2196 _[ - ]::--------------------------------------------------------------------------------------------------------------
2197|_[ + ] [ 80 / 100 ]-[00:52:15] [ - ]
2198|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu13.html ]
2199|_[ + ] Exploit::
2200|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2201|_[ + ] More details::
2202|_[ + ] Found:: UNIDENTIFIED
2203
2204 _[ - ]::--------------------------------------------------------------------------------------------------------------
2205|_[ + ] [ 81 / 100 ]-[00:52:16] [ - ]
2206|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu14.html ]
2207|_[ + ] Exploit::
2208|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2209|_[ + ] More details::
2210|_[ + ] Found:: UNIDENTIFIED
2211
2212 _[ - ]::--------------------------------------------------------------------------------------------------------------
2213|_[ + ] [ 82 / 100 ]-[00:52:16] [ - ]
2214|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu2.html ]
2215|_[ + ] Exploit::
2216|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2217|_[ + ] More details::
2218|_[ + ] Found:: UNIDENTIFIED
2219
2220 _[ - ]::--------------------------------------------------------------------------------------------------------------
2221|_[ + ] [ 83 / 100 ]-[00:52:17] [ - ]
2222|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu11.html ]
2223|_[ + ] Exploit::
2224|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2225|_[ + ] More details::
2226|_[ + ] Found:: UNIDENTIFIED
2227
2228 _[ - ]::--------------------------------------------------------------------------------------------------------------
2229|_[ + ] [ 84 / 100 ]-[00:52:18] [ - ]
2230|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu20.html ]
2231|_[ + ] Exploit::
2232|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2233|_[ + ] More details::
2234|_[ + ] Found:: UNIDENTIFIED
2235
2236 _[ - ]::--------------------------------------------------------------------------------------------------------------
2237|_[ + ] [ 85 / 100 ]-[00:52:18] [ - ]
2238|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu6.html ]
2239|_[ + ] Exploit::
2240|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2241|_[ + ] More details::
2242|_[ + ] Found:: UNIDENTIFIED
2243
2244 _[ - ]::--------------------------------------------------------------------------------------------------------------
2245|_[ + ] [ 86 / 100 ]-[00:52:19] [ - ]
2246|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu17.html ]
2247|_[ + ] Exploit::
2248|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2249|_[ + ] More details::
2250|_[ + ] Found:: UNIDENTIFIED
2251
2252 _[ - ]::--------------------------------------------------------------------------------------------------------------
2253|_[ + ] [ 87 / 100 ]-[00:52:20] [ - ]
2254|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu9.html ]
2255|_[ + ] Exploit::
2256|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2257|_[ + ] More details::
2258|_[ + ] Found:: UNIDENTIFIED
2259
2260 _[ - ]::--------------------------------------------------------------------------------------------------------------
2261|_[ + ] [ 88 / 100 ]-[00:52:21] [ - ]
2262|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu33.html ]
2263|_[ + ] Exploit::
2264|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2265|_[ + ] More details::
2266|_[ + ] Found:: UNIDENTIFIED
2267
2268 _[ - ]::--------------------------------------------------------------------------------------------------------------
2269|_[ + ] [ 89 / 100 ]-[00:52:21] [ - ]
2270|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu53.html ]
2271|_[ + ] Exploit::
2272|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2273|_[ + ] More details::
2274|_[ + ] Found:: UNIDENTIFIED
2275
2276 _[ - ]::--------------------------------------------------------------------------------------------------------------
2277|_[ + ] [ 90 / 100 ]-[00:52:22] [ - ]
2278|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu50.html ]
2279|_[ + ] Exploit::
2280|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2281|_[ + ] More details::
2282|_[ + ] Found:: UNIDENTIFIED
2283
2284 _[ - ]::--------------------------------------------------------------------------------------------------------------
2285|_[ + ] [ 91 / 100 ]-[00:52:23] [ - ]
2286|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu35.html ]
2287|_[ + ] Exploit::
2288|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2289|_[ + ] More details::
2290|_[ + ] Found:: UNIDENTIFIED
2291
2292 _[ - ]::--------------------------------------------------------------------------------------------------------------
2293|_[ + ] [ 92 / 100 ]-[00:52:23] [ - ]
2294|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu61.html ]
2295|_[ + ] Exploit::
2296|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2297|_[ + ] More details::
2298|_[ + ] Found:: UNIDENTIFIED
2299
2300 _[ - ]::--------------------------------------------------------------------------------------------------------------
2301|_[ + ] [ 93 / 100 ]-[00:52:24] [ - ]
2302|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu37.html ]
2303|_[ + ] Exploit::
2304|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2305|_[ + ] More details::
2306|_[ + ] Found:: UNIDENTIFIED
2307
2308 _[ - ]::--------------------------------------------------------------------------------------------------------------
2309|_[ + ] [ 94 / 100 ]-[00:52:25] [ - ]
2310|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_haruba2.html ]
2311|_[ + ] Exploit::
2312|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2313|_[ + ] More details::
2314|_[ + ] Found:: UNIDENTIFIED
2315
2316 _[ - ]::--------------------------------------------------------------------------------------------------------------
2317|_[ + ] [ 95 / 100 ]-[00:52:26] [ - ]
2318|_[ + ] Target:: [ http://wwwa.cao.go.jp/wlb/local/index.html ]
2319|_[ + ] Exploit::
2320|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2321|_[ + ] More details::
2322|_[ + ] Found:: UNIDENTIFIED
2323
2324 _[ - ]::--------------------------------------------------------------------------------------------------------------
2325|_[ + ] [ 96 / 100 ]-[00:52:26] [ - ]
2326|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_ido_bukanjigyoshuryo.html ]
2327|_[ + ] Exploit::
2328|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2329|_[ + ] More details::
2330|_[ + ] Found:: UNIDENTIFIED
2331
2332 _[ - ]::--------------------------------------------------------------------------------------------------------------
2333|_[ + ] [ 97 / 100 ]-[00:52:27] [ - ]
2334|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu36.html ]
2335|_[ + ] Exploit::
2336|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2337|_[ + ] More details::
2338|_[ + ] Found:: UNIDENTIFIED
2339
2340 _[ - ]::--------------------------------------------------------------------------------------------------------------
2341|_[ + ] [ 98 / 100 ]-[00:52:28] [ - ]
2342|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_haruba3.html ]
2343|_[ + ] Exploit::
2344|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2345|_[ + ] More details::
2346|_[ + ] Found:: UNIDENTIFIED
2347
2348 _[ - ]::--------------------------------------------------------------------------------------------------------------
2349|_[ + ] [ 99 / 100 ]-[00:52:29] [ - ]
2350|_[ + ] Target:: [ http://wwwa.cao.go.jp/acw/jigyobetsu/jigyobetsu_kaisyu5.html ]
2351|_[ + ] Exploit::
2352|_[ + ] Information Server:: HTTP/1.1 200 OK, Server: Apache , IP:2001:240:1b0:1::34:80
2353|_[ + ] More details::
2354|_[ + ] Found:: UNIDENTIFIED
2355
2356[ INFO ] [ Shutting down ]
2357[ INFO ] [ End of process INURLBR at [07-02-2020 00:52:29]
2358[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 1 ]
2359[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/wwwa.cao.go.jp/output/inurlbr-wwwa.cao.go.jp ]
2360|_________________________________________________________________________________________
2361http://wwwa.cao.go.jp/oaep/dl/yoko151006.pdf
2362
2363\_________________________________________________________________________________________/
2364#####################################################################################################################################
2365Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:58 EST
2366Nmap scan report for 210.149.141.34
2367Host is up (0.41s latency).
2368Not shown: 471 filtered ports, 4 closed ports
2369Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2370PORT STATE SERVICE VERSION
237180/tcp open http Apache httpd
2372|_http-server-header: Apache
2373|_http-title: 404 Not Found - \xE5\x86\x85\xE9\x96\xA3\xE5\xBA\x9C
2374Device type: general purpose|WAP
2375Running (JUST GUESSING): Linux 2.6.X (90%), Netgear embedded (85%)
2376OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:netgear:wnr834bv2
2377Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Netgear WNR834Bv2 WAP (85%)
2378No exact OS matches for host (test conditions non-ideal).
2379Network Distance: 16 hops
2380
2381TRACEROUTE (using port 80/tcp)
2382HOP RTT ADDRESS
23831 312.64 ms 10.253.204.1
23842 468.29 ms 160.116.0.161
23853 468.25 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
23864 468.35 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
23875 468.38 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
23886 468.35 ms bzq-219-189-17.dsl.bezeqint.net (62.219.189.17)
23897 468.44 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
23908 468.46 ms et-0-0-47.cr10-lon1.ip4.gtt.net (89.149.139.5)
23919 468.44 ms 210.130.133.29
239210 468.55 ms tky009bb01.IIJ.Net (58.138.88.14)
239311 400.58 ms tky009bb01.IIJ.Net (58.138.80.158)
239412 550.49 ms ykh002bb01.IIJ.Net (58.138.89.149)
239513 550.22 ms ykh002ip60.IIJ.Net (58.138.120.2)
239614 550.46 ms 210.130.163.202
239715 550.38 ms 202.232.145.251
239816 550.41 ms 210.149.141.34
2399#####################################################################################################################################
2400Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 00:59 EST
2401Nmap scan report for 210.149.141.34
2402Host is up (0.25s latency).
2403Not shown: 15 filtered ports, 1 closed port
2404Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2405PORT STATE SERVICE VERSION
240653/udp open|filtered domain
240767/udp open|filtered dhcps
240868/udp open|filtered dhcpc
240969/udp open|filtered tftp
241088/udp open|filtered kerberos-sec
2411123/udp open|filtered ntp
2412139/udp open|filtered netbios-ssn
2413161/udp open|filtered snmp
2414162/udp open|filtered snmptrap
2415389/udp open|filtered ldap
2416520/udp open|filtered route
24172049/udp open|filtered nfs
2418Too many fingerprints match this host to give specific OS details
2419
2420TRACEROUTE (using port 137/udp)
2421HOP RTT ADDRESS
24221 156.23 ms 10.253.204.1
24232 ... 3
24244 300.69 ms 10.253.204.1
24255 469.57 ms 10.253.204.1
24266 469.56 ms 10.253.204.1
24277 469.55 ms 10.253.204.1
24288 469.52 ms 10.253.204.1
24299 312.57 ms 10.253.204.1
243010 155.54 ms 10.253.204.1
243111 ... 18
243219 243.25 ms 10.253.204.1
243320 155.96 ms 10.253.204.1
243421 ... 27
243528 395.21 ms 10.253.204.1
243629 157.20 ms 10.253.204.1
243730 353.67 ms 10.253.204.1
2438#####################################################################################################################################
2439Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:04 EST
2440Nmap scan report for 210.149.141.34
2441Host is up.
2442
2443PORT STATE SERVICE VERSION
244467/tcp filtered dhcps
244567/udp open|filtered dhcps
2446|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2447Too many fingerprints match this host to give specific OS details
2448
2449TRACEROUTE (using proto 1/icmp)
2450HOP RTT ADDRESS
24511 292.77 ms 10.253.204.1
24522 292.84 ms 160.116.0.161
24533 292.83 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
24544 449.10 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
24555 292.87 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
24566 449.08 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
24577 449.14 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
24588 449.18 ms et-0-0-47.cr10-lon1.ip4.gtt.net (89.149.139.5)
24599 449.18 ms 210.130.133.29
246010 605.04 ms tky001bb10.IIJ.Net (58.138.89.225)
246111 472.20 ms tky008bb00.IIJ.Net (58.138.88.2)
246212 632.16 ms ykh002bb00.IIJ.Net (58.138.89.145)
246313 632.18 ms ykh002ip60.IIJ.Net (58.138.120.242)
246414 622.12 ms 210.130.163.202
246515 ... 30
2466#####################################################################################################################################
2467Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:06 EST
2468Nmap scan report for 210.149.141.34
2469Host is up.
2470
2471PORT STATE SERVICE VERSION
247268/tcp filtered dhcpc
247368/udp open|filtered dhcpc
2474Too many fingerprints match this host to give specific OS details
2475
2476TRACEROUTE (using proto 1/icmp)
2477HOP RTT ADDRESS
24781 341.22 ms 10.253.204.1
24792 341.25 ms 160.116.0.161
24803 341.25 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
24814 341.27 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
24825 341.26 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
24836 341.28 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
24847 341.29 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
24858 341.31 ms et-0-0-47.cr10-lon1.ip4.gtt.net (89.149.139.5)
24869 341.32 ms 210.130.133.29
248710 497.18 ms tky001bb10.IIJ.Net (58.138.89.225)
248811 395.45 ms tky008bb00.IIJ.Net (58.138.88.2)
248912 590.97 ms ykh002bb00.IIJ.Net (58.138.89.145)
249013 590.99 ms ykh002ip60.IIJ.Net (58.138.120.242)
249114 591.00 ms 210.130.163.202
249215 ... 30
2493#####################################################################################################################################
2494Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:08 EST
2495Nmap scan report for 210.149.141.34
2496Host is up.
2497
2498PORT STATE SERVICE VERSION
249969/tcp filtered tftp
250069/udp open|filtered tftp
2501Too many fingerprints match this host to give specific OS details
2502
2503TRACEROUTE (using proto 1/icmp)
2504HOP RTT ADDRESS
25051 381.17 ms 10.253.204.1
25062 381.25 ms 160.116.0.161
25073 381.28 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
25084 381.33 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
25095 381.27 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
25106 381.33 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
25117 381.39 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
25128 381.43 ms et-0-0-47.cr10-lon1.ip4.gtt.net (89.149.139.5)
25139 381.43 ms 210.130.133.29
251410 537.07 ms tky001bb10.IIJ.Net (58.138.89.225)
251511 566.56 ms tky008bb00.IIJ.Net (58.138.88.2)
251612 566.47 ms ykh002bb00.IIJ.Net (58.138.89.145)
251713 566.51 ms ykh002ip60.IIJ.Net (58.138.120.242)
251814 566.52 ms 210.130.163.202
251915 ... 30
2520#####################################################################################################################################
2521http://210.149.141.34 [200 OK] Apache, Country[JAPAN][JP], HTTPServer[Apache], IP[210.149.141.34], JQuery, Script[text/javascript], Title[404 Not Found - 内閣府], X-Frame-Options[SAMEORIGIN]
2522#####################################################################################################################################
2523HTTP/1.1 200 OK
2524Date: Fri, 07 Feb 2020 06:12:40 GMT
2525Server: Apache
2526X-Frame-Options: SAMEORIGIN
2527Last-Modified: Mon, 03 Dec 2018 01:38:56 GMT
2528ETag: "1f10-57c143650ac00"
2529Accept-Ranges: bytes
2530Content-Length: 7952
2531Cache-Control: no-store
2532Expires: Fri, 07 Feb 2020 06:12:40 GMT
2533Pragma: no-cache
2534Content-Type: text/html
2535
2536HTTP/1.1 200 OK
2537Date: Fri, 07 Feb 2020 06:12:42 GMT
2538Server: Apache
2539X-Frame-Options: SAMEORIGIN
2540Last-Modified: Mon, 03 Dec 2018 01:38:56 GMT
2541ETag: "1f10-57c143650ac00"
2542Accept-Ranges: bytes
2543Content-Length: 7952
2544Cache-Control: no-store
2545Expires: Fri, 07 Feb 2020 06:12:42 GMT
2546Pragma: no-cache
2547Content-Type: text/html
2548#####################################################################################################################################
2549Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:12 EST
2550Nmap scan report for 210.149.141.34
2551Host is up.
2552
2553PORT STATE SERVICE VERSION
2554123/tcp filtered ntp
2555123/udp open|filtered ntp
2556Too many fingerprints match this host to give specific OS details
2557
2558TRACEROUTE (using proto 1/icmp)
2559HOP RTT ADDRESS
25601 326.40 ms 10.253.204.1
25612 326.47 ms 160.116.0.161
25623 326.50 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
25634 326.54 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
25645 326.48 ms bzq-114-65-2.cust.bezeqint.net (192.114.65.2)
25656 326.54 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190)
25667 326.59 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
25678 326.61 ms et-0-0-47.cr10-lon1.ip4.gtt.net (89.149.139.5)
25689 326.64 ms 210.130.133.29
256910 482.55 ms tky001bb10.IIJ.Net (58.138.89.225)
257011 391.59 ms tky008bb00.IIJ.Net (58.138.88.2)
257112 551.00 ms ykh002bb00.IIJ.Net (58.138.89.145)
257213 551.02 ms ykh002ip60.IIJ.Net (58.138.120.242)
257314 551.02 ms 210.130.163.202
257415 ... 3
2575#####################################################################################################################################
2576Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:34 EST
2577Nmap scan report for 210.149.141.34
2578Host is up (0.40s latency).
2579
2580PORT STATE SERVICE VERSION
258153/tcp filtered domain
258267/tcp filtered dhcps
258368/tcp filtered dhcpc
258469/tcp filtered tftp
258588/tcp filtered kerberos-sec
2586123/tcp filtered ntp
2587137/tcp filtered netbios-ns
2588138/tcp filtered netbios-dgm
2589139/tcp closed netbios-ssn
2590161/tcp filtered snmp
2591162/tcp filtered snmptrap
2592389/tcp filtered ldap
2593520/tcp filtered efs
25942049/tcp filtered nfs
259553/udp open|filtered domain
259667/udp open|filtered dhcps
259768/udp open|filtered dhcpc
259869/udp open|filtered tftp
259988/udp open|filtered kerberos-sec
2600123/udp open|filtered ntp
2601137/udp filtered netbios-ns
2602138/udp filtered netbios-dgm
2603139/udp open|filtered netbios-ssn
2604161/udp open|filtered snmp
2605162/udp open|filtered snmptrap
2606389/udp open|filtered ldap
2607520/udp open|filtered route
26082049/udp open|filtered nfs
2609Too many fingerprints match this host to give specific OS details
2610Network Distance: 2 hops
2611
2612TRACEROUTE (using port 139/tcp)
2613HOP RTT ADDRESS
26141 459.91 ms 10.253.204.1
26152 459.90 ms 210.149.141.34
2616#####################################################################################################################################
2617Hosts
2618=====
2619
2620address mac name os_name os_flavor os_sp purpose info comments
2621------- --- ---- ------- --------- ----- ------- ---- --------
262223.201.103.9 a23-201-103-9.deploy.static.akamaitechnologies.com embedded 6.X device
262334.66.191.217 217.191.66.34.bc.googleusercontent.com Linux 2.4.X server
262445.60.80.235 Linux 3.X server
262552.198.183.13 ec2-52-198-183-13.ap-northeast-1.compute.amazonaws.co embedded device
262672.47.224.85 agaacqmame.c03.gridserver.com embedded device
262780.82.79.116 no-reverse-dns-configured.com Linux 7.0 server
262880.209.242.81 muhajeer.com Linux 3.X server
262982.221.139.217 Unknown device
263084.235.91.252 84-235-91-252.saudi.net.sa Unknown device
263187.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
263289.248.172.200 89-248-172-200.constellationservers.net Linux 8.0 server
263393.89.20.20 Unknown device
263493.95.228.158 Linux 18.04 server
263593.113.37.250 adsla250.ch-clienti.ro Linux 2.6.X server
263693.174.93.84 Linux 3.X server
263793.191.156.197 Unknown device
263894.102.51.33 full-dark.net Linux 2.6.X server
2639104.154.60.12 12.60.154.104.bc.googleusercontent.com Linux 2.6.X server
2640104.218.232.66 Linux 3.X server
2641107.154.130.27 107.154.130.27.ip.incapdns.net Linux 3.X server
2642107.154.248.27 107.154.248.27.ip.incapdns.net Linux 3.X server
2643147.237.0.206 embedded device
2644150.95.250.133 embedded device
2645151.139.243.11 Linux 4.X server
2646157.7.107.254 157-7-107-254.virt.lolipop.jp embedded device
2647159.89.0.72 Linux 16.04 server
2648160.153.72.166 ip-160-153-72-166.ip.secureserver.net Linux 3.X server
2649163.247.52.17 www.mtt.cl Linux 2.6.X server
2650163.247.96.10 Linux 2.6.X server
2651170.246.172.178 host-170-246-172-178.anacondaweb.com Linux 2.6.X server
2652180.222.81.193 bvdeuy193.secure.ne.jp Linux 2.6.X server
2653184.72.111.210 ec2-184-72-111-210.compute-1.amazonaws.com Linux 2.6.X server
2654185.2.4.98 lhcp1098.webapps.net embedded device
2655185.68.93.22 verbatim1981.example.com Unknown device
2656185.119.173.237 Linux 2.6.X server
2657186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
2658192.0.78.12 Linux 2.4.X server
2659192.0.78.13 Linux 2.6.X server
2660194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
2661194.39.164.140 194.39.164.140.srvlist.ukfast.net Linux 3.X server
2662200.14.67.43 senado.cl Linux 2.6.X server
2663200.14.67.65 Linux 2.6.X server
2664200.35.157.77 srv77.talcaguia.cl Unknown device
2665201.131.38.40 Linux 2.6.X server
2666201.238.246.43 Unknown device
2667202.214.194.138 Linux 2.6.X server
2668202.238.130.103 Linux 2.6.X server
2669203.137.110.66 Unknown device
2670203.183.218.244 Unknown device
2671209.59.165.178 rabbit.ceilingsky.com Linux 2.6.X server
2672210.149.141.34 Unknown device
2673210.152.243.182 Unknown device
2674210.160.220.105 h105.sk3.estore.co.jp embedded device
2675210.160.220.113 h113.sk3.estore.co.jp embedded device
2676210.226.36.2 210-226-36-2.df.nttcomcloud.com Linux 2.6.X server
2677217.160.131.142 s18161039.onlinehome-server.info Linux 2.6.X server
2678#####################################################################################################################################
2679Services
2680========
2681
2682host port proto name state info
2683---- ---- ----- ---- ----- ----
268423.201.103.9 25 tcp smtp closed
268523.201.103.9 53 tcp domain filtered
268623.201.103.9 53 udp domain unknown
268723.201.103.9 67 tcp dhcps filtered
268823.201.103.9 67 udp dhcps unknown
268923.201.103.9 68 tcp dhcpc filtered
269023.201.103.9 68 udp dhcpc unknown
269123.201.103.9 69 tcp tftp filtered
269223.201.103.9 69 udp tftp unknown
269323.201.103.9 80 tcp http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
269423.201.103.9 88 tcp kerberos-sec filtered
269523.201.103.9 88 udp kerberos-sec unknown
269623.201.103.9 123 tcp ntp filtered
269723.201.103.9 123 udp ntp unknown
269823.201.103.9 137 tcp netbios-ns filtered
269923.201.103.9 137 udp netbios-ns filtered
270023.201.103.9 138 tcp netbios-dgm filtered
270123.201.103.9 138 udp netbios-dgm filtered
270223.201.103.9 139 tcp netbios-ssn closed
270323.201.103.9 139 udp netbios-ssn unknown
270423.201.103.9 161 tcp snmp filtered
270523.201.103.9 161 udp snmp unknown
270623.201.103.9 162 tcp snmptrap filtered
270723.201.103.9 162 udp snmptrap unknown
270823.201.103.9 389 tcp ldap filtered
270923.201.103.9 389 udp ldap unknown
271023.201.103.9 443 tcp ssl/http open AkamaiGHost Akamai's HTTP Acceleration/Mirror service
271123.201.103.9 445 tcp microsoft-ds closed
271223.201.103.9 520 tcp efs filtered
271323.201.103.9 520 udp route unknown
271423.201.103.9 2049 tcp nfs filtered
271523.201.103.9 2049 udp nfs unknown
271623.201.103.9 8883 tcp secure-mqtt open
271734.66.191.217 25 tcp smtp closed
271834.66.191.217 53 tcp domain filtered
271934.66.191.217 53 udp domain unknown
272034.66.191.217 67 tcp dhcps filtered
272134.66.191.217 67 udp dhcps unknown
272234.66.191.217 68 tcp dhcpc filtered
272334.66.191.217 68 udp dhcpc unknown
272434.66.191.217 69 tcp tftp filtered
272534.66.191.217 69 udp tftp unknown
272634.66.191.217 80 tcp http open nginx
272734.66.191.217 88 tcp kerberos-sec filtered
272834.66.191.217 88 udp kerberos-sec unknown
272934.66.191.217 123 tcp ntp filtered
273034.66.191.217 123 udp ntp unknown
273134.66.191.217 137 tcp netbios-ns filtered
273234.66.191.217 137 udp netbios-ns filtered
273334.66.191.217 138 tcp netbios-dgm filtered
273434.66.191.217 138 udp netbios-dgm filtered
273534.66.191.217 139 tcp netbios-ssn closed
273634.66.191.217 139 udp netbios-ssn unknown
273734.66.191.217 161 tcp snmp filtered
273834.66.191.217 161 udp snmp unknown
273934.66.191.217 162 tcp snmptrap filtered
274034.66.191.217 162 udp snmptrap unknown
274134.66.191.217 389 tcp ldap filtered
274234.66.191.217 389 udp ldap unknown
274334.66.191.217 443 tcp ssl/http open nginx
274434.66.191.217 445 tcp microsoft-ds closed
274534.66.191.217 520 tcp efs filtered
274634.66.191.217 520 udp route unknown
274734.66.191.217 2049 tcp nfs filtered
274834.66.191.217 2049 udp nfs unknown
274934.66.191.217 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
275045.60.80.235 53 tcp domain open
275145.60.80.235 53 udp domain open
275245.60.80.235 67 udp dhcps unknown
275345.60.80.235 68 udp dhcpc unknown
275445.60.80.235 69 udp tftp unknown
275545.60.80.235 80 tcp http open Incapsula CDN httpd
275645.60.80.235 81 tcp http open Incapsula CDN httpd
275745.60.80.235 85 tcp http open Incapsula CDN httpd
275845.60.80.235 88 tcp http open Incapsula CDN httpd
275945.60.80.235 88 udp kerberos-sec unknown
276045.60.80.235 123 udp ntp unknown
276145.60.80.235 139 udp netbios-ssn unknown
276245.60.80.235 161 udp snmp unknown
276345.60.80.235 162 udp snmptrap unknown
276445.60.80.235 389 tcp ssl/http open Incapsula CDN httpd
276545.60.80.235 389 udp ldap unknown
276645.60.80.235 443 tcp ssl/http open Incapsula CDN httpd
276745.60.80.235 444 tcp ssl/http open Incapsula CDN httpd
276845.60.80.235 446 tcp http open Incapsula CDN httpd
276945.60.80.235 520 udp route unknown
277045.60.80.235 587 tcp http open Incapsula CDN httpd
277145.60.80.235 631 tcp http open Incapsula CDN httpd
277245.60.80.235 888 tcp http open Incapsula CDN httpd
277345.60.80.235 995 tcp ssl/http open Incapsula CDN httpd
277445.60.80.235 998 tcp ssl/http open Incapsula CDN httpd
277545.60.80.235 999 tcp http open Incapsula CDN httpd
277645.60.80.235 1000 tcp http open Incapsula CDN httpd
277745.60.80.235 1024 tcp http open Incapsula CDN httpd
277845.60.80.235 1103 tcp http open Incapsula CDN httpd
277945.60.80.235 1234 tcp http open Incapsula CDN httpd
278045.60.80.235 1433 tcp http open Incapsula CDN httpd
278145.60.80.235 1494 tcp http open Incapsula CDN httpd
278245.60.80.235 2000 tcp ssl/http open Incapsula CDN httpd
278345.60.80.235 2001 tcp http open Incapsula CDN httpd
278445.60.80.235 2049 tcp http open Incapsula CDN httpd
278545.60.80.235 2049 udp nfs unknown
278645.60.80.235 2067 tcp http open Incapsula CDN httpd
278745.60.80.235 2100 tcp ssl/http open Incapsula CDN httpd
278845.60.80.235 2222 tcp http open Incapsula CDN httpd
278945.60.80.235 2598 tcp http open Incapsula CDN httpd
279045.60.80.235 3000 tcp http open Incapsula CDN httpd
279145.60.80.235 3050 tcp http open Incapsula CDN httpd
279245.60.80.235 3057 tcp http open Incapsula CDN httpd
279345.60.80.235 3299 tcp http open Incapsula CDN httpd
279445.60.80.235 3306 tcp ssl/http open Incapsula CDN httpd
279545.60.80.235 3333 tcp http open Incapsula CDN httpd
279645.60.80.235 3389 tcp ssl/http open Incapsula CDN httpd
279745.60.80.235 3500 tcp http open Incapsula CDN httpd
279845.60.80.235 3790 tcp http open Incapsula CDN httpd
279945.60.80.235 4000 tcp http open Incapsula CDN httpd
280045.60.80.235 4444 tcp ssl/http open Incapsula CDN httpd
280145.60.80.235 4445 tcp ssl/http open Incapsula CDN httpd
280245.60.80.235 5000 tcp http open Incapsula CDN httpd
280345.60.80.235 5009 tcp http open Incapsula CDN httpd
280445.60.80.235 5060 tcp ssl/http open Incapsula CDN httpd
280545.60.80.235 5061 tcp ssl/http open Incapsula CDN httpd
280645.60.80.235 5227 tcp ssl/http open Incapsula CDN httpd
280745.60.80.235 5247 tcp ssl/http open Incapsula CDN httpd
280845.60.80.235 5250 tcp ssl/http open Incapsula CDN httpd
280945.60.80.235 5555 tcp http open Incapsula CDN httpd
281045.60.80.235 5900 tcp http open Incapsula CDN httpd
281145.60.80.235 5901 tcp ssl/http open Incapsula CDN httpd
281245.60.80.235 5902 tcp ssl/http open Incapsula CDN httpd
281345.60.80.235 5903 tcp ssl/http open Incapsula CDN httpd
281445.60.80.235 5904 tcp ssl/http open Incapsula CDN httpd
281545.60.80.235 5905 tcp ssl/http open Incapsula CDN httpd
281645.60.80.235 5906 tcp ssl/http open Incapsula CDN httpd
281745.60.80.235 5907 tcp ssl/http open Incapsula CDN httpd
281845.60.80.235 5908 tcp ssl/http open Incapsula CDN httpd
281945.60.80.235 5909 tcp ssl/http open Incapsula CDN httpd
282045.60.80.235 5910 tcp ssl/http open Incapsula CDN httpd
282145.60.80.235 5920 tcp ssl/http open Incapsula CDN httpd
282245.60.80.235 5984 tcp ssl/http open Incapsula CDN httpd
282345.60.80.235 5985 tcp http open Incapsula CDN httpd
282445.60.80.235 5986 tcp ssl/http open Incapsula CDN httpd
282545.60.80.235 5999 tcp ssl/http open Incapsula CDN httpd
282645.60.80.235 6000 tcp http open Incapsula CDN httpd
282745.60.80.235 6060 tcp http open Incapsula CDN httpd
282845.60.80.235 6161 tcp http open Incapsula CDN httpd
282945.60.80.235 6379 tcp http open Incapsula CDN httpd
283045.60.80.235 6661 tcp ssl/http open Incapsula CDN httpd
283145.60.80.235 6789 tcp http open Incapsula CDN httpd
283245.60.80.235 7001 tcp http open Incapsula CDN httpd
283345.60.80.235 7021 tcp http open Incapsula CDN httpd
283445.60.80.235 7071 tcp ssl/http open Incapsula CDN httpd
283545.60.80.235 7080 tcp http open Incapsula CDN httpd
283645.60.80.235 7272 tcp ssl/http open Incapsula CDN httpd
283745.60.80.235 7443 tcp ssl/http open Incapsula CDN httpd
283845.60.80.235 7700 tcp http open Incapsula CDN httpd
283945.60.80.235 7777 tcp http open Incapsula CDN httpd
284045.60.80.235 7778 tcp http open Incapsula CDN httpd
284145.60.80.235 8000 tcp http open Incapsula CDN httpd
284245.60.80.235 8001 tcp http open Incapsula CDN httpd
284345.60.80.235 8008 tcp http open Incapsula CDN httpd
284445.60.80.235 8014 tcp http open Incapsula CDN httpd
284545.60.80.235 8020 tcp http open Incapsula CDN httpd
284645.60.80.235 8023 tcp http open Incapsula CDN httpd
284745.60.80.235 8028 tcp http open Incapsula CDN httpd
284845.60.80.235 8030 tcp http open Incapsula CDN httpd
284945.60.80.235 8050 tcp http open Incapsula CDN httpd
285045.60.80.235 8051 tcp http open Incapsula CDN httpd
285145.60.80.235 8080 tcp http open Incapsula CDN httpd
285245.60.80.235 8081 tcp http open Incapsula CDN httpd
285345.60.80.235 8082 tcp http open Incapsula CDN httpd
285445.60.80.235 8085 tcp http open Incapsula CDN httpd
285545.60.80.235 8086 tcp http open Incapsula CDN httpd
285645.60.80.235 8087 tcp http open Incapsula CDN httpd
285745.60.80.235 8088 tcp http open Incapsula CDN httpd
285845.60.80.235 8090 tcp http open Incapsula CDN httpd
285945.60.80.235 8091 tcp http open Incapsula CDN httpd
286045.60.80.235 8095 tcp http open Incapsula CDN httpd
286145.60.80.235 8101 tcp http open Incapsula CDN httpd
286245.60.80.235 8161 tcp http open Incapsula CDN httpd
286345.60.80.235 8180 tcp http open Incapsula CDN httpd
286445.60.80.235 8222 tcp http open Incapsula CDN httpd
286545.60.80.235 8333 tcp http open Incapsula CDN httpd
286645.60.80.235 8443 tcp ssl/http open Incapsula CDN httpd
286745.60.80.235 8444 tcp http open Incapsula CDN httpd
286845.60.80.235 8445 tcp http open Incapsula CDN httpd
286945.60.80.235 8503 tcp ssl/http open Incapsula CDN httpd
287045.60.80.235 8686 tcp http open Incapsula CDN httpd
287145.60.80.235 8787 tcp http open Incapsula CDN httpd
287245.60.80.235 8800 tcp http open Incapsula CDN httpd
287345.60.80.235 8812 tcp http open Incapsula CDN httpd
287445.60.80.235 8834 tcp http open Incapsula CDN httpd
287545.60.80.235 8880 tcp http open Incapsula CDN httpd
287645.60.80.235 8888 tcp http open Incapsula CDN httpd
287745.60.80.235 8890 tcp http open Incapsula CDN httpd
287845.60.80.235 8899 tcp http open Incapsula CDN httpd
287945.60.80.235 8901 tcp http open Incapsula CDN httpd
288045.60.80.235 8902 tcp http open Incapsula CDN httpd
288145.60.80.235 8999 tcp http open Incapsula CDN httpd
288245.60.80.235 9000 tcp http open Incapsula CDN httpd
288345.60.80.235 9001 tcp http open Incapsula CDN httpd
288445.60.80.235 9002 tcp http open Incapsula CDN httpd
288545.60.80.235 9003 tcp http open Incapsula CDN httpd
288645.60.80.235 9004 tcp http open Incapsula CDN httpd
288745.60.80.235 9005 tcp http open Incapsula CDN httpd
288845.60.80.235 9010 tcp http open Incapsula CDN httpd
288945.60.80.235 9050 tcp http open Incapsula CDN httpd
289045.60.80.235 9080 tcp http open Incapsula CDN httpd
289145.60.80.235 9081 tcp ssl/http open Incapsula CDN httpd
289245.60.80.235 9084 tcp http open Incapsula CDN httpd
289345.60.80.235 9090 tcp http open Incapsula CDN httpd
289445.60.80.235 9099 tcp http open Incapsula CDN httpd
289545.60.80.235 9100 tcp jetdirect open
289645.60.80.235 9111 tcp http open Incapsula CDN httpd
289745.60.80.235 9200 tcp http open Incapsula CDN httpd
289845.60.80.235 9300 tcp http open Incapsula CDN httpd
289945.60.80.235 9500 tcp http open Incapsula CDN httpd
290045.60.80.235 9711 tcp ssl/http open Incapsula CDN httpd
290145.60.80.235 9991 tcp http open Incapsula CDN httpd
290245.60.80.235 9999 tcp http open Incapsula CDN httpd
290345.60.80.235 10000 tcp http open Incapsula CDN httpd
290452.198.183.13 25 tcp smtp closed
290552.198.183.13 53 tcp domain filtered
290652.198.183.13 53 udp domain unknown
290752.198.183.13 67 tcp dhcps filtered
290852.198.183.13 67 udp dhcps unknown
290952.198.183.13 68 tcp dhcpc filtered
291052.198.183.13 68 udp dhcpc unknown
291152.198.183.13 69 tcp tftp filtered
291252.198.183.13 69 udp tftp unknown
291352.198.183.13 80 tcp http open nginx
291452.198.183.13 88 tcp kerberos-sec filtered
291552.198.183.13 88 udp kerberos-sec unknown
291652.198.183.13 123 tcp ntp filtered
291752.198.183.13 123 udp ntp unknown
291852.198.183.13 137 tcp netbios-ns filtered
291952.198.183.13 137 udp netbios-ns filtered
292052.198.183.13 138 tcp netbios-dgm filtered
292152.198.183.13 138 udp netbios-dgm filtered
292252.198.183.13 139 tcp netbios-ssn closed
292352.198.183.13 139 udp netbios-ssn unknown
292452.198.183.13 161 tcp snmp filtered
292552.198.183.13 161 udp snmp unknown
292652.198.183.13 162 tcp snmptrap filtered
292752.198.183.13 162 udp snmptrap unknown
292852.198.183.13 389 tcp ldap filtered
292952.198.183.13 389 udp ldap unknown
293052.198.183.13 443 tcp ssl/http open nginx
293152.198.183.13 445 tcp microsoft-ds closed
293252.198.183.13 520 tcp efs filtered
293352.198.183.13 520 udp route unknown
293452.198.183.13 2049 tcp nfs filtered
293552.198.183.13 2049 udp nfs unknown
293672.47.224.85 25 tcp smtp closed
293772.47.224.85 53 tcp domain filtered
293872.47.224.85 53 udp domain unknown
293972.47.224.85 67 tcp dhcps filtered
294072.47.224.85 67 udp dhcps unknown
294172.47.224.85 68 tcp dhcpc filtered
294272.47.224.85 68 udp dhcpc unknown
294372.47.224.85 69 tcp tftp filtered
294472.47.224.85 69 udp tftp unknown
294572.47.224.85 80 tcp http open Apache httpd 2.4.39
294672.47.224.85 88 tcp kerberos-sec filtered
294772.47.224.85 88 udp kerberos-sec unknown
294872.47.224.85 110 tcp pop3 open Dovecot pop3d
294972.47.224.85 123 tcp ntp filtered
295072.47.224.85 123 udp ntp unknown
295172.47.224.85 137 tcp netbios-ns filtered
295272.47.224.85 137 udp netbios-ns filtered
295372.47.224.85 138 tcp netbios-dgm filtered
295472.47.224.85 138 udp netbios-dgm filtered
295572.47.224.85 139 tcp netbios-ssn closed
295672.47.224.85 139 udp netbios-ssn unknown
295772.47.224.85 143 tcp imap open Dovecot imapd
295872.47.224.85 161 tcp snmp filtered
295972.47.224.85 161 udp snmp unknown
296072.47.224.85 162 tcp snmptrap filtered
296172.47.224.85 162 udp snmptrap unknown
296272.47.224.85 389 tcp ldap filtered
296372.47.224.85 389 udp ldap unknown
296472.47.224.85 443 tcp ssl/http open nginx 1.16.1
296572.47.224.85 445 tcp microsoft-ds closed
296672.47.224.85 465 tcp ssl/smtp open Exim smtpd 4.84_2
296772.47.224.85 520 tcp efs filtered
296872.47.224.85 520 udp route unknown
296972.47.224.85 587 tcp smtp open Exim smtpd 4.84_2
297072.47.224.85 993 tcp ssl/imaps open
297172.47.224.85 995 tcp ssl/pop3s open
297272.47.224.85 2049 tcp nfs filtered
297372.47.224.85 2049 udp nfs unknown
297480.82.79.116 21 tcp ftp open 220 (vsFTPd 3.0.2)\x0d\x0a
297580.82.79.116 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
297680.82.79.116 53 tcp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
297780.82.79.116 53 udp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
297880.82.79.116 67 tcp dhcps closed
297980.82.79.116 67 udp dhcps closed
298080.82.79.116 68 tcp dhcpc closed
298180.82.79.116 68 udp dhcpc closed
298280.82.79.116 69 tcp tftp closed
298380.82.79.116 69 udp tftp unknown
298480.82.79.116 88 tcp kerberos-sec closed
298580.82.79.116 88 udp kerberos-sec unknown
298680.82.79.116 123 tcp ntp closed
298780.82.79.116 123 udp ntp unknown
298880.82.79.116 137 tcp netbios-ns closed
298980.82.79.116 137 udp netbios-ns filtered
299080.82.79.116 138 tcp netbios-dgm closed
299180.82.79.116 138 udp netbios-dgm filtered
299280.82.79.116 139 tcp netbios-ssn closed
299380.82.79.116 139 udp netbios-ssn unknown
299480.82.79.116 161 tcp snmp closed
299580.82.79.116 161 udp snmp closed
299680.82.79.116 162 tcp snmptrap closed
299780.82.79.116 162 udp snmptrap closed
299880.82.79.116 389 tcp ldap closed
299980.82.79.116 389 udp ldap closed
300080.82.79.116 520 tcp efs closed
300180.82.79.116 520 udp route closed
300280.82.79.116 2049 tcp nfs closed
300380.82.79.116 2049 udp nfs unknown
300480.209.242.81 21 tcp ftp open 220 FTP Server ready.\x0d\x0a
300580.209.242.81 22 tcp ssh open SSH-2.0-OpenSSH_7.4
300680.209.242.81 53 tcp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
300780.209.242.81 53 udp domain open ISC BIND 9.11.4-P2 RedHat Enterprise Linux 7
300880.209.242.81 67 tcp dhcps filtered
300980.209.242.81 67 udp dhcps unknown
301080.209.242.81 68 tcp dhcpc filtered
301180.209.242.81 68 udp dhcpc unknown
301280.209.242.81 69 tcp tftp filtered
301380.209.242.81 69 udp tftp unknown
301480.209.242.81 88 tcp kerberos-sec filtered
301580.209.242.81 88 udp kerberos-sec unknown
301680.209.242.81 123 tcp ntp filtered
301780.209.242.81 123 udp ntp unknown
301880.209.242.81 137 tcp netbios-ns filtered
301980.209.242.81 137 udp netbios-ns filtered
302080.209.242.81 138 tcp netbios-dgm filtered
302180.209.242.81 138 udp netbios-dgm filtered
302280.209.242.81 139 tcp netbios-ssn closed
302380.209.242.81 139 udp netbios-ssn unknown
302480.209.242.81 161 tcp snmp filtered
302580.209.242.81 161 udp snmp unknown
302680.209.242.81 162 tcp snmptrap filtered
302780.209.242.81 162 udp snmptrap unknown
302880.209.242.81 389 tcp ldap filtered
302980.209.242.81 389 udp ldap filtered
303080.209.242.81 520 tcp efs filtered
303180.209.242.81 520 udp route unknown
303280.209.242.81 2049 tcp nfs filtered
303380.209.242.81 2049 udp nfs unknown
303482.221.139.217 22 tcp ssh open SSH-2.0-OpenSSH_5.3
303584.235.91.252 25 tcp smtp closed
303684.235.91.252 53 tcp domain filtered
303784.235.91.252 53 udp domain unknown
303884.235.91.252 67 tcp dhcps filtered
303984.235.91.252 67 udp dhcps unknown
304084.235.91.252 68 tcp dhcpc filtered
304184.235.91.252 68 udp dhcpc unknown
304284.235.91.252 69 tcp tftp filtered
304384.235.91.252 69 udp tftp unknown
304484.235.91.252 88 tcp kerberos-sec filtered
304584.235.91.252 88 udp kerberos-sec unknown
304684.235.91.252 123 tcp ntp filtered
304784.235.91.252 123 udp ntp unknown
304884.235.91.252 137 tcp netbios-ns filtered
304984.235.91.252 137 udp netbios-ns filtered
305084.235.91.252 138 tcp netbios-dgm filtered
305184.235.91.252 138 udp netbios-dgm filtered
305284.235.91.252 139 tcp netbios-ssn closed
305384.235.91.252 139 udp netbios-ssn unknown
305484.235.91.252 161 tcp snmp filtered
305584.235.91.252 161 udp snmp unknown
305684.235.91.252 162 tcp snmptrap filtered
305784.235.91.252 162 udp snmptrap unknown
305884.235.91.252 389 tcp ldap filtered
305984.235.91.252 389 udp ldap unknown
306084.235.91.252 445 tcp microsoft-ds closed
306184.235.91.252 520 tcp efs filtered
306284.235.91.252 520 udp route unknown
306384.235.91.252 2049 tcp nfs filtered
306484.235.91.252 2049 udp nfs unknown
306587.247.240.207 21 tcp ftp open ProFTPD
306687.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
306787.247.240.207 67 udp dhcps unknown
306887.247.240.207 68 udp dhcpc unknown
306987.247.240.207 69 udp tftp unknown
307087.247.240.207 80 tcp http open Apache httpd
307187.247.240.207 88 udp kerberos-sec unknown
307287.247.240.207 110 tcp pop3 open Dovecot pop3d
307387.247.240.207 123 udp ntp unknown
307487.247.240.207 139 udp netbios-ssn unknown
307587.247.240.207 143 tcp imap open Dovecot imapd
307687.247.240.207 161 udp snmp unknown
307787.247.240.207 162 udp snmptrap unknown
307887.247.240.207 389 udp ldap unknown
307987.247.240.207 443 tcp ssl/http open Apache httpd
308087.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
308187.247.240.207 520 udp route unknown
308287.247.240.207 587 tcp smtp open Exim smtpd 4.92
308387.247.240.207 993 tcp ssl/imaps open
308487.247.240.207 995 tcp ssl/pop3s open
308587.247.240.207 2049 udp nfs unknown
308689.248.172.200 22 tcp ssh open SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
308789.248.172.200 53 tcp domain closed
308889.248.172.200 53 udp domain closed
308989.248.172.200 67 tcp dhcps closed
309089.248.172.200 67 udp dhcps closed
309189.248.172.200 68 tcp dhcpc closed
309289.248.172.200 68 udp dhcpc closed
309389.248.172.200 69 tcp tftp closed
309489.248.172.200 69 udp tftp closed
309589.248.172.200 88 tcp kerberos-sec closed
309689.248.172.200 88 udp kerberos-sec unknown
309789.248.172.200 123 tcp ntp closed
309889.248.172.200 123 udp ntp unknown
309989.248.172.200 137 tcp netbios-ns closed
310089.248.172.200 137 udp netbios-ns filtered
310189.248.172.200 138 tcp netbios-dgm closed
310289.248.172.200 138 udp netbios-dgm filtered
310389.248.172.200 139 tcp netbios-ssn closed
310489.248.172.200 139 udp netbios-ssn closed
310589.248.172.200 161 tcp snmp closed
310689.248.172.200 161 udp snmp closed
310789.248.172.200 162 tcp snmptrap closed
310889.248.172.200 162 udp snmptrap unknown
310989.248.172.200 389 tcp ldap closed
311089.248.172.200 389 udp ldap closed
311189.248.172.200 520 tcp efs closed
311289.248.172.200 520 udp route closed
311389.248.172.200 2049 tcp nfs closed
311489.248.172.200 2049 udp nfs unknown
311593.89.20.20 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 21:36. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
311693.95.228.158 22 tcp ssh open SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
311793.113.37.250 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 13:36. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
311893.113.37.250 53 tcp domain open PowerDNS Authoritative Server 4.1.10
311993.113.37.250 53 udp domain open PowerDNS Authoritative Server 4.1.10
312093.113.37.250 389 udp ldap unknown
312193.113.37.250 520 udp route unknown
312293.113.37.250 2049 udp nfs unknown
312393.174.93.84 21 tcp ftp open vsftpd 3.0.2
312493.174.93.84 25 tcp smtp closed
312593.174.93.84 53 tcp domain filtered
312693.174.93.84 53 udp domain filtered
312793.174.93.84 67 tcp dhcps filtered
312893.174.93.84 67 udp dhcps filtered
312993.174.93.84 68 tcp dhcpc filtered
313093.174.93.84 68 udp dhcpc unknown
313193.174.93.84 69 tcp tftp filtered
313293.174.93.84 69 udp tftp unknown
313393.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
313493.174.93.84 88 tcp kerberos-sec filtered
313593.174.93.84 88 udp kerberos-sec unknown
313693.174.93.84 123 tcp ntp filtered
313793.174.93.84 123 udp ntp filtered
313893.174.93.84 137 tcp netbios-ns filtered
313993.174.93.84 137 udp netbios-ns filtered
314093.174.93.84 138 tcp netbios-dgm filtered
314193.174.93.84 138 udp netbios-dgm filtered
314293.174.93.84 139 tcp netbios-ssn closed
314393.174.93.84 139 udp netbios-ssn unknown
314493.174.93.84 161 tcp snmp filtered
314593.174.93.84 161 udp snmp unknown
314693.174.93.84 162 tcp snmptrap filtered
314793.174.93.84 162 udp snmptrap unknown
314893.174.93.84 389 tcp ldap filtered
314993.174.93.84 389 udp ldap filtered
315093.174.93.84 445 tcp microsoft-ds closed
315193.174.93.84 520 tcp efs filtered
315293.174.93.84 520 udp route unknown
315393.174.93.84 2049 tcp nfs filtered
315493.174.93.84 2049 udp nfs unknown
315593.191.156.197 22 tcp ssh open SSH-2.0-OpenSSH_5.3
315694.102.51.33 22 tcp ssh open
315794.102.51.33 53 tcp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
315894.102.51.33 53 udp domain open ISC BIND 9.9.4 RedHat Enterprise Linux 7
315994.102.51.33 67 tcp dhcps filtered
316094.102.51.33 67 udp dhcps unknown
316194.102.51.33 68 tcp dhcpc filtered
316294.102.51.33 68 udp dhcpc unknown
316394.102.51.33 69 tcp tftp filtered
316494.102.51.33 69 udp tftp unknown
316594.102.51.33 80 tcp http open nginx
316694.102.51.33 88 tcp kerberos-sec filtered
316794.102.51.33 88 udp kerberos-sec unknown
316894.102.51.33 110 tcp pop3 open Dovecot pop3d
316994.102.51.33 123 tcp ntp filtered
317094.102.51.33 123 udp ntp unknown
317194.102.51.33 137 tcp netbios-ns filtered
317294.102.51.33 137 udp netbios-ns filtered
317394.102.51.33 138 tcp netbios-dgm filtered
317494.102.51.33 138 udp netbios-dgm filtered
317594.102.51.33 139 tcp netbios-ssn closed
317694.102.51.33 139 udp netbios-ssn unknown
317794.102.51.33 143 tcp imap open Dovecot imapd
317894.102.51.33 161 tcp snmp filtered
317994.102.51.33 161 udp snmp unknown
318094.102.51.33 162 tcp snmptrap filtered
318194.102.51.33 162 udp snmptrap unknown
318294.102.51.33 389 tcp ldap filtered
318394.102.51.33 389 udp ldap unknown
318494.102.51.33 465 tcp ssl/smtp open Exim smtpd 4.89
318594.102.51.33 520 tcp efs filtered
318694.102.51.33 520 udp route unknown
318794.102.51.33 993 tcp ssl/imaps open
318894.102.51.33 995 tcp ssl/pop3s open
318994.102.51.33 2049 tcp nfs filtered
319094.102.51.33 2049 udp nfs unknown
3191104.154.60.12 25 tcp smtp closed
3192104.154.60.12 53 tcp domain filtered
3193104.154.60.12 53 udp domain unknown
3194104.154.60.12 67 tcp dhcps filtered
3195104.154.60.12 67 udp dhcps unknown
3196104.154.60.12 68 tcp dhcpc filtered
3197104.154.60.12 68 udp dhcpc unknown
3198104.154.60.12 69 tcp tftp filtered
3199104.154.60.12 69 udp tftp unknown
3200104.154.60.12 80 tcp http open nginx
3201104.154.60.12 88 tcp kerberos-sec filtered
3202104.154.60.12 88 udp kerberos-sec unknown
3203104.154.60.12 123 tcp ntp filtered
3204104.154.60.12 123 udp ntp unknown
3205104.154.60.12 137 tcp netbios-ns filtered
3206104.154.60.12 137 udp netbios-ns filtered
3207104.154.60.12 138 tcp netbios-dgm filtered
3208104.154.60.12 138 udp netbios-dgm filtered
3209104.154.60.12 139 tcp netbios-ssn closed
3210104.154.60.12 139 udp netbios-ssn unknown
3211104.154.60.12 161 tcp snmp filtered
3212104.154.60.12 161 udp snmp unknown
3213104.154.60.12 162 tcp snmptrap filtered
3214104.154.60.12 162 udp snmptrap unknown
3215104.154.60.12 389 tcp ldap filtered
3216104.154.60.12 389 udp ldap unknown
3217104.154.60.12 443 tcp ssl/http open nginx
3218104.154.60.12 445 tcp microsoft-ds closed
3219104.154.60.12 520 tcp efs filtered
3220104.154.60.12 520 udp route unknown
3221104.154.60.12 2049 tcp nfs filtered
3222104.154.60.12 2049 udp nfs unknown
3223104.154.60.12 2222 tcp ssh open ProFTPD mod_sftp 0.9.9 protocol 2.0
3224104.218.232.66 22 tcp ssh open OpenSSH 7.4p1 Debian 10+deb9u3 protocol 2.0
3225104.218.232.66 53 tcp domain closed
3226104.218.232.66 53 udp domain unknown
3227104.218.232.66 67 tcp dhcps closed
3228104.218.232.66 67 udp dhcps unknown
3229104.218.232.66 68 tcp dhcpc closed
3230104.218.232.66 68 udp dhcpc closed
3231104.218.232.66 69 tcp tftp closed
3232104.218.232.66 69 udp tftp closed
3233104.218.232.66 80 tcp http open ngjit
3234104.218.232.66 88 tcp kerberos-sec closed
3235104.218.232.66 88 udp kerberos-sec closed
3236104.218.232.66 123 tcp ntp closed
3237104.218.232.66 123 udp ntp closed
3238104.218.232.66 137 tcp netbios-ns closed
3239104.218.232.66 137 udp netbios-ns filtered
3240104.218.232.66 138 tcp netbios-dgm closed
3241104.218.232.66 138 udp netbios-dgm filtered
3242104.218.232.66 139 tcp netbios-ssn closed
3243104.218.232.66 139 udp netbios-ssn closed
3244104.218.232.66 161 tcp snmp closed
3245104.218.232.66 161 udp snmp unknown
3246104.218.232.66 162 tcp snmptrap closed
3247104.218.232.66 162 udp snmptrap closed
3248104.218.232.66 389 tcp ldap closed
3249104.218.232.66 389 udp ldap closed
3250104.218.232.66 443 tcp ssl/https open ngjit
3251104.218.232.66 520 tcp efs closed
3252104.218.232.66 520 udp route unknown
3253104.218.232.66 2049 tcp nfs closed
3254104.218.232.66 2049 udp nfs closed
3255107.154.130.27 53 tcp domain open
3256107.154.130.27 53 udp domain open
3257107.154.130.27 67 tcp dhcps filtered
3258107.154.130.27 67 udp dhcps unknown
3259107.154.130.27 68 tcp dhcpc filtered
3260107.154.130.27 68 udp dhcpc unknown
3261107.154.130.27 69 tcp tftp filtered
3262107.154.130.27 69 udp tftp unknown
3263107.154.130.27 88 tcp http open Incapsula CDN httpd
3264107.154.130.27 88 udp kerberos-sec unknown
3265107.154.130.27 123 tcp ntp filtered
3266107.154.130.27 123 udp ntp unknown
3267107.154.130.27 137 tcp netbios-ns filtered
3268107.154.130.27 137 udp netbios-ns filtered
3269107.154.130.27 138 tcp netbios-dgm filtered
3270107.154.130.27 138 udp netbios-dgm filtered
3271107.154.130.27 139 tcp netbios-ssn closed
3272107.154.130.27 139 udp netbios-ssn unknown
3273107.154.130.27 161 tcp snmp filtered
3274107.154.130.27 161 udp snmp unknown
3275107.154.130.27 162 tcp snmptrap filtered
3276107.154.130.27 162 udp snmptrap unknown
3277107.154.130.27 389 tcp ssl/http open Incapsula CDN httpd
3278107.154.130.27 389 udp ldap unknown
3279107.154.130.27 520 tcp efs filtered
3280107.154.130.27 520 udp route unknown
3281107.154.130.27 2049 tcp http open Incapsula CDN httpd
3282107.154.130.27 2049 udp nfs unknown
3283107.154.248.27 53 tcp domain open
3284107.154.248.27 80 tcp http open Incapsula CDN httpd
3285107.154.248.27 81 tcp http open Incapsula CDN httpd
3286107.154.248.27 85 tcp http open Incapsula CDN httpd
3287107.154.248.27 88 tcp http open Incapsula CDN httpd
3288107.154.248.27 389 tcp ssl/http open Incapsula CDN httpd
3289107.154.248.27 443 tcp ssl/http open Incapsula CDN httpd
3290107.154.248.27 444 tcp ssl/http open Incapsula CDN httpd
3291107.154.248.27 446 tcp http open Incapsula CDN httpd
3292107.154.248.27 587 tcp http open Incapsula CDN httpd
3293107.154.248.27 631 tcp http open Incapsula CDN httpd
3294107.154.248.27 888 tcp http open Incapsula CDN httpd
3295107.154.248.27 995 tcp ssl/http open Incapsula CDN httpd
3296107.154.248.27 998 tcp ssl/http open Incapsula CDN httpd
3297107.154.248.27 999 tcp http open Incapsula CDN httpd
3298107.154.248.27 1000 tcp http open Incapsula CDN httpd
3299107.154.248.27 1024 tcp http open Incapsula CDN httpd
3300107.154.248.27 1103 tcp http open Incapsula CDN httpd
3301107.154.248.27 1234 tcp http open Incapsula CDN httpd
3302107.154.248.27 1433 tcp http open Incapsula CDN httpd
3303107.154.248.27 1494 tcp http open Incapsula CDN httpd
3304107.154.248.27 2000 tcp ssl/http open Incapsula CDN httpd
3305107.154.248.27 2001 tcp http open Incapsula CDN httpd
3306107.154.248.27 2049 tcp http open Incapsula CDN httpd
3307107.154.248.27 2067 tcp http open Incapsula CDN httpd
3308107.154.248.27 2100 tcp ssl/http open Incapsula CDN httpd
3309107.154.248.27 2222 tcp http open Incapsula CDN httpd
3310107.154.248.27 2598 tcp http open Incapsula CDN httpd
3311107.154.248.27 3000 tcp http open Incapsula CDN httpd
3312107.154.248.27 3050 tcp http open Incapsula CDN httpd
3313107.154.248.27 3057 tcp http open Incapsula CDN httpd
3314107.154.248.27 3299 tcp http open Incapsula CDN httpd
3315107.154.248.27 3306 tcp ssl/http open Incapsula CDN httpd
3316107.154.248.27 3333 tcp http open Incapsula CDN httpd
3317107.154.248.27 3389 tcp ssl/http open Incapsula CDN httpd
3318107.154.248.27 3500 tcp http open Incapsula CDN httpd
3319107.154.248.27 3790 tcp http open Incapsula CDN httpd
3320107.154.248.27 4000 tcp http open Incapsula CDN httpd
3321107.154.248.27 4444 tcp ssl/http open Incapsula CDN httpd
3322107.154.248.27 4445 tcp ssl/http open Incapsula CDN httpd
3323107.154.248.27 5000 tcp http open Incapsula CDN httpd
3324107.154.248.27 5009 tcp http open Incapsula CDN httpd
3325107.154.248.27 5060 tcp ssl/http open Incapsula CDN httpd
3326107.154.248.27 5061 tcp ssl/http open Incapsula CDN httpd
3327107.154.248.27 5227 tcp ssl/http open Incapsula CDN httpd
3328107.154.248.27 5247 tcp ssl/http open Incapsula CDN httpd
3329107.154.248.27 5250 tcp ssl/http open Incapsula CDN httpd
3330107.154.248.27 5555 tcp http open Incapsula CDN httpd
3331107.154.248.27 5900 tcp http open Incapsula CDN httpd
3332107.154.248.27 5901 tcp ssl/http open Incapsula CDN httpd
3333107.154.248.27 5902 tcp ssl/http open Incapsula CDN httpd
3334107.154.248.27 5903 tcp ssl/http open Incapsula CDN httpd
3335107.154.248.27 5904 tcp ssl/http open Incapsula CDN httpd
3336107.154.248.27 5905 tcp ssl/http open Incapsula CDN httpd
3337107.154.248.27 5906 tcp ssl/http open Incapsula CDN httpd
3338107.154.248.27 5907 tcp ssl/http open Incapsula CDN httpd
3339107.154.248.27 5908 tcp ssl/http open Incapsula CDN httpd
3340107.154.248.27 5909 tcp ssl/http open Incapsula CDN httpd
3341107.154.248.27 5910 tcp ssl/http open Incapsula CDN httpd
3342107.154.248.27 5920 tcp ssl/http open Incapsula CDN httpd
3343107.154.248.27 5984 tcp ssl/http open Incapsula CDN httpd
3344107.154.248.27 5985 tcp http open Incapsula CDN httpd
3345107.154.248.27 5986 tcp ssl/http open Incapsula CDN httpd
3346107.154.248.27 5999 tcp ssl/http open Incapsula CDN httpd
3347107.154.248.27 6000 tcp http open Incapsula CDN httpd
3348107.154.248.27 6060 tcp http open Incapsula CDN httpd
3349107.154.248.27 6161 tcp http open Incapsula CDN httpd
3350107.154.248.27 6379 tcp http open Incapsula CDN httpd
3351107.154.248.27 6661 tcp ssl/http open Incapsula CDN httpd
3352107.154.248.27 6789 tcp http open Incapsula CDN httpd
3353107.154.248.27 7000 tcp ssl/http open Incapsula CDN httpd
3354107.154.248.27 7001 tcp http open Incapsula CDN httpd
3355107.154.248.27 7021 tcp http open Incapsula CDN httpd
3356107.154.248.27 7071 tcp ssl/http open Incapsula CDN httpd
3357107.154.248.27 7080 tcp http open Incapsula CDN httpd
3358107.154.248.27 7272 tcp ssl/http open Incapsula CDN httpd
3359107.154.248.27 7443 tcp ssl/http open Incapsula CDN httpd
3360107.154.248.27 7700 tcp http open Incapsula CDN httpd
3361107.154.248.27 7777 tcp http open Incapsula CDN httpd
3362107.154.248.27 7778 tcp http open Incapsula CDN httpd
3363107.154.248.27 8000 tcp http open Incapsula CDN httpd
3364107.154.248.27 8001 tcp http open Incapsula CDN httpd
3365107.154.248.27 8008 tcp http open Incapsula CDN httpd
3366107.154.248.27 8014 tcp http open Incapsula CDN httpd
3367107.154.248.27 8020 tcp http open Incapsula CDN httpd
3368107.154.248.27 8023 tcp http open Incapsula CDN httpd
3369107.154.248.27 8028 tcp http open Incapsula CDN httpd
3370107.154.248.27 8030 tcp http open Incapsula CDN httpd
3371107.154.248.27 8050 tcp http open Incapsula CDN httpd
3372107.154.248.27 8051 tcp http open Incapsula CDN httpd
3373107.154.248.27 8080 tcp http open Incapsula CDN httpd
3374107.154.248.27 8081 tcp http open Incapsula CDN httpd
3375107.154.248.27 8082 tcp http open Incapsula CDN httpd
3376107.154.248.27 8085 tcp http open Incapsula CDN httpd
3377107.154.248.27 8086 tcp http open Incapsula CDN httpd
3378107.154.248.27 8087 tcp http open Incapsula CDN httpd
3379107.154.248.27 8088 tcp http open Incapsula CDN httpd
3380107.154.248.27 8090 tcp http open Incapsula CDN httpd
3381107.154.248.27 8091 tcp http open Incapsula CDN httpd
3382107.154.248.27 8095 tcp http open Incapsula CDN httpd
3383107.154.248.27 8101 tcp http open Incapsula CDN httpd
3384107.154.248.27 8161 tcp http open Incapsula CDN httpd
3385107.154.248.27 8180 tcp http open Incapsula CDN httpd
3386107.154.248.27 8222 tcp http open Incapsula CDN httpd
3387107.154.248.27 8333 tcp http open Incapsula CDN httpd
3388107.154.248.27 8443 tcp ssl/http open Incapsula CDN httpd
3389107.154.248.27 8444 tcp http open Incapsula CDN httpd
3390107.154.248.27 8445 tcp http open Incapsula CDN httpd
3391107.154.248.27 8503 tcp ssl/http open Incapsula CDN httpd
3392107.154.248.27 8686 tcp http open Incapsula CDN httpd
3393107.154.248.27 8787 tcp http open Incapsula CDN httpd
3394107.154.248.27 8800 tcp http open Incapsula CDN httpd
3395107.154.248.27 8812 tcp http open Incapsula CDN httpd
3396107.154.248.27 8834 tcp http open Incapsula CDN httpd
3397107.154.248.27 8880 tcp http open Incapsula CDN httpd
3398107.154.248.27 8888 tcp http open Incapsula CDN httpd
3399107.154.248.27 8889 tcp http open Incapsula CDN httpd
3400107.154.248.27 8890 tcp http open Incapsula CDN httpd
3401107.154.248.27 8899 tcp http open Incapsula CDN httpd
3402107.154.248.27 9000 tcp http open Incapsula CDN httpd
3403107.154.248.27 9001 tcp http open Incapsula CDN httpd
3404107.154.248.27 9002 tcp http open Incapsula CDN httpd
3405107.154.248.27 9003 tcp http open Incapsula CDN httpd
3406107.154.248.27 9004 tcp http open Incapsula CDN httpd
3407107.154.248.27 9005 tcp http open Incapsula CDN httpd
3408107.154.248.27 9010 tcp http open Incapsula CDN httpd
3409107.154.248.27 9050 tcp http open Incapsula CDN httpd
3410107.154.248.27 9080 tcp http open Incapsula CDN httpd
3411107.154.248.27 9081 tcp ssl/http open Incapsula CDN httpd
3412107.154.248.27 9084 tcp http open Incapsula CDN httpd
3413107.154.248.27 9090 tcp http open Incapsula CDN httpd
3414107.154.248.27 9099 tcp http open Incapsula CDN httpd
3415107.154.248.27 9100 tcp jetdirect open
3416107.154.248.27 9111 tcp http open Incapsula CDN httpd
3417107.154.248.27 9200 tcp http open Incapsula CDN httpd
3418107.154.248.27 9300 tcp http open Incapsula CDN httpd
3419107.154.248.27 9500 tcp http open Incapsula CDN httpd
3420107.154.248.27 9711 tcp ssl/http open Incapsula CDN httpd
3421107.154.248.27 9991 tcp http open Incapsula CDN httpd
3422107.154.248.27 9999 tcp http open Incapsula CDN httpd
3423107.154.248.27 10000 tcp http open Incapsula CDN httpd
3424107.154.248.27 10001 tcp http open Incapsula CDN httpd
3425107.154.248.27 10008 tcp http open Incapsula CDN httpd
3426107.154.248.27 10443 tcp ssl/http open Incapsula CDN httpd
3427107.154.248.27 11001 tcp ssl/http open Incapsula CDN httpd
3428107.154.248.27 12174 tcp http open Incapsula CDN httpd
3429107.154.248.27 12203 tcp http open Incapsula CDN httpd
3430107.154.248.27 12221 tcp http open Incapsula CDN httpd
3431107.154.248.27 12345 tcp http open Incapsula CDN httpd
3432107.154.248.27 12397 tcp http open Incapsula CDN httpd
3433107.154.248.27 12401 tcp http open Incapsula CDN httpd
3434107.154.248.27 14330 tcp http open Incapsula CDN httpd
3435107.154.248.27 16000 tcp http open Incapsula CDN httpd
3436107.154.248.27 20000 tcp http open Incapsula CDN httpd
3437107.154.248.27 20010 tcp ssl/http open Incapsula CDN httpd
3438107.154.248.27 25000 tcp ssl/http open Incapsula CDN httpd
3439107.154.248.27 30000 tcp http open Incapsula CDN httpd
3440107.154.248.27 44334 tcp ssl/http open Incapsula CDN httpd
3441107.154.248.27 50000 tcp http open Incapsula CDN httpd
3442107.154.248.27 50001 tcp ssl/http open Incapsula CDN httpd
3443107.154.248.27 50050 tcp ssl/http open Incapsula CDN httpd
3444147.237.0.206 53 udp domain unknown
3445147.237.0.206 67 udp dhcps unknown
3446147.237.0.206 68 udp dhcpc unknown
3447147.237.0.206 69 udp tftp unknown
3448147.237.0.206 80 tcp http open
3449147.237.0.206 88 udp kerberos-sec unknown
3450147.237.0.206 123 udp ntp unknown
3451147.237.0.206 139 udp netbios-ssn unknown
3452147.237.0.206 161 udp snmp unknown
3453147.237.0.206 162 udp snmptrap unknown
3454147.237.0.206 389 udp ldap unknown
3455147.237.0.206 443 tcp ssl/https open
3456147.237.0.206 520 udp route unknown
3457147.237.0.206 2049 udp nfs unknown
3458150.95.250.133 25 tcp smtp closed
3459150.95.250.133 53 tcp domain filtered
3460150.95.250.133 53 udp domain unknown
3461150.95.250.133 67 tcp dhcps filtered
3462150.95.250.133 67 udp dhcps unknown
3463150.95.250.133 68 tcp dhcpc filtered
3464150.95.250.133 68 udp dhcpc unknown
3465150.95.250.133 69 tcp tftp filtered
3466150.95.250.133 69 udp tftp unknown
3467150.95.250.133 80 tcp http open nginx
3468150.95.250.133 88 tcp kerberos-sec filtered
3469150.95.250.133 88 udp kerberos-sec unknown
3470150.95.250.133 123 tcp ntp filtered
3471150.95.250.133 123 udp ntp unknown
3472150.95.250.133 137 tcp netbios-ns filtered
3473150.95.250.133 137 udp netbios-ns filtered
3474150.95.250.133 138 tcp netbios-dgm filtered
3475150.95.250.133 138 udp netbios-dgm filtered
3476150.95.250.133 139 tcp netbios-ssn closed
3477150.95.250.133 139 udp netbios-ssn unknown
3478150.95.250.133 161 tcp snmp filtered
3479150.95.250.133 161 udp snmp unknown
3480150.95.250.133 162 tcp snmptrap filtered
3481150.95.250.133 162 udp snmptrap unknown
3482150.95.250.133 389 tcp ldap filtered
3483150.95.250.133 389 udp ldap unknown
3484150.95.250.133 443 tcp ssl/http open nginx
3485150.95.250.133 445 tcp microsoft-ds closed
3486150.95.250.133 520 tcp efs filtered
3487150.95.250.133 520 udp route unknown
3488150.95.250.133 2049 tcp nfs filtered
3489150.95.250.133 2049 udp nfs unknown
3490151.139.243.11 25 tcp smtp closed
3491151.139.243.11 53 tcp domain filtered
3492151.139.243.11 53 udp domain unknown
3493151.139.243.11 67 tcp dhcps filtered
3494151.139.243.11 67 udp dhcps unknown
3495151.139.243.11 68 tcp dhcpc filtered
3496151.139.243.11 68 udp dhcpc unknown
3497151.139.243.11 69 tcp tftp filtered
3498151.139.243.11 69 udp tftp unknown
3499151.139.243.11 80 tcp http open Varnish
3500151.139.243.11 88 tcp kerberos-sec filtered
3501151.139.243.11 88 udp kerberos-sec unknown
3502151.139.243.11 123 tcp ntp filtered
3503151.139.243.11 123 udp ntp unknown
3504151.139.243.11 137 tcp netbios-ns filtered
3505151.139.243.11 137 udp netbios-ns filtered
3506151.139.243.11 138 tcp netbios-dgm filtered
3507151.139.243.11 138 udp netbios-dgm filtered
3508151.139.243.11 139 tcp netbios-ssn closed
3509151.139.243.11 139 udp netbios-ssn unknown
3510151.139.243.11 161 tcp snmp filtered
3511151.139.243.11 161 udp snmp unknown
3512151.139.243.11 162 tcp snmptrap filtered
3513151.139.243.11 162 udp snmptrap unknown
3514151.139.243.11 389 tcp ldap filtered
3515151.139.243.11 389 udp ldap unknown
3516151.139.243.11 443 tcp ssl/http open nginx
3517151.139.243.11 445 tcp microsoft-ds closed
3518151.139.243.11 520 tcp efs filtered
3519151.139.243.11 520 udp route unknown
3520151.139.243.11 2049 tcp nfs filtered
3521151.139.243.11 2049 udp nfs unknown
3522157.7.107.254 25 tcp smtp closed
3523157.7.107.254 53 tcp domain filtered
3524157.7.107.254 53 udp domain unknown
3525157.7.107.254 67 tcp dhcps filtered
3526157.7.107.254 67 udp dhcps unknown
3527157.7.107.254 68 tcp dhcpc filtered
3528157.7.107.254 68 udp dhcpc filtered
3529157.7.107.254 69 tcp tftp filtered
3530157.7.107.254 69 udp tftp unknown
3531157.7.107.254 80 tcp http open Apache httpd
3532157.7.107.254 88 tcp kerberos-sec filtered
3533157.7.107.254 88 udp kerberos-sec unknown
3534157.7.107.254 123 tcp ntp filtered
3535157.7.107.254 123 udp ntp unknown
3536157.7.107.254 137 tcp netbios-ns filtered
3537157.7.107.254 137 udp netbios-ns filtered
3538157.7.107.254 138 tcp netbios-dgm filtered
3539157.7.107.254 138 udp netbios-dgm filtered
3540157.7.107.254 139 tcp netbios-ssn closed
3541157.7.107.254 139 udp netbios-ssn unknown
3542157.7.107.254 161 tcp snmp filtered
3543157.7.107.254 161 udp snmp unknown
3544157.7.107.254 162 tcp snmptrap filtered
3545157.7.107.254 162 udp snmptrap unknown
3546157.7.107.254 389 tcp ldap filtered
3547157.7.107.254 389 udp ldap filtered
3548157.7.107.254 443 tcp ssl/https open Apache
3549157.7.107.254 445 tcp microsoft-ds closed
3550157.7.107.254 520 tcp efs filtered
3551157.7.107.254 520 udp route unknown
3552157.7.107.254 2049 tcp nfs filtered
3553157.7.107.254 2049 udp nfs unknown
3554159.89.0.72 22 tcp ssh open SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
3555160.153.72.166 21 tcp ftp open Pure-FTPd
3556160.153.72.166 22 tcp ssh open OpenSSH 5.3 protocol 2.0
3557160.153.72.166 53 udp domain unknown
3558160.153.72.166 67 udp dhcps unknown
3559160.153.72.166 68 udp dhcpc unknown
3560160.153.72.166 69 udp tftp unknown
3561160.153.72.166 80 tcp http open Apache httpd
3562160.153.72.166 88 udp kerberos-sec unknown
3563160.153.72.166 110 tcp pop3 open Dovecot pop3d
3564160.153.72.166 123 udp ntp unknown
3565160.153.72.166 139 udp netbios-ssn unknown
3566160.153.72.166 143 tcp imap open Dovecot imapd
3567160.153.72.166 161 udp snmp unknown
3568160.153.72.166 162 udp snmptrap unknown
3569160.153.72.166 389 udp ldap unknown
3570160.153.72.166 443 tcp ssl/http open Apache httpd
3571160.153.72.166 465 tcp ssl/smtp open Exim smtpd 4.92
3572160.153.72.166 520 udp route unknown
3573160.153.72.166 587 tcp smtp open Exim smtpd 4.92
3574160.153.72.166 993 tcp ssl/imaps open
3575160.153.72.166 995 tcp ssl/pop3s open
3576160.153.72.166 2049 udp nfs unknown
3577160.153.72.166 3306 tcp mysql open MySQL 5.6.44-cll-lve
3578163.247.52.17 25 tcp smtp closed
3579163.247.52.17 53 tcp domain filtered
3580163.247.52.17 53 udp domain unknown
3581163.247.52.17 67 tcp dhcps filtered
3582163.247.52.17 67 udp dhcps unknown
3583163.247.52.17 68 tcp dhcpc filtered
3584163.247.52.17 68 udp dhcpc unknown
3585163.247.52.17 69 tcp tftp filtered
3586163.247.52.17 69 udp tftp unknown
3587163.247.52.17 80 tcp http open Apache httpd
3588163.247.52.17 88 tcp kerberos-sec filtered
3589163.247.52.17 88 udp kerberos-sec unknown
3590163.247.52.17 113 tcp ident closed
3591163.247.52.17 123 tcp ntp filtered
3592163.247.52.17 123 udp ntp unknown
3593163.247.52.17 137 tcp netbios-ns filtered
3594163.247.52.17 137 udp netbios-ns filtered
3595163.247.52.17 138 tcp netbios-dgm filtered
3596163.247.52.17 138 udp netbios-dgm filtered
3597163.247.52.17 139 tcp netbios-ssn closed
3598163.247.52.17 139 udp netbios-ssn unknown
3599163.247.52.17 161 tcp snmp filtered
3600163.247.52.17 161 udp snmp unknown
3601163.247.52.17 162 tcp snmptrap filtered
3602163.247.52.17 162 udp snmptrap unknown
3603163.247.52.17 389 tcp ldap filtered
3604163.247.52.17 389 udp ldap unknown
3605163.247.52.17 443 tcp ssl/https open
3606163.247.52.17 445 tcp microsoft-ds closed
3607163.247.52.17 520 tcp efs filtered
3608163.247.52.17 520 udp route unknown
3609163.247.52.17 2049 tcp nfs filtered
3610163.247.52.17 2049 udp nfs unknown
3611163.247.96.10 25 tcp smtp closed
3612163.247.96.10 53 tcp domain filtered
3613163.247.96.10 53 udp domain unknown
3614163.247.96.10 67 tcp dhcps filtered
3615163.247.96.10 67 udp dhcps unknown
3616163.247.96.10 68 tcp dhcpc filtered
3617163.247.96.10 68 udp dhcpc unknown
3618163.247.96.10 69 tcp tftp filtered
3619163.247.96.10 69 udp tftp unknown
3620163.247.96.10 80 tcp http open Apache httpd 2.2.22
3621163.247.96.10 88 tcp kerberos-sec filtered
3622163.247.96.10 88 udp kerberos-sec unknown
3623163.247.96.10 113 tcp ident closed
3624163.247.96.10 123 tcp ntp filtered
3625163.247.96.10 123 udp ntp unknown
3626163.247.96.10 137 tcp netbios-ns filtered
3627163.247.96.10 137 udp netbios-ns filtered
3628163.247.96.10 138 tcp netbios-dgm filtered
3629163.247.96.10 138 udp netbios-dgm filtered
3630163.247.96.10 139 tcp netbios-ssn closed
3631163.247.96.10 139 udp netbios-ssn unknown
3632163.247.96.10 161 tcp snmp filtered
3633163.247.96.10 161 udp snmp unknown
3634163.247.96.10 162 tcp snmptrap filtered
3635163.247.96.10 162 udp snmptrap unknown
3636163.247.96.10 389 tcp ldap filtered
3637163.247.96.10 389 udp ldap unknown
3638163.247.96.10 445 tcp microsoft-ds closed
3639163.247.96.10 465 tcp ssl/smtp open Exim smtpd 4.X
3640163.247.96.10 520 tcp efs filtered
3641163.247.96.10 520 udp route unknown
3642163.247.96.10 587 tcp smtp open Exim smtpd
3643163.247.96.10 2000 tcp cisco-sccp open
3644163.247.96.10 2049 tcp nfs filtered
3645163.247.96.10 2049 udp nfs unknown
3646163.247.96.10 4443 tcp http open Apache httpd
3647163.247.96.10 5060 tcp sip open
3648170.246.172.178 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
3649170.246.172.178 25 tcp smtp closed
3650170.246.172.178 53 tcp domain open PowerDNS Authoritative Server 4.1.10
3651170.246.172.178 53 udp domain open PowerDNS Authoritative Server 4.1.10
3652170.246.172.178 67 tcp dhcps filtered
3653170.246.172.178 67 udp dhcps unknown
3654170.246.172.178 68 tcp dhcpc filtered
3655170.246.172.178 68 udp dhcpc unknown
3656170.246.172.178 69 tcp tftp filtered
3657170.246.172.178 69 udp tftp unknown
3658170.246.172.178 88 tcp kerberos-sec filtered
3659170.246.172.178 88 udp kerberos-sec unknown
3660170.246.172.178 123 tcp ntp filtered
3661170.246.172.178 123 udp ntp unknown
3662170.246.172.178 137 tcp netbios-ns filtered
3663170.246.172.178 137 udp netbios-ns filtered
3664170.246.172.178 138 tcp netbios-dgm filtered
3665170.246.172.178 138 udp netbios-dgm filtered
3666170.246.172.178 139 tcp netbios-ssn closed
3667170.246.172.178 139 udp netbios-ssn unknown
3668170.246.172.178 161 tcp snmp filtered
3669170.246.172.178 161 udp snmp unknown
3670170.246.172.178 162 tcp snmptrap filtered
3671170.246.172.178 162 udp snmptrap unknown
3672170.246.172.178 389 tcp ldap filtered
3673170.246.172.178 389 udp ldap unknown
3674170.246.172.178 445 tcp microsoft-ds closed
3675170.246.172.178 520 tcp efs filtered
3676170.246.172.178 520 udp route unknown
3677170.246.172.178 2049 tcp nfs filtered
3678170.246.172.178 2049 udp nfs unknown
3679180.222.81.193 21 tcp ftp open ProFTPD or KnFTPD
3680180.222.81.193 25 tcp smtp closed
3681180.222.81.193 53 tcp domain filtered
3682180.222.81.193 53 udp domain unknown
3683180.222.81.193 67 tcp dhcps filtered
3684180.222.81.193 67 udp dhcps unknown
3685180.222.81.193 68 tcp dhcpc filtered
3686180.222.81.193 68 udp dhcpc unknown
3687180.222.81.193 69 tcp tftp filtered
3688180.222.81.193 69 udp tftp unknown
3689180.222.81.193 80 tcp http open Apache httpd PHP 5.2.8
3690180.222.81.193 88 tcp kerberos-sec filtered
3691180.222.81.193 88 udp kerberos-sec unknown
3692180.222.81.193 110 tcp pop3 open qmail pop3d
3693180.222.81.193 113 tcp ident closed
3694180.222.81.193 123 tcp ntp filtered
3695180.222.81.193 123 udp ntp unknown
3696180.222.81.193 137 tcp netbios-ns filtered
3697180.222.81.193 137 udp netbios-ns filtered
3698180.222.81.193 138 tcp netbios-dgm filtered
3699180.222.81.193 138 udp netbios-dgm filtered
3700180.222.81.193 139 tcp netbios-ssn closed
3701180.222.81.193 139 udp netbios-ssn unknown
3702180.222.81.193 143 tcp imap open Courier Imapd released 2005
3703180.222.81.193 161 tcp snmp filtered
3704180.222.81.193 161 udp snmp unknown
3705180.222.81.193 162 tcp snmptrap filtered
3706180.222.81.193 162 udp snmptrap unknown
3707180.222.81.193 389 tcp ldap filtered
3708180.222.81.193 389 udp ldap unknown
3709180.222.81.193 443 tcp ssl/http open Apache httpd PHP 5.2.8
3710180.222.81.193 445 tcp microsoft-ds closed
3711180.222.81.193 465 tcp ssl/smtps open
3712180.222.81.193 520 tcp efs filtered
3713180.222.81.193 520 udp route unknown
3714180.222.81.193 587 tcp smtp open Access Remote PC smtpd
3715180.222.81.193 993 tcp ssl/imaps open
3716180.222.81.193 995 tcp ssl/pop3s open
3717180.222.81.193 2049 tcp nfs filtered
3718180.222.81.193 2049 udp nfs unknown
3719180.222.81.193 8080 tcp ssl/http open Apache httpd
3720184.72.111.210 25 tcp smtp closed
3721184.72.111.210 53 tcp domain filtered
3722184.72.111.210 53 udp domain unknown
3723184.72.111.210 67 tcp dhcps filtered
3724184.72.111.210 67 udp dhcps unknown
3725184.72.111.210 68 tcp dhcpc filtered
3726184.72.111.210 68 udp dhcpc unknown
3727184.72.111.210 69 tcp tftp filtered
3728184.72.111.210 69 udp tftp unknown
3729184.72.111.210 80 tcp http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
3730184.72.111.210 88 tcp kerberos-sec filtered
3731184.72.111.210 88 udp kerberos-sec unknown
3732184.72.111.210 123 tcp ntp filtered
3733184.72.111.210 123 udp ntp unknown
3734184.72.111.210 137 tcp netbios-ns filtered
3735184.72.111.210 137 udp netbios-ns filtered
3736184.72.111.210 138 tcp netbios-dgm filtered
3737184.72.111.210 138 udp netbios-dgm filtered
3738184.72.111.210 139 tcp netbios-ssn closed
3739184.72.111.210 139 udp netbios-ssn unknown
3740184.72.111.210 161 tcp snmp filtered
3741184.72.111.210 161 udp snmp unknown
3742184.72.111.210 162 tcp snmptrap filtered
3743184.72.111.210 162 udp snmptrap unknown
3744184.72.111.210 389 tcp ldap filtered
3745184.72.111.210 389 udp ldap unknown
3746184.72.111.210 443 tcp ssl/http open Microsoft HTTPAPI httpd 2.0 SSDP/UPnP
3747184.72.111.210 445 tcp microsoft-ds closed
3748184.72.111.210 520 tcp efs filtered
3749184.72.111.210 520 udp route unknown
3750184.72.111.210 2049 tcp nfs filtered
3751184.72.111.210 2049 udp nfs unknown
3752185.2.4.98 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 300 allowed.\x0d\x0a220-Local time is now 17:27. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 60 seconds of inactivity.\x0d\x0a
3753185.2.4.98 25 tcp smtp closed
3754185.2.4.98 53 tcp domain filtered
3755185.2.4.98 53 udp domain unknown
3756185.2.4.98 67 tcp dhcps filtered
3757185.2.4.98 67 udp dhcps unknown
3758185.2.4.98 68 tcp dhcpc filtered
3759185.2.4.98 68 udp dhcpc unknown
3760185.2.4.98 69 tcp tftp filtered
3761185.2.4.98 69 udp tftp unknown
3762185.2.4.98 88 tcp kerberos-sec filtered
3763185.2.4.98 88 udp kerberos-sec unknown
3764185.2.4.98 123 tcp ntp filtered
3765185.2.4.98 123 udp ntp unknown
3766185.2.4.98 137 tcp netbios-ns filtered
3767185.2.4.98 137 udp netbios-ns filtered
3768185.2.4.98 138 tcp netbios-dgm filtered
3769185.2.4.98 138 udp netbios-dgm filtered
3770185.2.4.98 139 tcp netbios-ssn closed
3771185.2.4.98 139 udp netbios-ssn unknown
3772185.2.4.98 161 tcp snmp filtered
3773185.2.4.98 161 udp snmp unknown
3774185.2.4.98 162 tcp snmptrap filtered
3775185.2.4.98 162 udp snmptrap unknown
3776185.2.4.98 389 tcp ldap filtered
3777185.2.4.98 389 udp ldap unknown
3778185.2.4.98 445 tcp microsoft-ds closed
3779185.2.4.98 520 tcp efs filtered
3780185.2.4.98 520 udp route unknown
3781185.2.4.98 2049 tcp nfs filtered
3782185.2.4.98 2049 udp nfs unknown
3783185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
3784185.68.93.22 53 tcp domain closed
3785185.68.93.22 53 udp domain unknown
3786185.68.93.22 67 tcp dhcps closed
3787185.68.93.22 67 udp dhcps closed
3788185.68.93.22 68 tcp dhcpc closed
3789185.68.93.22 68 udp dhcpc closed
3790185.68.93.22 69 tcp tftp closed
3791185.68.93.22 69 udp tftp unknown
3792185.68.93.22 88 tcp kerberos-sec closed
3793185.68.93.22 88 udp kerberos-sec unknown
3794185.68.93.22 123 tcp ntp closed
3795185.68.93.22 123 udp ntp closed
3796185.68.93.22 137 tcp netbios-ns closed
3797185.68.93.22 137 udp netbios-ns filtered
3798185.68.93.22 138 tcp netbios-dgm closed
3799185.68.93.22 138 udp netbios-dgm filtered
3800185.68.93.22 139 tcp netbios-ssn closed
3801185.68.93.22 139 udp netbios-ssn closed
3802185.68.93.22 161 tcp snmp closed
3803185.68.93.22 161 udp snmp unknown
3804185.68.93.22 162 tcp snmptrap closed
3805185.68.93.22 162 udp snmptrap closed
3806185.68.93.22 389 tcp ldap closed
3807185.68.93.22 389 udp ldap unknown
3808185.68.93.22 520 tcp efs closed
3809185.68.93.22 520 udp route unknown
3810185.68.93.22 2049 tcp nfs closed
3811185.68.93.22 2049 udp nfs closed
3812185.119.173.237 25 tcp smtp closed
3813185.119.173.237 53 tcp domain filtered
3814185.119.173.237 53 udp domain unknown
3815185.119.173.237 67 tcp dhcps filtered
3816185.119.173.237 67 udp dhcps unknown
3817185.119.173.237 68 tcp dhcpc filtered
3818185.119.173.237 68 udp dhcpc unknown
3819185.119.173.237 69 tcp tftp filtered
3820185.119.173.237 69 udp tftp unknown
3821185.119.173.237 80 tcp http open Apache httpd
3822185.119.173.237 88 tcp kerberos-sec filtered
3823185.119.173.237 88 udp kerberos-sec unknown
3824185.119.173.237 123 tcp ntp filtered
3825185.119.173.237 123 udp ntp unknown
3826185.119.173.237 137 tcp netbios-ns filtered
3827185.119.173.237 137 udp netbios-ns filtered
3828185.119.173.237 138 tcp netbios-dgm filtered
3829185.119.173.237 138 udp netbios-dgm filtered
3830185.119.173.237 139 tcp netbios-ssn closed
3831185.119.173.237 139 udp netbios-ssn unknown
3832185.119.173.237 161 tcp snmp filtered
3833185.119.173.237 161 udp snmp unknown
3834185.119.173.237 162 tcp snmptrap filtered
3835185.119.173.237 162 udp snmptrap unknown
3836185.119.173.237 389 tcp ldap filtered
3837185.119.173.237 389 udp ldap unknown
3838185.119.173.237 443 tcp ssl/http open Apache httpd
3839185.119.173.237 445 tcp microsoft-ds closed
3840185.119.173.237 520 tcp efs filtered
3841185.119.173.237 520 udp route unknown
3842185.119.173.237 2049 tcp nfs filtered
3843185.119.173.237 2049 udp nfs unknown
3844186.67.91.110 25 tcp smtp closed
3845186.67.91.110 53 tcp domain filtered
3846186.67.91.110 53 udp domain unknown
3847186.67.91.110 67 tcp dhcps filtered
3848186.67.91.110 67 udp dhcps unknown
3849186.67.91.110 68 tcp dhcpc filtered
3850186.67.91.110 68 udp dhcpc unknown
3851186.67.91.110 69 tcp tftp filtered
3852186.67.91.110 69 udp tftp unknown
3853186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
3854186.67.91.110 88 tcp kerberos-sec filtered
3855186.67.91.110 88 udp kerberos-sec unknown
3856186.67.91.110 123 tcp ntp filtered
3857186.67.91.110 123 udp ntp unknown
3858186.67.91.110 137 tcp netbios-ns filtered
3859186.67.91.110 137 udp netbios-ns filtered
3860186.67.91.110 138 tcp netbios-dgm filtered
3861186.67.91.110 138 udp netbios-dgm filtered
3862186.67.91.110 139 tcp netbios-ssn closed
3863186.67.91.110 139 udp netbios-ssn unknown
3864186.67.91.110 161 tcp snmp filtered
3865186.67.91.110 161 udp snmp unknown
3866186.67.91.110 162 tcp snmptrap filtered
3867186.67.91.110 162 udp snmptrap unknown
3868186.67.91.110 389 tcp ldap filtered
3869186.67.91.110 389 udp ldap unknown
3870186.67.91.110 443 tcp ssl/https open
3871186.67.91.110 445 tcp microsoft-ds closed
3872186.67.91.110 520 tcp efs filtered
3873186.67.91.110 520 udp route unknown
3874186.67.91.110 2049 tcp nfs filtered
3875186.67.91.110 2049 udp nfs unknown
3876192.0.78.12 25 tcp smtp closed
3877192.0.78.12 53 tcp domain filtered
3878192.0.78.12 53 udp domain unknown
3879192.0.78.12 67 tcp dhcps filtered
3880192.0.78.12 67 udp dhcps unknown
3881192.0.78.12 68 tcp dhcpc filtered
3882192.0.78.12 68 udp dhcpc unknown
3883192.0.78.12 69 tcp tftp filtered
3884192.0.78.12 69 udp tftp unknown
3885192.0.78.12 80 tcp http open nginx
3886192.0.78.12 88 tcp kerberos-sec filtered
3887192.0.78.12 88 udp kerberos-sec unknown
3888192.0.78.12 123 tcp ntp filtered
3889192.0.78.12 123 udp ntp unknown
3890192.0.78.12 137 tcp netbios-ns filtered
3891192.0.78.12 137 udp netbios-ns filtered
3892192.0.78.12 138 tcp netbios-dgm filtered
3893192.0.78.12 138 udp netbios-dgm filtered
3894192.0.78.12 139 tcp netbios-ssn closed
3895192.0.78.12 139 udp netbios-ssn unknown
3896192.0.78.12 161 tcp snmp filtered
3897192.0.78.12 161 udp snmp unknown
3898192.0.78.12 162 tcp snmptrap filtered
3899192.0.78.12 162 udp snmptrap unknown
3900192.0.78.12 389 tcp ldap filtered
3901192.0.78.12 389 udp ldap unknown
3902192.0.78.12 443 tcp ssl/http open nginx
3903192.0.78.12 445 tcp microsoft-ds closed
3904192.0.78.12 520 tcp efs filtered
3905192.0.78.12 520 udp route unknown
3906192.0.78.12 2049 tcp nfs filtered
3907192.0.78.12 2049 udp nfs unknown
3908192.0.78.13 25 tcp smtp closed
3909192.0.78.13 53 tcp domain filtered
3910192.0.78.13 53 udp domain unknown
3911192.0.78.13 67 tcp dhcps filtered
3912192.0.78.13 67 udp dhcps unknown
3913192.0.78.13 68 tcp dhcpc filtered
3914192.0.78.13 68 udp dhcpc unknown
3915192.0.78.13 69 tcp tftp filtered
3916192.0.78.13 69 udp tftp unknown
3917192.0.78.13 80 tcp http open nginx
3918192.0.78.13 88 tcp kerberos-sec filtered
3919192.0.78.13 88 udp kerberos-sec unknown
3920192.0.78.13 123 tcp ntp filtered
3921192.0.78.13 123 udp ntp unknown
3922192.0.78.13 137 tcp netbios-ns filtered
3923192.0.78.13 137 udp netbios-ns filtered
3924192.0.78.13 138 tcp netbios-dgm filtered
3925192.0.78.13 138 udp netbios-dgm filtered
3926192.0.78.13 139 tcp netbios-ssn closed
3927192.0.78.13 139 udp netbios-ssn unknown
3928192.0.78.13 161 tcp snmp filtered
3929192.0.78.13 161 udp snmp unknown
3930192.0.78.13 162 tcp snmptrap filtered
3931192.0.78.13 162 udp snmptrap unknown
3932192.0.78.13 389 tcp ldap filtered
3933192.0.78.13 389 udp ldap unknown
3934192.0.78.13 443 tcp ssl/http open nginx
3935192.0.78.13 445 tcp microsoft-ds closed
3936192.0.78.13 520 tcp efs filtered
3937192.0.78.13 520 udp route unknown
3938192.0.78.13 2049 tcp nfs filtered
3939192.0.78.13 2049 udp nfs unknown
3940194.18.73.2 25 tcp smtp closed
3941194.18.73.2 53 tcp domain filtered
3942194.18.73.2 53 udp domain unknown
3943194.18.73.2 67 tcp dhcps filtered
3944194.18.73.2 67 udp dhcps unknown
3945194.18.73.2 68 tcp dhcpc filtered
3946194.18.73.2 68 udp dhcpc unknown
3947194.18.73.2 69 tcp tftp filtered
3948194.18.73.2 69 udp tftp unknown
3949194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
3950194.18.73.2 88 tcp kerberos-sec filtered
3951194.18.73.2 88 udp kerberos-sec unknown
3952194.18.73.2 113 tcp ident closed
3953194.18.73.2 123 tcp ntp filtered
3954194.18.73.2 123 udp ntp unknown
3955194.18.73.2 137 tcp netbios-ns filtered
3956194.18.73.2 137 udp netbios-ns filtered
3957194.18.73.2 138 tcp netbios-dgm filtered
3958194.18.73.2 138 udp netbios-dgm filtered
3959194.18.73.2 139 tcp netbios-ssn closed
3960194.18.73.2 139 udp netbios-ssn unknown
3961194.18.73.2 161 tcp snmp filtered
3962194.18.73.2 161 udp snmp unknown
3963194.18.73.2 162 tcp snmptrap filtered
3964194.18.73.2 162 udp snmptrap unknown
3965194.18.73.2 389 tcp ldap filtered
3966194.18.73.2 389 udp ldap unknown
3967194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
3968194.18.73.2 445 tcp microsoft-ds closed
3969194.18.73.2 520 tcp efs filtered
3970194.18.73.2 520 udp route closed
3971194.18.73.2 2049 tcp nfs filtered
3972194.18.73.2 2049 udp nfs unknown
3973194.39.164.140 21 tcp ftp open ProFTPD
3974194.39.164.140 53 tcp domain filtered
3975194.39.164.140 53 udp domain unknown
3976194.39.164.140 67 tcp dhcps filtered
3977194.39.164.140 67 udp dhcps unknown
3978194.39.164.140 68 tcp dhcpc filtered
3979194.39.164.140 68 udp dhcpc unknown
3980194.39.164.140 69 tcp tftp filtered
3981194.39.164.140 69 udp tftp unknown
3982194.39.164.140 80 tcp http open nginx
3983194.39.164.140 88 tcp kerberos-sec filtered
3984194.39.164.140 88 udp kerberos-sec unknown
3985194.39.164.140 110 tcp pop3 open Courier pop3d
3986194.39.164.140 123 tcp ntp filtered
3987194.39.164.140 123 udp ntp unknown
3988194.39.164.140 137 tcp netbios-ns filtered
3989194.39.164.140 137 udp netbios-ns filtered
3990194.39.164.140 138 tcp netbios-dgm filtered
3991194.39.164.140 138 udp netbios-dgm filtered
3992194.39.164.140 139 tcp netbios-ssn closed
3993194.39.164.140 139 udp netbios-ssn unknown
3994194.39.164.140 161 tcp snmp filtered
3995194.39.164.140 161 udp snmp unknown
3996194.39.164.140 162 tcp snmptrap filtered
3997194.39.164.140 162 udp snmptrap unknown
3998194.39.164.140 389 tcp ldap filtered
3999194.39.164.140 389 udp ldap unknown
4000194.39.164.140 443 tcp ssl/http open nginx
4001194.39.164.140 465 tcp ssl/smtps open
4002194.39.164.140 520 tcp efs filtered
4003194.39.164.140 520 udp route unknown
4004194.39.164.140 587 tcp smtp open Postfix smtpd
4005194.39.164.140 993 tcp ssl/imaps open
4006194.39.164.140 2020 tcp ssh open OpenSSH 7.4 protocol 2.0
4007194.39.164.140 2049 tcp nfs filtered
4008194.39.164.140 2049 udp nfs unknown
4009194.39.164.140 8443 tcp ssl/https-alt open sw-cp-server
4010194.39.164.140 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
4011200.14.67.43 25 tcp smtp closed
4012200.14.67.43 53 tcp domain filtered
4013200.14.67.43 53 udp domain unknown
4014200.14.67.43 67 tcp dhcps filtered
4015200.14.67.43 67 udp dhcps unknown
4016200.14.67.43 68 tcp dhcpc filtered
4017200.14.67.43 68 udp dhcpc unknown
4018200.14.67.43 69 tcp tftp filtered
4019200.14.67.43 69 udp tftp unknown
4020200.14.67.43 80 tcp http open nginx 1.16.1 Ubuntu
4021200.14.67.43 88 tcp kerberos-sec filtered
4022200.14.67.43 88 udp kerberos-sec unknown
4023200.14.67.43 123 tcp ntp filtered
4024200.14.67.43 123 udp ntp unknown
4025200.14.67.43 137 tcp netbios-ns filtered
4026200.14.67.43 137 udp netbios-ns filtered
4027200.14.67.43 138 tcp netbios-dgm filtered
4028200.14.67.43 138 udp netbios-dgm filtered
4029200.14.67.43 139 tcp netbios-ssn closed
4030200.14.67.43 139 udp netbios-ssn unknown
4031200.14.67.43 161 tcp snmp filtered
4032200.14.67.43 161 udp snmp unknown
4033200.14.67.43 162 tcp snmptrap filtered
4034200.14.67.43 162 udp snmptrap unknown
4035200.14.67.43 389 tcp ldap filtered
4036200.14.67.43 389 udp ldap unknown
4037200.14.67.43 443 tcp ssl/http open nginx 1.16.1 Ubuntu
4038200.14.67.43 445 tcp microsoft-ds closed
4039200.14.67.43 520 tcp efs filtered
4040200.14.67.43 520 udp route unknown
4041200.14.67.43 2049 tcp nfs filtered
4042200.14.67.43 2049 udp nfs unknown
4043200.14.67.65 25 tcp smtp closed
4044200.14.67.65 53 tcp domain filtered
4045200.14.67.65 53 udp domain unknown
4046200.14.67.65 67 tcp dhcps filtered
4047200.14.67.65 67 udp dhcps unknown
4048200.14.67.65 68 tcp dhcpc filtered
4049200.14.67.65 68 udp dhcpc unknown
4050200.14.67.65 69 tcp tftp filtered
4051200.14.67.65 69 udp tftp unknown
4052200.14.67.65 80 tcp http open nginx 1.16.1 Ubuntu
4053200.14.67.65 88 tcp kerberos-sec filtered
4054200.14.67.65 88 udp kerberos-sec unknown
4055200.14.67.65 123 tcp ntp filtered
4056200.14.67.65 123 udp ntp unknown
4057200.14.67.65 137 tcp netbios-ns filtered
4058200.14.67.65 137 udp netbios-ns filtered
4059200.14.67.65 138 tcp netbios-dgm filtered
4060200.14.67.65 138 udp netbios-dgm filtered
4061200.14.67.65 139 tcp netbios-ssn closed
4062200.14.67.65 139 udp netbios-ssn unknown
4063200.14.67.65 161 tcp snmp filtered
4064200.14.67.65 161 udp snmp unknown
4065200.14.67.65 162 tcp snmptrap filtered
4066200.14.67.65 162 udp snmptrap unknown
4067200.14.67.65 389 tcp ldap filtered
4068200.14.67.65 389 udp ldap unknown
4069200.14.67.65 443 tcp ssl/http open nginx 1.16.1 Ubuntu
4070200.14.67.65 445 tcp microsoft-ds closed
4071200.14.67.65 520 tcp efs filtered
4072200.14.67.65 520 udp route unknown
4073200.14.67.65 2049 tcp nfs filtered
4074200.14.67.65 2049 udp nfs unknown
4075200.35.157.77 53 tcp domain filtered
4076200.35.157.77 53 udp domain unknown
4077200.35.157.77 67 tcp dhcps filtered
4078200.35.157.77 67 udp dhcps unknown
4079200.35.157.77 68 tcp dhcpc filtered
4080200.35.157.77 68 udp dhcpc unknown
4081200.35.157.77 69 tcp tftp filtered
4082200.35.157.77 69 udp tftp unknown
4083200.35.157.77 88 tcp kerberos-sec filtered
4084200.35.157.77 88 udp kerberos-sec unknown
4085200.35.157.77 123 tcp ntp filtered
4086200.35.157.77 123 udp ntp unknown
4087200.35.157.77 137 tcp netbios-ns filtered
4088200.35.157.77 137 udp netbios-ns filtered
4089200.35.157.77 138 tcp netbios-dgm filtered
4090200.35.157.77 138 udp netbios-dgm filtered
4091200.35.157.77 139 tcp netbios-ssn closed
4092200.35.157.77 139 udp netbios-ssn unknown
4093200.35.157.77 161 tcp snmp filtered
4094200.35.157.77 161 udp snmp unknown
4095200.35.157.77 162 tcp snmptrap filtered
4096200.35.157.77 162 udp snmptrap unknown
4097200.35.157.77 389 tcp ldap filtered
4098200.35.157.77 389 udp ldap unknown
4099200.35.157.77 520 tcp efs filtered
4100200.35.157.77 520 udp route unknown
4101200.35.157.77 2049 tcp nfs filtered
4102200.35.157.77 2049 udp nfs unknown
4103201.131.38.40 25 tcp smtp closed
4104201.131.38.40 53 tcp domain filtered
4105201.131.38.40 53 udp domain unknown
4106201.131.38.40 67 tcp dhcps filtered
4107201.131.38.40 67 udp dhcps unknown
4108201.131.38.40 68 tcp dhcpc filtered
4109201.131.38.40 68 udp dhcpc unknown
4110201.131.38.40 69 tcp tftp filtered
4111201.131.38.40 69 udp tftp unknown
4112201.131.38.40 80 tcp http open Apache httpd
4113201.131.38.40 88 tcp kerberos-sec filtered
4114201.131.38.40 88 udp kerberos-sec unknown
4115201.131.38.40 123 tcp ntp filtered
4116201.131.38.40 123 udp ntp unknown
4117201.131.38.40 137 tcp netbios-ns filtered
4118201.131.38.40 137 udp netbios-ns filtered
4119201.131.38.40 138 tcp netbios-dgm filtered
4120201.131.38.40 138 udp netbios-dgm filtered
4121201.131.38.40 139 tcp netbios-ssn closed
4122201.131.38.40 139 udp netbios-ssn unknown
4123201.131.38.40 161 tcp snmp filtered
4124201.131.38.40 161 udp snmp unknown
4125201.131.38.40 162 tcp snmptrap filtered
4126201.131.38.40 162 udp snmptrap unknown
4127201.131.38.40 389 tcp ldap filtered
4128201.131.38.40 389 udp ldap unknown
4129201.131.38.40 443 tcp ssl/http open Apache httpd
4130201.131.38.40 445 tcp microsoft-ds closed
4131201.131.38.40 520 tcp efs filtered
4132201.131.38.40 520 udp route unknown
4133201.131.38.40 2049 tcp nfs filtered
4134201.131.38.40 2049 udp nfs unknown
4135201.238.246.43 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 1 of 50 allowed.\x0d\x0a220-Local time is now 05:39. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
4136201.238.246.43 25 tcp smtp closed
4137201.238.246.43 53 tcp domain filtered
4138201.238.246.43 53 udp domain unknown
4139201.238.246.43 67 tcp dhcps filtered
4140201.238.246.43 67 udp dhcps unknown
4141201.238.246.43 68 tcp dhcpc filtered
4142201.238.246.43 68 udp dhcpc unknown
4143201.238.246.43 69 tcp tftp filtered
4144201.238.246.43 69 udp tftp unknown
4145201.238.246.43 88 tcp kerberos-sec filtered
4146201.238.246.43 88 udp kerberos-sec unknown
4147201.238.246.43 113 tcp ident closed
4148201.238.246.43 123 tcp ntp filtered
4149201.238.246.43 123 udp ntp unknown
4150201.238.246.43 137 tcp netbios-ns filtered
4151201.238.246.43 137 udp netbios-ns filtered
4152201.238.246.43 138 tcp netbios-dgm filtered
4153201.238.246.43 138 udp netbios-dgm filtered
4154201.238.246.43 139 tcp netbios-ssn closed
4155201.238.246.43 139 udp netbios-ssn unknown
4156201.238.246.43 161 tcp snmp filtered
4157201.238.246.43 161 udp snmp unknown
4158201.238.246.43 162 tcp snmptrap filtered
4159201.238.246.43 162 udp snmptrap unknown
4160201.238.246.43 389 tcp ldap filtered
4161201.238.246.43 389 udp ldap unknown
4162201.238.246.43 445 tcp microsoft-ds closed
4163201.238.246.43 520 tcp efs filtered
4164201.238.246.43 520 udp route unknown
4165201.238.246.43 2049 tcp nfs filtered
4166201.238.246.43 2049 udp nfs unknown
4167202.214.194.138 25 tcp smtp closed
4168202.214.194.138 53 tcp domain filtered
4169202.214.194.138 53 udp domain unknown
4170202.214.194.138 67 tcp dhcps filtered
4171202.214.194.138 67 udp dhcps unknown
4172202.214.194.138 68 tcp dhcpc filtered
4173202.214.194.138 68 udp dhcpc unknown
4174202.214.194.138 69 tcp tftp filtered
4175202.214.194.138 69 udp tftp unknown
4176202.214.194.138 80 tcp http open
4177202.214.194.138 88 tcp kerberos-sec filtered
4178202.214.194.138 88 udp kerberos-sec unknown
4179202.214.194.138 123 tcp ntp filtered
4180202.214.194.138 123 udp ntp unknown
4181202.214.194.138 137 tcp netbios-ns filtered
4182202.214.194.138 137 udp netbios-ns filtered
4183202.214.194.138 138 tcp netbios-dgm filtered
4184202.214.194.138 138 udp netbios-dgm filtered
4185202.214.194.138 139 tcp netbios-ssn closed
4186202.214.194.138 139 udp netbios-ssn unknown
4187202.214.194.138 161 tcp snmp filtered
4188202.214.194.138 161 udp snmp unknown
4189202.214.194.138 162 tcp snmptrap filtered
4190202.214.194.138 162 udp snmptrap unknown
4191202.214.194.138 389 tcp ldap filtered
4192202.214.194.138 389 udp ldap unknown
4193202.214.194.138 443 tcp ssl/https open
4194202.214.194.138 445 tcp microsoft-ds closed
4195202.214.194.138 520 tcp efs filtered
4196202.214.194.138 520 udp route unknown
4197202.214.194.138 2049 tcp nfs filtered
4198202.214.194.138 2049 udp nfs unknown
4199202.238.130.103 25 tcp smtp closed
4200202.238.130.103 53 tcp domain filtered
4201202.238.130.103 53 udp domain unknown
4202202.238.130.103 67 tcp dhcps filtered
4203202.238.130.103 67 udp dhcps unknown
4204202.238.130.103 68 tcp dhcpc filtered
4205202.238.130.103 68 udp dhcpc unknown
4206202.238.130.103 69 tcp tftp filtered
4207202.238.130.103 69 udp tftp unknown
4208202.238.130.103 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
4209202.238.130.103 88 tcp kerberos-sec filtered
4210202.238.130.103 88 udp kerberos-sec unknown
4211202.238.130.103 113 tcp ident closed
4212202.238.130.103 123 tcp ntp filtered
4213202.238.130.103 123 udp ntp unknown
4214202.238.130.103 137 tcp netbios-ns filtered
4215202.238.130.103 137 udp netbios-ns filtered
4216202.238.130.103 138 tcp netbios-dgm filtered
4217202.238.130.103 138 udp netbios-dgm filtered
4218202.238.130.103 139 tcp netbios-ssn closed
4219202.238.130.103 139 udp netbios-ssn unknown
4220202.238.130.103 161 tcp snmp filtered
4221202.238.130.103 161 udp snmp unknown
4222202.238.130.103 162 tcp snmptrap filtered
4223202.238.130.103 162 udp snmptrap unknown
4224202.238.130.103 389 tcp ldap filtered
4225202.238.130.103 389 udp ldap unknown
4226202.238.130.103 443 tcp ssl/http open Apache httpd
4227202.238.130.103 445 tcp microsoft-ds closed
4228202.238.130.103 520 tcp efs filtered
4229202.238.130.103 520 udp route unknown
4230202.238.130.103 2049 tcp nfs filtered
4231202.238.130.103 2049 udp nfs unknown
4232202.238.130.103 8008 tcp http open
4233203.137.110.66 21 tcp ftp open 220 203.137.110.66 FTP server ready\x0d\x0a
4234203.183.218.244 21 tcp ftp open 220 203.183.218.130 FTP server ready\x0d\x0a
4235209.59.165.178 25 tcp smtp closed
4236209.59.165.178 53 tcp domain filtered PowerDNS Authoritative Server 4.1.10
4237209.59.165.178 53 udp domain unknown PowerDNS Authoritative Server 4.1.10
4238209.59.165.178 67 tcp dhcps filtered
4239209.59.165.178 67 udp dhcps unknown
4240209.59.165.178 68 tcp dhcpc filtered
4241209.59.165.178 68 udp dhcpc unknown
4242209.59.165.178 69 tcp tftp filtered
4243209.59.165.178 69 udp tftp unknown
4244209.59.165.178 88 tcp kerberos-sec filtered
4245209.59.165.178 88 udp kerberos-sec unknown
4246209.59.165.178 123 tcp ntp filtered
4247209.59.165.178 123 udp ntp unknown
4248209.59.165.178 137 tcp netbios-ns filtered
4249209.59.165.178 137 udp netbios-ns filtered
4250209.59.165.178 138 tcp netbios-dgm filtered
4251209.59.165.178 138 udp netbios-dgm filtered
4252209.59.165.178 139 tcp netbios-ssn closed
4253209.59.165.178 139 udp netbios-ssn unknown
4254209.59.165.178 161 tcp snmp filtered
4255209.59.165.178 161 udp snmp unknown
4256209.59.165.178 162 tcp snmptrap filtered
4257209.59.165.178 162 udp snmptrap unknown
4258209.59.165.178 389 tcp ldap filtered
4259209.59.165.178 389 udp ldap unknown
4260209.59.165.178 445 tcp microsoft-ds closed
4261209.59.165.178 520 tcp efs filtered
4262209.59.165.178 520 udp route unknown
4263209.59.165.178 2049 tcp nfs filtered
4264209.59.165.178 2049 udp nfs unknown
4265210.149.141.34 53 tcp domain filtered
4266210.149.141.34 53 udp domain unknown
4267210.149.141.34 67 tcp dhcps filtered
4268210.149.141.34 67 udp dhcps unknown
4269210.149.141.34 68 tcp dhcpc filtered
4270210.149.141.34 68 udp dhcpc unknown
4271210.149.141.34 69 tcp tftp filtered
4272210.149.141.34 69 udp tftp unknown
4273210.149.141.34 88 tcp kerberos-sec filtered
4274210.149.141.34 88 udp kerberos-sec unknown
4275210.149.141.34 123 tcp ntp filtered
4276210.149.141.34 123 udp ntp unknown
4277210.149.141.34 137 tcp netbios-ns filtered
4278210.149.141.34 137 udp netbios-ns filtered
4279210.149.141.34 138 tcp netbios-dgm filtered
4280210.149.141.34 138 udp netbios-dgm filtered
4281210.149.141.34 139 tcp netbios-ssn closed
4282210.149.141.34 139 udp netbios-ssn unknown
4283210.149.141.34 161 tcp snmp filtered
4284210.149.141.34 161 udp snmp unknown
4285210.149.141.34 162 tcp snmptrap filtered
4286210.149.141.34 162 udp snmptrap unknown
4287210.149.141.34 389 tcp ldap filtered
4288210.149.141.34 389 udp ldap unknown
4289210.149.141.34 520 tcp efs filtered
4290210.149.141.34 520 udp route unknown
4291210.149.141.34 2049 tcp nfs filtered
4292210.149.141.34 2049 udp nfs unknown
4293210.152.243.182 21 tcp ftp open 220 (vsFTPd 2.2.2)\x0d\x0a
4294210.160.220.105 53 tcp domain closed
4295210.160.220.105 53 udp domain unknown
4296210.160.220.105 67 tcp dhcps closed
4297210.160.220.105 67 udp dhcps unknown
4298210.160.220.105 68 tcp dhcpc closed
4299210.160.220.105 68 udp dhcpc unknown
4300210.160.220.105 69 tcp tftp filtered
4301210.160.220.105 69 udp tftp unknown
4302210.160.220.105 88 tcp kerberos-sec closed
4303210.160.220.105 88 udp kerberos-sec unknown
4304210.160.220.105 123 tcp ntp filtered
4305210.160.220.105 123 udp ntp unknown
4306210.160.220.105 137 tcp netbios-ns closed
4307210.160.220.105 137 udp netbios-ns filtered
4308210.160.220.105 138 tcp netbios-dgm closed
4309210.160.220.105 138 udp netbios-dgm filtered
4310210.160.220.105 139 tcp netbios-ssn closed
4311210.160.220.105 139 udp netbios-ssn unknown
4312210.160.220.105 161 tcp snmp closed
4313210.160.220.105 161 udp snmp unknown
4314210.160.220.105 162 tcp snmptrap filtered
4315210.160.220.105 162 udp snmptrap unknown
4316210.160.220.105 389 tcp ldap closed
4317210.160.220.105 389 udp ldap unknown
4318210.160.220.105 520 tcp efs closed
4319210.160.220.105 520 udp route unknown
4320210.160.220.105 2049 tcp nfs closed
4321210.160.220.105 2049 udp nfs unknown
4322210.160.220.113 53 tcp domain closed
4323210.160.220.113 53 udp domain unknown
4324210.160.220.113 67 tcp dhcps closed
4325210.160.220.113 67 udp dhcps unknown
4326210.160.220.113 68 tcp dhcpc closed
4327210.160.220.113 68 udp dhcpc unknown
4328210.160.220.113 69 tcp tftp closed
4329210.160.220.113 69 udp tftp unknown
4330210.160.220.113 88 tcp kerberos-sec filtered
4331210.160.220.113 88 udp kerberos-sec unknown
4332210.160.220.113 123 tcp ntp filtered
4333210.160.220.113 123 udp ntp unknown
4334210.160.220.113 137 tcp netbios-ns closed
4335210.160.220.113 137 udp netbios-ns filtered
4336210.160.220.113 138 tcp netbios-dgm closed
4337210.160.220.113 138 udp netbios-dgm filtered
4338210.160.220.113 139 tcp netbios-ssn closed
4339210.160.220.113 139 udp netbios-ssn unknown
4340210.160.220.113 161 tcp snmp closed
4341210.160.220.113 161 udp snmp unknown
4342210.160.220.113 162 tcp snmptrap closed
4343210.160.220.113 162 udp snmptrap unknown
4344210.160.220.113 389 tcp ldap filtered
4345210.160.220.113 389 udp ldap unknown
4346210.160.220.113 520 tcp efs closed
4347210.160.220.113 520 udp route unknown
4348210.160.220.113 2049 tcp nfs closed
4349210.160.220.113 2049 udp nfs unknown
4350210.226.36.2 25 tcp smtp closed
4351210.226.36.2 53 tcp domain filtered
4352210.226.36.2 53 udp domain unknown
4353210.226.36.2 67 tcp dhcps filtered
4354210.226.36.2 67 udp dhcps unknown
4355210.226.36.2 68 tcp dhcpc filtered
4356210.226.36.2 68 udp dhcpc unknown
4357210.226.36.2 69 tcp tftp filtered
4358210.226.36.2 69 udp tftp unknown
4359210.226.36.2 80 tcp http open Apache httpd 1.3.41 (Unix) PHP/3.0.18-i18n-ja-3
4360210.226.36.2 88 tcp kerberos-sec filtered
4361210.226.36.2 88 udp kerberos-sec unknown
4362210.226.36.2 123 tcp ntp filtered
4363210.226.36.2 123 udp ntp unknown
4364210.226.36.2 137 tcp netbios-ns filtered
4365210.226.36.2 137 udp netbios-ns filtered
4366210.226.36.2 138 tcp netbios-dgm filtered
4367210.226.36.2 138 udp netbios-dgm filtered
4368210.226.36.2 139 tcp netbios-ssn closed
4369210.226.36.2 139 udp netbios-ssn unknown
4370210.226.36.2 161 tcp snmp filtered
4371210.226.36.2 161 udp snmp unknown
4372210.226.36.2 162 tcp snmptrap filtered
4373210.226.36.2 162 udp snmptrap unknown
4374210.226.36.2 389 tcp ldap filtered
4375210.226.36.2 389 udp ldap unknown
4376210.226.36.2 445 tcp microsoft-ds closed
4377210.226.36.2 520 tcp efs filtered
4378210.226.36.2 520 udp route unknown
4379210.226.36.2 2049 tcp nfs filtered
4380210.226.36.2 2049 udp nfs unknown
4381217.160.131.142 21 tcp ftp open ProFTPD
4382217.160.131.142 22 tcp ssh open OpenSSH 5.3 protocol 2.0
4383217.160.131.142 53 tcp domain closed
4384217.160.131.142 53 udp domain unknown
4385217.160.131.142 67 tcp dhcps closed
4386217.160.131.142 67 udp dhcps unknown
4387217.160.131.142 68 tcp dhcpc closed
4388217.160.131.142 68 udp dhcpc closed
4389217.160.131.142 69 tcp tftp closed
4390217.160.131.142 69 udp tftp unknown
4391217.160.131.142 80 tcp http open Apache httpd PleskLin
4392217.160.131.142 88 tcp kerberos-sec closed
4393217.160.131.142 88 udp kerberos-sec unknown
4394217.160.131.142 123 tcp ntp closed
4395217.160.131.142 123 udp ntp unknown
4396217.160.131.142 137 tcp netbios-ns closed
4397217.160.131.142 137 udp netbios-ns filtered
4398217.160.131.142 138 tcp netbios-dgm closed
4399217.160.131.142 138 udp netbios-dgm filtered
4400217.160.131.142 139 tcp netbios-ssn closed
4401217.160.131.142 139 udp netbios-ssn closed
4402217.160.131.142 161 tcp snmp closed
4403217.160.131.142 161 udp snmp unknown
4404217.160.131.142 162 tcp snmptrap closed
4405217.160.131.142 162 udp snmptrap closed
4406217.160.131.142 389 tcp ldap closed
4407217.160.131.142 389 udp ldap closed
4408217.160.131.142 443 tcp ssl/http open Apache httpd PleskLin
4409217.160.131.142 520 tcp efs closed
4410217.160.131.142 520 udp route unknown
4411217.160.131.142 2049 tcp nfs closed
4412217.160.131.142 2049 udp nfs closed
4413217.160.131.142 3306 tcp mysql open MySQL 5.1.73
4414217.160.131.142 4643 tcp ssl/http open Apache httpd
4415217.160.131.142 8443 tcp ssl/http open sw-cp-server httpd Plesk Onyx 17.8.11
4416217.160.131.142 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
4417####################################################################################################################################
4418Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-07 01:06 EST
4419Nmap scan report for 210.149.141.34
4420Host is up (0.46s latency).
4421Not shown: 995 filtered ports
4422PORT STATE SERVICE VERSION
442325/tcp closed smtp
442480/tcp open http Apache httpd
4425|_http-server-header: Apache
4426| vulscan: VulDB - https://vuldb.com:
4427| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
4428| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
4429| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
4430| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
4431| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
4432| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
4433| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
4434| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
4435| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
4436| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
4437| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
4438| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
4439| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
4440| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
4441| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
4442| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
4443| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
4444| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
4445| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
4446| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
4447| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
4448| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
4449| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
4450| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
4451| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4452| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
4453| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
4454| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
4455| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
4456| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
4457| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
4458| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
4459| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4460| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
4461| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
4462| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4463| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
4464| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
4465| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
4466| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
4467| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4468| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4469| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
4470| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
4471| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
4472| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4473| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4474| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
4475| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
4476| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4477| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
4478| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
4479| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
4480| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
4481| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
4482| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
4483| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
4484| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
4485| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
4486| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
4487| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
4488| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4489| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
4490| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
4491| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
4492| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4493| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
4494| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
4495| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
4496| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
4497| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
4498| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
4499| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
4500| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
4501| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
4502| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
4503| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
4504| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
4505| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
4506| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
4507| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
4508| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
4509| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
4510| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
4511| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
4512| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
4513| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
4514| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
4515| [136370] Apache Fineract up to 1.2.x sql injection
4516| [136369] Apache Fineract up to 1.2.x sql injection
4517| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
4518| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
4519| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
4520| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
4521| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
4522| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
4523| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
4524| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
4525| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
4526| [134416] Apache Sanselan 0.97-incubator Loop denial of service
4527| [134415] Apache Sanselan 0.97-incubator Hang denial of service
4528| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4529| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
4530| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4531| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
4532| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
4533| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
4534| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
4535| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
4536| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
4537| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
4538| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
4539| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
4540| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
4541| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
4542| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
4543| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
4544| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4545| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4546| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
4547| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
4548| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
4549| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
4550| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4551| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
4552| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
4553| [131859] Apache Hadoop up to 2.9.1 privilege escalation
4554| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4555| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
4556| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
4557| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
4558| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
4559| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
4560| [130629] Apache Guacamole Cookie Flag weak encryption
4561| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
4562| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
4563| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
4564| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4565| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4566| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4567| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
4568| [130123] Apache Airflow up to 1.8.2 information disclosure
4569| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
4570| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4571| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4572| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
4573| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4574| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4575| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
4576| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
4577| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4578| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
4579| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
4580| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
4581| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4582| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
4583| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
4584| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
4585| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
4586| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
4587| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4588| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
4589| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
4590| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
4591| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
4592| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4593| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
4594| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4595| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
4596| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
4597| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
4598| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
4599| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
4600| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
4601| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4602| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
4603| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4604| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
4605| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
4606| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
4607| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
4608| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
4609| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
4610| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
4611| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
4612| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
4613| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
4614| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
4615| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4616| [127007] Apache Spark Request Code Execution
4617| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
4618| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
4619| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
4620| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
4621| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4622| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
4623| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
4624| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4625| [126346] Apache Tomcat Path privilege escalation
4626| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4627| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4628| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4629| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4630| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4631| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4632| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4633| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4634| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4635| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4636| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4637| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4638| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4639| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4640| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4641| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4642| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4643| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4644| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4645| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4646| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4647| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4648| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4649| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4650| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4651| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4652| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4653| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4654| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4655| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4656| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4657| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4658| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4659| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4660| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4661| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4662| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4663| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4664| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4665| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4666| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4667| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4668| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4669| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4670| [123197] Apache Sentry up to 2.0.0 privilege escalation
4671| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4672| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4673| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4674| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4675| [122800] Apache Spark 1.3.0 REST API weak authentication
4676| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4677| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4678| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4679| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4680| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4681| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4682| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4683| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4684| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4685| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4686| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4687| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4688| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4689| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4690| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4691| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4692| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4693| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4694| [121354] Apache CouchDB HTTP API Code Execution
4695| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4696| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4697| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4698| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4699| [120168] Apache CXF weak authentication
4700| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4701| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4702| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4703| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4704| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4705| [119306] Apache MXNet Network Interface privilege escalation
4706| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4707| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4708| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4709| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4710| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4711| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4712| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4713| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4714| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4715| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4716| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4717| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4718| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4719| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4720| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4721| [117115] Apache Tika up to 1.17 tika-server command injection
4722| [116929] Apache Fineract getReportType Parameter privilege escalation
4723| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4724| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4725| [116926] Apache Fineract REST Parameter privilege escalation
4726| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4727| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4728| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4729| [115883] Apache Hive up to 2.3.2 privilege escalation
4730| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4731| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4732| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4733| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4734| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4735| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4736| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4737| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4738| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4739| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4740| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4741| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4742| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4743| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4744| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4745| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4746| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4747| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4748| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4749| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4750| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4751| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4752| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4753| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4754| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4755| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4756| [113895] Apache Geode up to 1.3.x Code Execution
4757| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4758| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4759| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4760| [113747] Apache Tomcat Servlets privilege escalation
4761| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4762| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4763| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4764| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4765| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4766| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4767| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4768| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4769| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4770| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4771| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4772| [112885] Apache Allura up to 1.8.0 File information disclosure
4773| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4774| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4775| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4776| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4777| [112625] Apache POI up to 3.16 Loop denial of service
4778| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4779| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4780| [112339] Apache NiFi 1.5.0 Header privilege escalation
4781| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4782| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4783| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4784| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4785| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4786| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4787| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4788| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4789| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4790| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4791| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4792| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4793| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4794| [112114] Oracle 9.1 Apache Log4j privilege escalation
4795| [112113] Oracle 9.1 Apache Log4j privilege escalation
4796| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4797| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4798| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4799| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4800| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4801| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4802| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4803| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4804| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4805| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4806| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4807| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4808| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4809| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4810| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4811| [110701] Apache Fineract Query Parameter sql injection
4812| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4813| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4814| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4815| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4816| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4817| [110106] Apache CXF Fediz Spring cross site request forgery
4818| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4819| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4820| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4821| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4822| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4823| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4824| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4825| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4826| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4827| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4828| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4829| [108938] Apple macOS up to 10.13.1 apache denial of service
4830| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4831| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4832| [108935] Apple macOS up to 10.13.1 apache denial of service
4833| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4834| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4835| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4836| [108931] Apple macOS up to 10.13.1 apache denial of service
4837| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4838| [108929] Apple macOS up to 10.13.1 apache denial of service
4839| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4840| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4841| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4842| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4843| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4844| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4845| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4846| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4847| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4848| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4849| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4850| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4851| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4852| [108782] Apache Xerces2 XML Service denial of service
4853| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4854| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4855| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4856| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4857| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4858| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4859| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4860| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4861| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4862| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4863| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4864| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4865| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4866| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4867| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4868| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4869| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4870| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4871| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4872| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4873| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4874| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4875| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4876| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4877| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4878| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4879| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4880| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4881| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4882| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4883| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4884| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4885| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4886| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4887| [107639] Apache NiFi 1.4.0 XML External Entity
4888| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4889| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4890| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4891| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4892| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4893| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4894| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4895| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4896| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4897| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4898| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4899| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4900| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4901| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4902| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4903| [107084] Apache Struts up to 2.3.19 cross site scripting
4904| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4905| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4906| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4907| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4908| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4909| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4910| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4911| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4912| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4913| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4914| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4915| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4916| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4917| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4918| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4919| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4920| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4921| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4922| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4923| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4924| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4925| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4926| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4927| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4928| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4929| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4930| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4931| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4932| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4933| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4934| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4935| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4936| [105643] Apache Pony Mail up to 0.8b weak authentication
4937| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4938| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4939| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4940| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4941| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4942| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4943| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4944| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4945| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4946| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4947| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4948| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4949| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4950| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4951| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4952| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4953| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4954| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4955| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4956| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4957| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4958| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4959| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4960| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4961| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4962| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4963| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4964| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4965| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4966| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4967| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4968| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4969| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4970| [103690] Apache OpenMeetings 1.0.0 sql injection
4971| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4972| [103688] Apache OpenMeetings 1.0.0 weak encryption
4973| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4974| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4975| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4976| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4977| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4978| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4979| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4980| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4981| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4982| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4983| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4984| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4985| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4986| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4987| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4988| [103352] Apache Solr Node weak authentication
4989| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4990| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4991| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4992| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4993| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4994| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4995| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4996| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4997| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4998| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4999| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
5000| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
5001| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
5002| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
5003| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
5004| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
5005| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
5006| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
5007| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
5008| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
5009| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
5010| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
5011| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
5012| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
5013| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
5014| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
5015| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
5016| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
5017| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
5018| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
5019| [99937] Apache Batik up to 1.8 privilege escalation
5020| [99936] Apache FOP up to 2.1 privilege escalation
5021| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
5022| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
5023| [99930] Apache Traffic Server up to 6.2.0 denial of service
5024| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
5025| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
5026| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
5027| [117569] Apache Hadoop up to 2.7.3 privilege escalation
5028| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
5029| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
5030| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
5031| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
5032| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
5033| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
5034| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
5035| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
5036| [99014] Apache Camel Jackson/JacksonXML privilege escalation
5037| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5038| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
5039| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
5040| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
5041| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
5042| [98605] Apple macOS up to 10.12.3 Apache denial of service
5043| [98604] Apple macOS up to 10.12.3 Apache denial of service
5044| [98603] Apple macOS up to 10.12.3 Apache denial of service
5045| [98602] Apple macOS up to 10.12.3 Apache denial of service
5046| [98601] Apple macOS up to 10.12.3 Apache denial of service
5047| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
5048| [98405] Apache Hadoop up to 0.23.10 privilege escalation
5049| [98199] Apache Camel Validation XML External Entity
5050| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
5051| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
5052| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
5053| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
5054| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
5055| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
5056| [97081] Apache Tomcat HTTPS Request denial of service
5057| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
5058| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
5059| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
5060| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
5061| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
5062| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
5063| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
5064| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
5065| [95311] Apache Storm UI Daemon privilege escalation
5066| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
5067| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
5068| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
5069| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
5070| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
5071| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
5072| [94540] Apache Tika 1.9 tika-server File information disclosure
5073| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
5074| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
5075| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
5076| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
5077| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
5078| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
5079| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5080| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
5081| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
5082| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
5083| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
5084| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
5085| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
5086| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
5087| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5088| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
5089| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
5090| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
5091| [93532] Apache Commons Collections Library Java privilege escalation
5092| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
5093| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
5094| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
5095| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
5096| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
5097| [93098] Apache Commons FileUpload privilege escalation
5098| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
5099| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
5100| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
5101| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
5102| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
5103| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
5104| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
5105| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
5106| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
5107| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
5108| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
5109| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
5110| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
5111| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
5112| [92549] Apache Tomcat on Red Hat privilege escalation
5113| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
5114| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
5115| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
5116| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
5117| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
5118| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
5119| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
5120| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
5121| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
5122| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
5123| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
5124| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
5125| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
5126| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
5127| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
5128| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
5129| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
5130| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
5131| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
5132| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
5133| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
5134| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
5135| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
5136| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
5137| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
5138| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
5139| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
5140| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
5141| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
5142| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
5143| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
5144| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
5145| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
5146| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
5147| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
5148| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
5149| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
5150| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
5151| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
5152| [90263] Apache Archiva Header denial of service
5153| [90262] Apache Archiva Deserialize privilege escalation
5154| [90261] Apache Archiva XML DTD Connection privilege escalation
5155| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
5156| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
5157| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
5158| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
5159| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5160| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
5161| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
5162| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
5163| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
5164| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
5165| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
5166| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
5167| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
5168| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
5169| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
5170| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
5171| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
5172| [87765] Apache James Server 2.3.2 Command privilege escalation
5173| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
5174| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
5175| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
5176| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
5177| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
5178| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
5179| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
5180| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
5181| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
5182| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5183| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5184| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
5185| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
5186| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
5187| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5188| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
5189| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
5190| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
5191| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
5192| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
5193| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
5194| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
5195| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
5196| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
5197| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
5198| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
5199| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
5200| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
5201| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
5202| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
5203| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
5204| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
5205| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
5206| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
5207| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
5208| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
5209| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
5210| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
5211| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
5212| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
5213| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
5214| [82076] Apache Ranger up to 0.5.1 privilege escalation
5215| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
5216| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
5217| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
5218| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
5219| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
5220| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
5221| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
5222| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
5223| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
5224| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
5225| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
5226| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
5227| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5228| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
5229| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
5230| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
5231| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
5232| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
5233| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
5234| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
5235| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
5236| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
5237| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
5238| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
5239| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
5240| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
5241| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
5242| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
5243| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
5244| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
5245| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
5246| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
5247| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
5248| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
5249| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
5250| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
5251| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
5252| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
5253| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
5254| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
5255| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
5256| [79791] Cisco Products Apache Commons Collections Library privilege escalation
5257| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5258| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
5259| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
5260| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
5261| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
5262| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
5263| [78989] Apache Ambari up to 2.1.1 Open Redirect
5264| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
5265| [78987] Apache Ambari up to 2.0.x cross site scripting
5266| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
5267| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5268| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
5269| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5270| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5271| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5272| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5273| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
5274| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
5275| [77406] Apache Flex BlazeDS AMF Message XML External Entity
5276| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
5277| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
5278| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
5279| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
5280| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
5281| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
5282| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
5283| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
5284| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
5285| [76567] Apache Struts 2.3.20 unknown vulnerability
5286| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
5287| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
5288| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
5289| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
5290| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
5291| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
5292| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
5293| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
5294| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
5295| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
5296| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
5297| [74793] Apache Tomcat File Upload denial of service
5298| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
5299| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
5300| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
5301| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
5302| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
5303| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
5304| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
5305| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
5306| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
5307| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
5308| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
5309| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
5310| [74468] Apache Batik up to 1.6 denial of service
5311| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
5312| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
5313| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
5314| [74174] Apache WSS4J up to 2.0.0 privilege escalation
5315| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
5316| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
5317| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
5318| [73731] Apache XML Security unknown vulnerability
5319| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
5320| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
5321| [73593] Apache Traffic Server up to 5.1.0 denial of service
5322| [73511] Apache POI up to 3.10 Deadlock denial of service
5323| [73510] Apache Solr up to 4.3.0 cross site scripting
5324| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
5325| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
5326| [73173] Apache CloudStack Stack-Based unknown vulnerability
5327| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
5328| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
5329| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
5330| [72890] Apache Qpid 0.30 unknown vulnerability
5331| [72887] Apache Hive 0.13.0 File Permission privilege escalation
5332| [72878] Apache Cordova 3.5.0 cross site request forgery
5333| [72877] Apache Cordova 3.5.0 cross site request forgery
5334| [72876] Apache Cordova 3.5.0 cross site request forgery
5335| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
5336| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
5337| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
5338| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
5339| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5340| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
5341| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
5342| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
5343| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
5344| [71629] Apache Axis2/C spoofing
5345| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
5346| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
5347| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
5348| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
5349| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
5350| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
5351| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
5352| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
5353| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
5354| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
5355| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
5356| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
5357| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
5358| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
5359| [70809] Apache POI up to 3.11 Crash denial of service
5360| [70808] Apache POI up to 3.10 unknown vulnerability
5361| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
5362| [70749] Apache Axis up to 1.4 getCN spoofing
5363| [70701] Apache Traffic Server up to 3.3.5 denial of service
5364| [70700] Apache OFBiz up to 12.04.03 cross site scripting
5365| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
5366| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
5367| [70661] Apache Subversion up to 1.6.17 denial of service
5368| [70660] Apache Subversion up to 1.6.17 spoofing
5369| [70659] Apache Subversion up to 1.6.17 spoofing
5370| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
5371| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
5372| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
5373| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
5374| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
5375| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
5376| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
5377| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
5378| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
5379| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
5380| [69846] Apache HBase up to 0.94.8 information disclosure
5381| [69783] Apache CouchDB up to 1.2.0 memory corruption
5382| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
5383| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
5384| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
5385| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
5386| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
5387| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
5388| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
5389| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
5390| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
5391| [69431] Apache Archiva up to 1.3.6 cross site scripting
5392| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
5393| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
5394| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
5395| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
5396| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
5397| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
5398| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
5399| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
5400| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
5401| [66739] Apache Camel up to 2.12.2 unknown vulnerability
5402| [66738] Apache Camel up to 2.12.2 unknown vulnerability
5403| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
5404| [66695] Apache CouchDB up to 1.2.0 cross site scripting
5405| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
5406| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
5407| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
5408| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
5409| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
5410| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
5411| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
5412| [66356] Apache Wicket up to 6.8.0 information disclosure
5413| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
5414| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
5415| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5416| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
5417| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
5418| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5419| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
5420| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
5421| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
5422| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
5423| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
5424| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
5425| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
5426| [65668] Apache Solr 4.0.0 Updater denial of service
5427| [65665] Apache Solr up to 4.3.0 denial of service
5428| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
5429| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
5430| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
5431| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
5432| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
5433| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
5434| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
5435| [65410] Apache Struts 2.3.15.3 cross site scripting
5436| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
5437| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
5438| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
5439| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
5440| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
5441| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
5442| [65340] Apache Shindig 2.5.0 information disclosure
5443| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
5444| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
5445| [10826] Apache Struts 2 File privilege escalation
5446| [65204] Apache Camel up to 2.10.1 unknown vulnerability
5447| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
5448| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
5449| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
5450| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
5451| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
5452| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
5453| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
5454| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
5455| [64722] Apache XML Security for C++ Heap-based memory corruption
5456| [64719] Apache XML Security for C++ Heap-based memory corruption
5457| [64718] Apache XML Security for C++ verify denial of service
5458| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
5459| [64716] Apache XML Security for C++ spoofing
5460| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
5461| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
5462| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
5463| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
5464| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
5465| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
5466| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
5467| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
5468| [64485] Apache Struts up to 2.2.3.0 privilege escalation
5469| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
5470| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
5471| [64467] Apache Geronimo 3.0 memory corruption
5472| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
5473| [64457] Apache Struts up to 2.2.3.0 cross site scripting
5474| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
5475| [9184] Apache Qpid up to 0.20 SSL misconfiguration
5476| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
5477| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
5478| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
5479| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
5480| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
5481| [8873] Apache Struts 2.3.14 privilege escalation
5482| [8872] Apache Struts 2.3.14 privilege escalation
5483| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
5484| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
5485| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
5486| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
5487| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
5488| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5489| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
5490| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
5491| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
5492| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
5493| [64006] Apache ActiveMQ up to 5.7.0 denial of service
5494| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
5495| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
5496| [8427] Apache Tomcat Session Transaction weak authentication
5497| [63960] Apache Maven 3.0.4 Default Configuration spoofing
5498| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
5499| [63750] Apache qpid up to 0.20 checkAvailable denial of service
5500| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
5501| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
5502| [63747] Apache Rave up to 0.20 User Account information disclosure
5503| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
5504| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
5505| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
5506| [7687] Apache CXF up to 2.7.2 Token weak authentication
5507| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5508| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
5509| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
5510| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
5511| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
5512| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
5513| [63090] Apache Tomcat up to 4.1.24 denial of service
5514| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
5515| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
5516| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
5517| [62833] Apache CXF -/2.6.0 spoofing
5518| [62832] Apache Axis2 up to 1.6.2 spoofing
5519| [62831] Apache Axis up to 1.4 Java Message Service spoofing
5520| [62830] Apache Commons-httpclient 3.0 Payments spoofing
5521| [62826] Apache Libcloud up to 0.11.0 spoofing
5522| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
5523| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
5524| [62661] Apache Axis2 unknown vulnerability
5525| [62658] Apache Axis2 unknown vulnerability
5526| [62467] Apache Qpid up to 0.17 denial of service
5527| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
5528| [6301] Apache HTTP Server mod_pagespeed cross site scripting
5529| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
5530| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
5531| [62035] Apache Struts up to 2.3.4 denial of service
5532| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
5533| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
5534| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
5535| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
5536| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
5537| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
5538| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
5539| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
5540| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
5541| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
5542| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
5543| [61229] Apache Sling up to 2.1.1 denial of service
5544| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
5545| [61094] Apache Roller up to 5.0 cross site scripting
5546| [61093] Apache Roller up to 5.0 cross site request forgery
5547| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
5548| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
5549| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
5550| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
5551| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
5552| [60708] Apache Qpid 0.12 unknown vulnerability
5553| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
5554| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
5555| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
5556| [4882] Apache Wicket up to 1.5.4 directory traversal
5557| [4881] Apache Wicket up to 1.4.19 cross site scripting
5558| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
5559| [60352] Apache Struts up to 2.2.3 memory corruption
5560| [60153] Apache Portable Runtime up to 1.4.3 denial of service
5561| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
5562| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
5563| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
5564| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
5565| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
5566| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
5567| [4571] Apache Struts up to 2.3.1.2 privilege escalation
5568| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
5569| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
5570| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
5571| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
5572| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
5573| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
5574| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
5575| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
5576| [59888] Apache Tomcat up to 6.0.6 denial of service
5577| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
5578| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
5579| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
5580| [59850] Apache Geronimo up to 2.2.1 denial of service
5581| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
5582| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
5583| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
5584| [58413] Apache Tomcat up to 6.0.10 spoofing
5585| [58381] Apache Wicket up to 1.4.17 cross site scripting
5586| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
5587| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
5588| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
5589| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
5590| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5591| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
5592| [57568] Apache Archiva up to 1.3.4 cross site scripting
5593| [57567] Apache Archiva up to 1.3.4 cross site request forgery
5594| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
5595| [4355] Apache HTTP Server APR apr_fnmatch denial of service
5596| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
5597| [57425] Apache Struts up to 2.2.1.1 cross site scripting
5598| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
5599| [57025] Apache Tomcat up to 7.0.11 information disclosure
5600| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
5601| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
5602| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
5603| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
5604| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
5605| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
5606| [56512] Apache Continuum up to 1.4.0 cross site scripting
5607| [4285] Apache Tomcat 5.x JVM getLocale denial of service
5608| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
5609| [4283] Apache Tomcat 5.x ServletContect privilege escalation
5610| [56441] Apache Tomcat up to 7.0.6 denial of service
5611| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
5612| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
5613| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
5614| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
5615| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
5616| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
5617| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
5618| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
5619| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
5620| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
5621| [54693] Apache Traffic Server DNS Cache unknown vulnerability
5622| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
5623| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
5624| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5625| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5626| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5627| [54012] Apache Tomcat up to 6.0.10 denial of service
5628| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5629| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5630| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5631| [52894] Apache Tomcat up to 6.0.7 information disclosure
5632| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5633| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5634| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5635| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5636| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5637| [52584] Apache CouchDB up to 0.10.1 information disclosure
5638| [51757] Apache HTTP Server 2.0.44 cross site scripting
5639| [51756] Apache HTTP Server 2.0.44 spoofing
5640| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5641| [51690] Apache Tomcat up to 6.0 directory traversal
5642| [51689] Apache Tomcat up to 6.0 information disclosure
5643| [51688] Apache Tomcat up to 6.0 directory traversal
5644| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5645| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5646| [50626] Apache Solr 1.0.0 cross site scripting
5647| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5648| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5649| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5650| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5651| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5652| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5653| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5654| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5655| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5656| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5657| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5658| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5659| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5660| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
5661| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5662| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5663| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5664| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5665| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5666| [47214] Apachefriends xampp 1.6.8 spoofing
5667| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5668| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5669| [47065] Apache Tomcat 4.1.23 cross site scripting
5670| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5671| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5672| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5673| [86625] Apache Struts directory traversal
5674| [44461] Apache Tomcat up to 5.5.0 information disclosure
5675| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5676| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5677| [43663] Apache Tomcat up to 6.0.16 directory traversal
5678| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5679| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5680| [43516] Apache Tomcat up to 4.1.20 directory traversal
5681| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5682| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5683| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5684| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5685| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5686| [40924] Apache Tomcat up to 6.0.15 information disclosure
5687| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5688| [40922] Apache Tomcat up to 6.0 information disclosure
5689| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5690| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5691| [40656] Apache Tomcat 5.5.20 information disclosure
5692| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5693| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5694| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5695| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5696| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5697| [40234] Apache Tomcat up to 6.0.15 directory traversal
5698| [40221] Apache HTTP Server 2.2.6 information disclosure
5699| [40027] David Castro Apache Authcas 0.4 sql injection
5700| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
5701| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5702| [3414] Apache Tomcat WebDAV Stored privilege escalation
5703| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5704| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5705| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5706| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5707| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5708| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5709| [38524] Apache Geronimo 2.0 unknown vulnerability
5710| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5711| [38331] Apache Tomcat 4.1.24 information disclosure
5712| [38330] Apache Tomcat 4.1.24 information disclosure
5713| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5714| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5715| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5716| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5717| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5718| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5719| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5720| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5721| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5722| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5723| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5724| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5725| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5726| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5727| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5728| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5729| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5730| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5731| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5732| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5733| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5734| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5735| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5736| [34252] Apache HTTP Server denial of service
5737| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5738| [33877] Apache Opentaps 0.9.3 cross site scripting
5739| [33876] Apache Open For Business Project unknown vulnerability
5740| [33875] Apache Open For Business Project cross site scripting
5741| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
5742| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5743|
5744| MITRE CVE - https://cve.mitre.org:
5745| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5746| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5747| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5748| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5749| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5750| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5751| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5752| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5753| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5754| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5755| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5756| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5757| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5758| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5759| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5760| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5761| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5762| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5763| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5764| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5765| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5766| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5767| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5768| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5769| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5770| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5771| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5772| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5773| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5774| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5775| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5776| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5777| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5778| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5779| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5780| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5781| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5782| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5783| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5784| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5785| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5786| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5787| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5788| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5789| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5790| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5791| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5792| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5793| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5794| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5795| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5796| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5797| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5798| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5799| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5800| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5801| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5802| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5803| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5804| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5805| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5806| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5807| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5808| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5809| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5810| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5811| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5812| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5813| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5814| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5815| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5816| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5817| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5818| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5819| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5820| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5821| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5822| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5823| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5824| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5825| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5826| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5827| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5828| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5829| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5830| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5831| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5832| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5833| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5834| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5835| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5836| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5837| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5838| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5839| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5840| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5841| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5842| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5843| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5844| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5845| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5846| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5847| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5848| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5849| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5850| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5851| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5852| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5853| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5854| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5855| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5856| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5857| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5858| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5859| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5860| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5861| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5862| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5863| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5864| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5865| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5866| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5867| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5868| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5869| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5870| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5871| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5872| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5873| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5874| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5875| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5876| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5877| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5878| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5879| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5880| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5881| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5882| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5883| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5884| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5885| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5886| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5887| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5888| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5889| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5890| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5891| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5892| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5893| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5894| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5895| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5896| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5897| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5898| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5899| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5900| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5901| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5902| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5903| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5904| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5905| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5906| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5907| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5908| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5909| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5910| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5911| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5912| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5913| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5914| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5915| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5916| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5917| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5918| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5919| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5920| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5921| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5922| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5923| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5924| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5925| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5926| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5927| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5928| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5929| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5930| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5931| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5932| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5933| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5934| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5935| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5936| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5937| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5938| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5939| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5940| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5941| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5942| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5943| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5944| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5945| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5946| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5947| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5948| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5949| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5950| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5951| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5952| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5953| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5954| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5955| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5956| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5957| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5958| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5959| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5960| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5961| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5962| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5963| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5964| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5965| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5966| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5967| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5968| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5969| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5970| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5971| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5972| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5973| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5974| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5975| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5976| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5977| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5978| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5979| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5980| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5981| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5982| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5983| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5984| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5985| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5986| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5987| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5988| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5989| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5990| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5991| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5992| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5993| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5994| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5995| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5996| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5997| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5998| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5999| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
6000| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
6001| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
6002| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
6003| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
6004| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
6005| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
6006| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
6007| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
6008| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
6009| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
6010| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
6011| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
6012| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
6013| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
6014| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6015| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
6016| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
6017| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
6018| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
6019| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
6020| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
6021| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
6022| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
6023| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
6024| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
6025| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
6026| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
6027| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
6028| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
6029| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
6030| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
6031| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
6032| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
6033| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
6034| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
6035| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
6036| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
6037| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
6038| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6039| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
6040| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
6041| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
6042| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
6043| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
6044| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
6045| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
6046| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
6047| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
6048| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
6049| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
6050| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6051| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6052| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
6053| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
6054| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
6055| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
6056| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
6057| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
6058| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
6059| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
6060| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
6061| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
6062| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
6063| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
6064| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6065| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
6066| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
6067| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
6068| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
6069| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
6070| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
6071| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
6072| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
6073| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
6074| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
6075| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
6076| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
6077| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
6078| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
6079| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
6080| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
6081| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
6082| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
6083| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
6084| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
6085| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
6086| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
6087| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
6088| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
6089| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
6090| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
6091| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
6092| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6093| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
6094| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
6095| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
6096| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
6097| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6098| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
6099| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
6100| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
6101| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
6102| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
6103| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
6104| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
6105| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
6106| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
6107| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
6108| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
6109| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
6110| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
6111| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6112| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6113| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
6114| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
6115| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
6116| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
6117| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
6118| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
6119| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
6120| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6121| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
6122| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
6123| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6124| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
6125| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6126| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6127| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
6128| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6129| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
6130| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
6131| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
6132| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
6133| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
6134| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
6135| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
6136| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
6137| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
6138| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
6139| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
6140| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
6141| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
6142| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
6143| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
6144| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
6145| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
6146| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
6147| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
6148| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
6149| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
6150| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
6151| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
6152| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
6153| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
6154| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
6155| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
6156| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
6157| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
6158| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
6159| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
6160| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
6161| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
6162| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6163| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
6164| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
6165| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
6166| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
6167| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
6168| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
6169| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
6170| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
6171| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
6172| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
6173| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
6174| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
6175| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
6176| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
6177| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
6178| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
6179| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
6180| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
6181| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
6182| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
6183| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
6184| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
6185| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
6186| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
6187| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6188| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
6189| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6190| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
6191| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
6192| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
6193| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
6194| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
6195| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
6196| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
6197| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
6198| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
6199| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
6200| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
6201| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
6202| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
6203| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
6204| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
6205| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6206| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
6207| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
6208| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
6209| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
6210| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
6211| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
6212| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
6213| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
6214| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
6215| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
6216| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
6217| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
6218| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
6219| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
6220| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
6221| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
6222| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
6223| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
6224| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
6225| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
6226| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
6227| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
6228| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
6229| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
6230| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
6231| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
6232| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6233| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
6234| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
6235| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
6236| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
6237| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
6238| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
6239| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
6240| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
6241| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
6242| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
6243| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
6244| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
6245| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
6246| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
6247| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
6248| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
6249| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
6250| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
6251| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
6252| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
6253| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
6254| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
6255| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
6256| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
6257| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
6258| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
6259| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
6260| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
6261| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
6262| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
6263| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
6264| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
6265| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
6266| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
6267| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
6268| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
6269| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
6270| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
6271| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
6272| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
6273| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
6274| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
6275| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
6276| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
6277| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
6278| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
6279| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
6280| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
6281| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
6282| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
6283| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
6284| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
6285| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
6286| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
6287| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
6288| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
6289| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
6290| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
6291| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
6292| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
6293| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
6294| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
6295| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
6296| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
6297| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
6298| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
6299| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
6300| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
6301| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
6302| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
6303| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
6304| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
6305| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
6306| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
6307| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
6308| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
6309| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
6310| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
6311| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
6312| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
6313| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
6314| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
6315| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
6316| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
6317| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
6318| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
6319| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
6320| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
6321| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
6322| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
6323| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
6324| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
6325| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
6326| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
6327| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
6328| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
6329| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
6330| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
6331| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
6332| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
6333| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
6334| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
6335| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
6336| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
6337| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
6338| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
6339| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
6340| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
6341| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
6342| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
6343| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
6344| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
6345| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
6346| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
6347| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
6348| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
6349| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
6350| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
6351| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
6352| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
6353| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
6354|
6355| SecurityFocus - https://www.securityfocus.com/bid/:
6356| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
6357| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
6358| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
6359| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
6360| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
6361| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
6362| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
6363| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
6364| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
6365| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
6366| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
6367| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
6368| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
6369| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
6370| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
6371| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
6372| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
6373| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
6374| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
6375| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
6376| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
6377| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
6378| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
6379| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
6380| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
6381| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
6382| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
6383| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
6384| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
6385| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
6386| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
6387| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
6388| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
6389| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
6390| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
6391| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
6392| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
6393| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
6394| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
6395| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
6396| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
6397| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
6398| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
6399| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
6400| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
6401| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
6402| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
6403| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
6404| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
6405| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
6406| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
6407| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
6408| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
6409| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
6410| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
6411| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
6412| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
6413| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
6414| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
6415| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
6416| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
6417| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
6418| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
6419| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
6420| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
6421| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
6422| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
6423| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
6424| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
6425| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
6426| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
6427| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
6428| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
6429| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
6430| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
6431| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
6432| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
6433| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
6434| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
6435| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
6436| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
6437| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
6438| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
6439| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
6440| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
6441| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
6442| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
6443| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
6444| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
6445| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
6446| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
6447| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
6448| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
6449| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
6450| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
6451| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
6452| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
6453| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
6454| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
6455| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
6456| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
6457| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
6458| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
6459| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
6460| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
6461| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
6462| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
6463| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
6464| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
6465| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
6466| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
6467| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
6468| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
6469| [100447] Apache2Triad Multiple Security Vulnerabilities
6470| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
6471| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
6472| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
6473| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
6474| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
6475| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
6476| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
6477| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
6478| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
6479| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
6480| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
6481| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
6482| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
6483| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
6484| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
6485| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
6486| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
6487| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
6488| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
6489| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
6490| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
6491| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
6492| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
6493| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
6494| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
6495| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
6496| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
6497| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
6498| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
6499| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
6500| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
6501| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
6502| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
6503| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
6504| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
6505| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
6506| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
6507| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
6508| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
6509| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
6510| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
6511| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
6512| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
6513| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
6514| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
6515| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
6516| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
6517| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
6518| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
6519| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
6520| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
6521| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
6522| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
6523| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
6524| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
6525| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
6526| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
6527| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
6528| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
6529| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
6530| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
6531| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
6532| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
6533| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
6534| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
6535| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
6536| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
6537| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
6538| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
6539| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
6540| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
6541| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
6542| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
6543| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
6544| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
6545| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
6546| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
6547| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
6548| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
6549| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
6550| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
6551| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
6552| [95675] Apache Struts Remote Code Execution Vulnerability
6553| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
6554| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
6555| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
6556| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
6557| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
6558| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
6559| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
6560| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
6561| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
6562| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
6563| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
6564| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
6565| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
6566| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
6567| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
6568| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
6569| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
6570| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
6571| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
6572| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
6573| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
6574| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
6575| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
6576| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
6577| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
6578| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
6579| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
6580| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
6581| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
6582| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
6583| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
6584| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
6585| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
6586| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
6587| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
6588| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
6589| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
6590| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
6591| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
6592| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
6593| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
6594| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
6595| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
6596| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
6597| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
6598| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
6599| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
6600| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
6601| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
6602| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
6603| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
6604| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
6605| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
6606| [91736] Apache XML-RPC Multiple Security Vulnerabilities
6607| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
6608| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
6609| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
6610| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
6611| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
6612| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
6613| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
6614| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
6615| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
6616| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
6617| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
6618| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
6619| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
6620| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
6621| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
6622| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
6623| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
6624| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6625| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6626| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6627| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6628| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6629| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6630| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6631| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6632| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6633| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6634| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6635| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6636| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6637| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6638| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6639| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6640| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6641| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6642| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6643| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6644| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6645| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6646| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6647| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6648| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6649| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6650| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6651| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6652| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6653| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6654| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6655| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6656| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6657| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6658| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6659| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6660| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6661| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6662| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6663| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6664| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6665| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6666| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6667| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6668| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6669| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6670| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6671| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6672| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6673| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6674| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6675| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6676| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6677| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6678| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6679| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6680| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6681| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6682| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6683| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6684| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6685| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6686| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6687| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6688| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6689| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6690| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6691| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6692| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6693| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6694| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6695| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6696| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6697| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6698| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6699| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6700| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6701| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6702| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6703| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6704| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6705| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6706| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6707| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6708| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6709| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6710| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6711| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6712| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6713| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6714| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6715| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6716| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6717| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6718| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6719| [76933] Apache James Server Unspecified Command Execution Vulnerability
6720| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6721| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6722| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6723| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6724| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6725| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6726| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6727| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6728| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6729| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6730| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6731| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6732| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6733| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6734| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6735| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6736| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6737| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6738| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6739| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6740| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6741| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6742| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6743| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6744| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6745| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6746| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6747| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6748| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6749| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6750| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6751| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6752| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6753| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6754| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6755| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6756| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6757| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6758| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6759| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6760| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6761| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6762| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6763| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6764| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6765| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6766| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6767| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6768| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6769| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6770| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6771| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6772| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6773| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6774| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6775| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6776| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6777| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6778| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6779| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6780| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6781| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6782| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6783| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6784| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6785| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6786| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6787| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6788| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6789| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6790| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6791| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6792| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6793| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6794| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6795| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6796| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6797| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6798| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6799| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6800| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6801| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6802| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6803| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6804| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6805| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6806| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6807| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6808| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6809| [68229] Apache Harmony PRNG Entropy Weakness
6810| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6811| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6812| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6813| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6814| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6815| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6816| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6817| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6818| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6819| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6820| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6821| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6822| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6823| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6824| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6825| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6826| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6827| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6828| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6829| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6830| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6831| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6832| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6833| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6834| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6835| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6836| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6837| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6838| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6839| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6840| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6841| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6842| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6843| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6844| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6845| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6846| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6847| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6848| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6849| [64780] Apache CloudStack Unauthorized Access Vulnerability
6850| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6851| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6852| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6853| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6854| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6855| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6856| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6857| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6858| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6859| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6860| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6861| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6862| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6863| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6864| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6865| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6866| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6867| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6868| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6869| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6870| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6871| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6872| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6873| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6874| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6875| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6876| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6877| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6878| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6879| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6880| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6881| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6882| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6883| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6884| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6885| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6886| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6887| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6888| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6889| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6890| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6891| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6892| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6893| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6894| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6895| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6896| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6897| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6898| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6899| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6900| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6901| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6902| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6903| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6904| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6905| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6906| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6907| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6908| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6909| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6910| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6911| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6912| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6913| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6914| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6915| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6916| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6917| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6918| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6919| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6920| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6921| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6922| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6923| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6924| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6925| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6926| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6927| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6928| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6929| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6930| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6931| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6932| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6933| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6934| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6935| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6936| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6937| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6938| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6939| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6940| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6941| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6942| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6943| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6944| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6945| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6946| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6947| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6948| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6949| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6950| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6951| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6952| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6953| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6954| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6955| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6956| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6957| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6958| [54798] Apache Libcloud Man In The Middle Vulnerability
6959| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6960| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6961| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6962| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6963| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6964| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6965| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6966| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6967| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6968| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6969| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6970| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6971| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6972| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6973| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6974| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6975| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6976| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6977| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6978| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6979| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6980| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6981| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6982| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6983| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6984| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6985| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6986| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6987| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6988| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6989| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6990| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6991| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6992| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6993| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6994| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6995| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6996| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6997| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6998| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6999| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
7000| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7001| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
7002| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
7003| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7004| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
7005| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
7006| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
7007| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
7008| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
7009| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
7010| [49290] Apache Wicket Cross Site Scripting Vulnerability
7011| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
7012| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
7013| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
7014| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
7015| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
7016| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
7017| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
7018| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7019| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
7020| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
7021| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
7022| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
7023| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
7024| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
7025| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
7026| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
7027| [46953] Apache MPM-ITK Module Security Weakness
7028| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
7029| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
7030| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
7031| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
7032| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
7033| [46166] Apache Tomcat JVM Denial of Service Vulnerability
7034| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
7035| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7036| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
7037| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
7038| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
7039| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
7040| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
7041| [44616] Apache Shiro Directory Traversal Vulnerability
7042| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
7043| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
7044| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
7045| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
7046| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
7047| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7048| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
7049| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
7050| [42492] Apache CXF XML DTD Processing Security Vulnerability
7051| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
7052| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7053| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7054| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
7055| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
7056| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7057| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
7058| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
7059| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
7060| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7061| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7062| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
7063| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
7064| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
7065| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
7066| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
7067| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
7068| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
7069| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
7070| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
7071| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
7072| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
7073| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
7074| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
7075| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
7076| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
7077| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
7078| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
7079| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
7080| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
7081| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7082| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
7083| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
7084| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
7085| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
7086| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7087| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
7088| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
7089| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
7090| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
7091| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
7092| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7093| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
7094| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
7095| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
7096| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
7097| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
7098| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
7099| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
7100| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7101| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
7102| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
7103| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7104| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
7105| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
7106| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
7107| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
7108| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
7109| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
7110| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
7111| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
7112| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
7113| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
7114| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
7115| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
7116| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
7117| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
7118| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
7119| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
7120| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
7121| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7122| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
7123| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7124| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
7125| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
7126| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
7127| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
7128| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
7129| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7130| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
7131| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
7132| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
7133| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
7134| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
7135| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
7136| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
7137| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
7138| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
7139| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
7140| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
7141| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
7142| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
7143| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
7144| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
7145| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
7146| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
7147| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
7148| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
7149| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
7150| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
7151| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
7152| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
7153| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7154| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
7155| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
7156| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
7157| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
7158| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
7159| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
7160| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
7161| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
7162| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
7163| [20527] Apache Mod_TCL Remote Format String Vulnerability
7164| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
7165| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
7166| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
7167| [19106] Apache Tomcat Information Disclosure Vulnerability
7168| [18138] Apache James SMTP Denial Of Service Vulnerability
7169| [17342] Apache Struts Multiple Remote Vulnerabilities
7170| [17095] Apache Log4Net Denial Of Service Vulnerability
7171| [16916] Apache mod_python FileSession Code Execution Vulnerability
7172| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
7173| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
7174| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
7175| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
7176| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
7177| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
7178| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
7179| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
7180| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
7181| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
7182| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
7183| [15177] PHP Apache 2 Local Denial of Service Vulnerability
7184| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
7185| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
7186| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
7187| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
7188| [14106] Apache HTTP Request Smuggling Vulnerability
7189| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
7190| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
7191| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
7192| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
7193| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
7194| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
7195| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
7196| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
7197| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
7198| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
7199| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
7200| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
7201| [11471] Apache mod_include Local Buffer Overflow Vulnerability
7202| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
7203| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
7204| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
7205| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
7206| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7207| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
7208| [11094] Apache mod_ssl Denial Of Service Vulnerability
7209| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
7210| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
7211| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
7212| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
7213| [10478] ClueCentral Apache Suexec Patch Security Weakness
7214| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
7215| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
7216| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
7217| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
7218| [9921] Apache Connection Blocking Denial Of Service Vulnerability
7219| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
7220| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
7221| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
7222| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
7223| [9733] Apache Cygwin Directory Traversal Vulnerability
7224| [9599] Apache mod_php Global Variables Information Disclosure Weakness
7225| [9590] Apache-SSL Client Certificate Forging Vulnerability
7226| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
7227| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
7228| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
7229| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
7230| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
7231| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
7232| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
7233| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
7234| [8898] Red Hat Apache Directory Index Default Configuration Error
7235| [8883] Apache Cocoon Directory Traversal Vulnerability
7236| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
7237| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
7238| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
7239| [8707] Apache htpasswd Password Entropy Weakness
7240| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
7241| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
7242| [8226] Apache HTTP Server Multiple Vulnerabilities
7243| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
7244| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
7245| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
7246| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
7247| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
7248| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
7249| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
7250| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
7251| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
7252| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
7253| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
7254| [7255] Apache Web Server File Descriptor Leakage Vulnerability
7255| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7256| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
7257| [6939] Apache Web Server ETag Header Information Disclosure Weakness
7258| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
7259| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
7260| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
7261| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
7262| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
7263| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
7264| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
7265| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
7266| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
7267| [6117] Apache mod_php File Descriptor Leakage Vulnerability
7268| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
7269| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
7270| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
7271| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
7272| [5992] Apache HTDigest Insecure Temporary File Vulnerability
7273| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
7274| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
7275| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
7276| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
7277| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
7278| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7279| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
7280| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
7281| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
7282| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
7283| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7284| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
7285| [5485] Apache 2.0 Path Disclosure Vulnerability
7286| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7287| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
7288| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
7289| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
7290| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
7291| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
7292| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
7293| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
7294| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
7295| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
7296| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
7297| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
7298| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
7299| [4437] Apache Error Message Cross-Site Scripting Vulnerability
7300| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
7301| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
7302| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
7303| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
7304| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
7305| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
7306| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
7307| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
7308| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
7309| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
7310| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
7311| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
7312| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
7313| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
7314| [3596] Apache Split-Logfile File Append Vulnerability
7315| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
7316| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
7317| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
7318| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
7319| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
7320| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
7321| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
7322| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
7323| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
7324| [3169] Apache Server Address Disclosure Vulnerability
7325| [3009] Apache Possible Directory Index Disclosure Vulnerability
7326| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
7327| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
7328| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
7329| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
7330| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
7331| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
7332| [2216] Apache Web Server DoS Vulnerability
7333| [2182] Apache /tmp File Race Vulnerability
7334| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
7335| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
7336| [1821] Apache mod_cookies Buffer Overflow Vulnerability
7337| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
7338| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
7339| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
7340| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
7341| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
7342| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
7343| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
7344| [1457] Apache::ASP source.asp Example Script Vulnerability
7345| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
7346| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
7347|
7348| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7349| [86258] Apache CloudStack text fields cross-site scripting
7350| [85983] Apache Subversion mod_dav_svn module denial of service
7351| [85875] Apache OFBiz UEL code execution
7352| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
7353| [85871] Apache HTTP Server mod_session_dbd unspecified
7354| [85756] Apache Struts OGNL expression command execution
7355| [85755] Apache Struts DefaultActionMapper class open redirect
7356| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
7357| [85574] Apache HTTP Server mod_dav denial of service
7358| [85573] Apache Struts Showcase App OGNL code execution
7359| [85496] Apache CXF denial of service
7360| [85423] Apache Geronimo RMI classloader code execution
7361| [85326] Apache Santuario XML Security for C++ buffer overflow
7362| [85323] Apache Santuario XML Security for Java spoofing
7363| [85319] Apache Qpid Python client SSL spoofing
7364| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
7365| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
7366| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
7367| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
7368| [84952] Apache Tomcat CVE-2012-3544 denial of service
7369| [84763] Apache Struts CVE-2013-2135 security bypass
7370| [84762] Apache Struts CVE-2013-2134 security bypass
7371| [84719] Apache Subversion CVE-2013-2088 command execution
7372| [84718] Apache Subversion CVE-2013-2112 denial of service
7373| [84717] Apache Subversion CVE-2013-1968 denial of service
7374| [84577] Apache Tomcat security bypass
7375| [84576] Apache Tomcat symlink
7376| [84543] Apache Struts CVE-2013-2115 security bypass
7377| [84542] Apache Struts CVE-2013-1966 security bypass
7378| [84154] Apache Tomcat session hijacking
7379| [84144] Apache Tomcat denial of service
7380| [84143] Apache Tomcat information disclosure
7381| [84111] Apache HTTP Server command execution
7382| [84043] Apache Virtual Computing Lab cross-site scripting
7383| [84042] Apache Virtual Computing Lab cross-site scripting
7384| [83782] Apache CloudStack information disclosure
7385| [83781] Apache CloudStack security bypass
7386| [83720] Apache ActiveMQ cross-site scripting
7387| [83719] Apache ActiveMQ denial of service
7388| [83718] Apache ActiveMQ denial of service
7389| [83263] Apache Subversion denial of service
7390| [83262] Apache Subversion denial of service
7391| [83261] Apache Subversion denial of service
7392| [83259] Apache Subversion denial of service
7393| [83035] Apache mod_ruid2 security bypass
7394| [82852] Apache Qpid federation_tag security bypass
7395| [82851] Apache Qpid qpid::framing::Buffer denial of service
7396| [82758] Apache Rave User RPC API information disclosure
7397| [82663] Apache Subversion svn_fs_file_length() denial of service
7398| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
7399| [82641] Apache Qpid AMQP denial of service
7400| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
7401| [82618] Apache Commons FileUpload symlink
7402| [82360] Apache HTTP Server manager interface cross-site scripting
7403| [82359] Apache HTTP Server hostnames cross-site scripting
7404| [82338] Apache Tomcat log/logdir information disclosure
7405| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
7406| [82268] Apache OpenJPA deserialization command execution
7407| [81981] Apache CXF UsernameTokens security bypass
7408| [81980] Apache CXF WS-Security security bypass
7409| [81398] Apache OFBiz cross-site scripting
7410| [81240] Apache CouchDB directory traversal
7411| [81226] Apache CouchDB JSONP code execution
7412| [81225] Apache CouchDB Futon user interface cross-site scripting
7413| [81211] Apache Axis2/C SSL spoofing
7414| [81167] Apache CloudStack DeployVM information disclosure
7415| [81166] Apache CloudStack AddHost API information disclosure
7416| [81165] Apache CloudStack createSSHKeyPair API information disclosure
7417| [80518] Apache Tomcat cross-site request forgery security bypass
7418| [80517] Apache Tomcat FormAuthenticator security bypass
7419| [80516] Apache Tomcat NIO denial of service
7420| [80408] Apache Tomcat replay-countermeasure security bypass
7421| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
7422| [80317] Apache Tomcat slowloris denial of service
7423| [79984] Apache Commons HttpClient SSL spoofing
7424| [79983] Apache CXF SSL spoofing
7425| [79830] Apache Axis2/Java SSL spoofing
7426| [79829] Apache Axis SSL spoofing
7427| [79809] Apache Tomcat DIGEST security bypass
7428| [79806] Apache Tomcat parseHeaders() denial of service
7429| [79540] Apache OFBiz unspecified
7430| [79487] Apache Axis2 SAML security bypass
7431| [79212] Apache Cloudstack code execution
7432| [78734] Apache CXF SOAP Action security bypass
7433| [78730] Apache Qpid broker denial of service
7434| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
7435| [78563] Apache mod_pagespeed module unspecified cross-site scripting
7436| [78562] Apache mod_pagespeed module security bypass
7437| [78454] Apache Axis2 security bypass
7438| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
7439| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
7440| [78321] Apache Wicket unspecified cross-site scripting
7441| [78183] Apache Struts parameters denial of service
7442| [78182] Apache Struts cross-site request forgery
7443| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
7444| [77987] mod_rpaf module for Apache denial of service
7445| [77958] Apache Struts skill name code execution
7446| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
7447| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
7448| [77568] Apache Qpid broker security bypass
7449| [77421] Apache Libcloud spoofing
7450| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
7451| [77046] Oracle Solaris Apache HTTP Server information disclosure
7452| [76837] Apache Hadoop information disclosure
7453| [76802] Apache Sling CopyFrom denial of service
7454| [76692] Apache Hadoop symlink
7455| [76535] Apache Roller console cross-site request forgery
7456| [76534] Apache Roller weblog cross-site scripting
7457| [76152] Apache CXF elements security bypass
7458| [76151] Apache CXF child policies security bypass
7459| [75983] MapServer for Windows Apache file include
7460| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
7461| [75558] Apache POI denial of service
7462| [75545] PHP apache_request_headers() buffer overflow
7463| [75302] Apache Qpid SASL security bypass
7464| [75211] Debian GNU/Linux apache 2 cross-site scripting
7465| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
7466| [74871] Apache OFBiz FlexibleStringExpander code execution
7467| [74870] Apache OFBiz multiple cross-site scripting
7468| [74750] Apache Hadoop unspecified spoofing
7469| [74319] Apache Struts XSLTResult.java file upload
7470| [74313] Apache Traffic Server header buffer overflow
7471| [74276] Apache Wicket directory traversal
7472| [74273] Apache Wicket unspecified cross-site scripting
7473| [74181] Apache HTTP Server mod_fcgid module denial of service
7474| [73690] Apache Struts OGNL code execution
7475| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
7476| [73100] Apache MyFaces in directory traversal
7477| [73096] Apache APR hash denial of service
7478| [73052] Apache Struts name cross-site scripting
7479| [73030] Apache CXF UsernameToken security bypass
7480| [72888] Apache Struts lastName cross-site scripting
7481| [72758] Apache HTTP Server httpOnly information disclosure
7482| [72757] Apache HTTP Server MPM denial of service
7483| [72585] Apache Struts ParameterInterceptor security bypass
7484| [72438] Apache Tomcat Digest security bypass
7485| [72437] Apache Tomcat Digest security bypass
7486| [72436] Apache Tomcat DIGEST security bypass
7487| [72425] Apache Tomcat parameter denial of service
7488| [72422] Apache Tomcat request object information disclosure
7489| [72377] Apache HTTP Server scoreboard security bypass
7490| [72345] Apache HTTP Server HTTP request denial of service
7491| [72229] Apache Struts ExceptionDelegator command execution
7492| [72089] Apache Struts ParameterInterceptor directory traversal
7493| [72088] Apache Struts CookieInterceptor command execution
7494| [72047] Apache Geronimo hash denial of service
7495| [72016] Apache Tomcat hash denial of service
7496| [71711] Apache Struts OGNL expression code execution
7497| [71654] Apache Struts interfaces security bypass
7498| [71620] Apache ActiveMQ failover denial of service
7499| [71617] Apache HTTP Server mod_proxy module information disclosure
7500| [71508] Apache MyFaces EL security bypass
7501| [71445] Apache HTTP Server mod_proxy security bypass
7502| [71203] Apache Tomcat servlets privilege escalation
7503| [71181] Apache HTTP Server ap_pregsub() denial of service
7504| [71093] Apache HTTP Server ap_pregsub() buffer overflow
7505| [70336] Apache HTTP Server mod_proxy information disclosure
7506| [69804] Apache HTTP Server mod_proxy_ajp denial of service
7507| [69472] Apache Tomcat AJP security bypass
7508| [69396] Apache HTTP Server ByteRange filter denial of service
7509| [69394] Apache Wicket multi window support cross-site scripting
7510| [69176] Apache Tomcat XML information disclosure
7511| [69161] Apache Tomcat jsvc information disclosure
7512| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
7513| [68541] Apache Tomcat sendfile information disclosure
7514| [68420] Apache XML Security denial of service
7515| [68238] Apache Tomcat JMX information disclosure
7516| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
7517| [67804] Apache Subversion control rules information disclosure
7518| [67803] Apache Subversion control rules denial of service
7519| [67802] Apache Subversion baselined denial of service
7520| [67672] Apache Archiva multiple cross-site scripting
7521| [67671] Apache Archiva multiple cross-site request forgery
7522| [67564] Apache APR apr_fnmatch() denial of service
7523| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
7524| [67515] Apache Tomcat annotations security bypass
7525| [67480] Apache Struts s:submit information disclosure
7526| [67414] Apache APR apr_fnmatch() denial of service
7527| [67356] Apache Struts javatemplates cross-site scripting
7528| [67354] Apache Struts Xwork cross-site scripting
7529| [66676] Apache Tomcat HTTP BIO information disclosure
7530| [66675] Apache Tomcat web.xml security bypass
7531| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
7532| [66241] Apache HttpComponents information disclosure
7533| [66154] Apache Tomcat ServletSecurity security bypass
7534| [65971] Apache Tomcat ServletSecurity security bypass
7535| [65876] Apache Subversion mod_dav_svn denial of service
7536| [65343] Apache Continuum unspecified cross-site scripting
7537| [65162] Apache Tomcat NIO connector denial of service
7538| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
7539| [65160] Apache Tomcat HTML Manager interface cross-site scripting
7540| [65159] Apache Tomcat ServletContect security bypass
7541| [65050] Apache CouchDB web-based administration UI cross-site scripting
7542| [64773] Oracle HTTP Server Apache Plugin unauthorized access
7543| [64473] Apache Subversion blame -g denial of service
7544| [64472] Apache Subversion walk() denial of service
7545| [64407] Apache Axis2 CVE-2010-0219 code execution
7546| [63926] Apache Archiva password privilege escalation
7547| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
7548| [63493] Apache Archiva credentials cross-site request forgery
7549| [63477] Apache Tomcat HttpOnly session hijacking
7550| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
7551| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
7552| [62959] Apache Shiro filters security bypass
7553| [62790] Apache Perl cgi module denial of service
7554| [62576] Apache Qpid exchange denial of service
7555| [62575] Apache Qpid AMQP denial of service
7556| [62354] Apache Qpid SSL denial of service
7557| [62235] Apache APR-util apr_brigade_split_line() denial of service
7558| [62181] Apache XML-RPC SAX Parser information disclosure
7559| [61721] Apache Traffic Server cache poisoning
7560| [61202] Apache Derby BUILTIN authentication functionality information disclosure
7561| [61186] Apache CouchDB Futon cross-site request forgery
7562| [61169] Apache CXF DTD denial of service
7563| [61070] Apache Jackrabbit search.jsp SQL injection
7564| [61006] Apache SLMS Quoting cross-site request forgery
7565| [60962] Apache Tomcat time cross-site scripting
7566| [60883] Apache mod_proxy_http information disclosure
7567| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
7568| [60264] Apache Tomcat Transfer-Encoding denial of service
7569| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
7570| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
7571| [59413] Apache mod_proxy_http timeout information disclosure
7572| [59058] Apache MyFaces unencrypted view state cross-site scripting
7573| [58827] Apache Axis2 xsd file include
7574| [58790] Apache Axis2 modules cross-site scripting
7575| [58299] Apache ActiveMQ queueBrowse cross-site scripting
7576| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
7577| [58056] Apache ActiveMQ .jsp source code disclosure
7578| [58055] Apache Tomcat realm name information disclosure
7579| [58046] Apache HTTP Server mod_auth_shadow security bypass
7580| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
7581| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
7582| [57429] Apache CouchDB algorithms information disclosure
7583| [57398] Apache ActiveMQ Web console cross-site request forgery
7584| [57397] Apache ActiveMQ createDestination.action cross-site scripting
7585| [56653] Apache HTTP Server DNS spoofing
7586| [56652] Apache HTTP Server DNS cross-site scripting
7587| [56625] Apache HTTP Server request header information disclosure
7588| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
7589| [56623] Apache HTTP Server mod_proxy_ajp denial of service
7590| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
7591| [55857] Apache Tomcat WAR files directory traversal
7592| [55856] Apache Tomcat autoDeploy attribute security bypass
7593| [55855] Apache Tomcat WAR directory traversal
7594| [55210] Intuit component for Joomla! Apache information disclosure
7595| [54533] Apache Tomcat 404 error page cross-site scripting
7596| [54182] Apache Tomcat admin default password
7597| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
7598| [53666] Apache HTTP Server Solaris pollset support denial of service
7599| [53650] Apache HTTP Server HTTP basic-auth module security bypass
7600| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
7601| [53041] mod_proxy_ftp module for Apache denial of service
7602| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
7603| [51953] Apache Tomcat Path Disclosure
7604| [51952] Apache Tomcat Path Traversal
7605| [51951] Apache stronghold-status Information Disclosure
7606| [51950] Apache stronghold-info Information Disclosure
7607| [51949] Apache PHP Source Code Disclosure
7608| [51948] Apache Multiviews Attack
7609| [51946] Apache JServ Environment Status Information Disclosure
7610| [51945] Apache error_log Information Disclosure
7611| [51944] Apache Default Installation Page Pattern Found
7612| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
7613| [51942] Apache AXIS XML External Entity File Retrieval
7614| [51941] Apache AXIS Sample Servlet Information Leak
7615| [51940] Apache access_log Information Disclosure
7616| [51626] Apache mod_deflate denial of service
7617| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
7618| [51365] Apache Tomcat RequestDispatcher security bypass
7619| [51273] Apache HTTP Server Incomplete Request denial of service
7620| [51195] Apache Tomcat XML information disclosure
7621| [50994] Apache APR-util xml/apr_xml.c denial of service
7622| [50993] Apache APR-util apr_brigade_vprintf denial of service
7623| [50964] Apache APR-util apr_strmatch_precompile() denial of service
7624| [50930] Apache Tomcat j_security_check information disclosure
7625| [50928] Apache Tomcat AJP denial of service
7626| [50884] Apache HTTP Server XML ENTITY denial of service
7627| [50808] Apache HTTP Server AllowOverride privilege escalation
7628| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7629| [50059] Apache mod_proxy_ajp information disclosure
7630| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7631| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7632| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7633| [49921] Apache ActiveMQ Web interface cross-site scripting
7634| [49898] Apache Geronimo Services/Repository directory traversal
7635| [49725] Apache Tomcat mod_jk module information disclosure
7636| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7637| [49712] Apache Struts unspecified cross-site scripting
7638| [49213] Apache Tomcat cal2.jsp cross-site scripting
7639| [48934] Apache Tomcat POST doRead method information disclosure
7640| [48211] Apache Tomcat header HTTP request smuggling
7641| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7642| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7643| [47709] Apache Roller "
7644| [47104] Novell Netware ApacheAdmin console security bypass
7645| [47086] Apache HTTP Server OS fingerprinting unspecified
7646| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7647| [45791] Apache Tomcat RemoteFilterValve security bypass
7648| [44435] Oracle WebLogic Apache Connector buffer overflow
7649| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7650| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7651| [44156] Apache Tomcat RequestDispatcher directory traversal
7652| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7653| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7654| [42987] Apache HTTP Server mod_proxy module denial of service
7655| [42915] Apache Tomcat JSP files path disclosure
7656| [42914] Apache Tomcat MS-DOS path disclosure
7657| [42892] Apache Tomcat unspecified unauthorized access
7658| [42816] Apache Tomcat Host Manager cross-site scripting
7659| [42303] Apache 403 error cross-site scripting
7660| [41618] Apache-SSL ExpandCert() authentication bypass
7661| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7662| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7663| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7664| [40562] Apache Geronimo init information disclosure
7665| [40478] Novell Web Manager webadmin-apache.conf security bypass
7666| [40411] Apache Tomcat exception handling information disclosure
7667| [40409] Apache Tomcat native (APR based) connector weak security
7668| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7669| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7670| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7671| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7672| [39804] Apache Tomcat SingleSignOn information disclosure
7673| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7674| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7675| [39608] Apache HTTP Server balancer manager cross-site request forgery
7676| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7677| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7678| [39472] Apache HTTP Server mod_status cross-site scripting
7679| [39201] Apache Tomcat JULI logging weak security
7680| [39158] Apache HTTP Server Windows SMB shares information disclosure
7681| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7682| [38951] Apache::AuthCAS Perl module cookie SQL injection
7683| [38800] Apache HTTP Server 413 error page cross-site scripting
7684| [38211] Apache Geronimo SQLLoginModule authentication bypass
7685| [37243] Apache Tomcat WebDAV directory traversal
7686| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7687| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7688| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7689| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7690| [36782] Apache Geronimo MEJB unauthorized access
7691| [36586] Apache HTTP Server UTF-7 cross-site scripting
7692| [36468] Apache Geronimo LoginModule security bypass
7693| [36467] Apache Tomcat functions.jsp cross-site scripting
7694| [36402] Apache Tomcat calendar cross-site request forgery
7695| [36354] Apache HTTP Server mod_proxy module denial of service
7696| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7697| [36336] Apache Derby lock table privilege escalation
7698| [36335] Apache Derby schema privilege escalation
7699| [36006] Apache Tomcat "
7700| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7701| [35999] Apache Tomcat \"
7702| [35795] Apache Tomcat CookieExample cross-site scripting
7703| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7704| [35384] Apache HTTP Server mod_cache module denial of service
7705| [35097] Apache HTTP Server mod_status module cross-site scripting
7706| [35095] Apache HTTP Server Prefork MPM module denial of service
7707| [34984] Apache HTTP Server recall_headers information disclosure
7708| [34966] Apache HTTP Server MPM content spoofing
7709| [34965] Apache HTTP Server MPM information disclosure
7710| [34963] Apache HTTP Server MPM multiple denial of service
7711| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7712| [34869] Apache Tomcat JSP example Web application cross-site scripting
7713| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7714| [34496] Apache Tomcat JK Connector security bypass
7715| [34377] Apache Tomcat hello.jsp cross-site scripting
7716| [34212] Apache Tomcat SSL configuration security bypass
7717| [34210] Apache Tomcat Accept-Language cross-site scripting
7718| [34209] Apache Tomcat calendar application cross-site scripting
7719| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7720| [34167] Apache Axis WSDL file path disclosure
7721| [34068] Apache Tomcat AJP connector information disclosure
7722| [33584] Apache HTTP Server suEXEC privilege escalation
7723| [32988] Apache Tomcat proxy module directory traversal
7724| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7725| [32708] Debian Apache tty privilege escalation
7726| [32441] ApacheStats extract() PHP call unspecified
7727| [32128] Apache Tomcat default account
7728| [31680] Apache Tomcat RequestParamExample cross-site scripting
7729| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7730| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7731| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7732| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7733| [29550] Apache mod_tcl set_var() format string
7734| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7735| [28357] Apache HTTP Server mod_alias script source information disclosure
7736| [28063] Apache mod_rewrite off-by-one buffer overflow
7737| [27902] Apache Tomcat URL information disclosure
7738| [26786] Apache James SMTP server denial of service
7739| [25680] libapache2 /tmp/svn file upload
7740| [25614] Apache Struts lookupMap cross-site scripting
7741| [25613] Apache Struts ActionForm denial of service
7742| [25612] Apache Struts isCancelled() security bypass
7743| [24965] Apache mod_python FileSession command execution
7744| [24716] Apache James spooler memory leak denial of service
7745| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7746| [24158] Apache Geronimo jsp-examples cross-site scripting
7747| [24030] Apache auth_ldap module multiple format strings
7748| [24008] Apache mod_ssl custom error message denial of service
7749| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7750| [23612] Apache mod_imap referer field cross-site scripting
7751| [23173] Apache Struts error message cross-site scripting
7752| [22942] Apache Tomcat directory listing denial of service
7753| [22858] Apache Multi-Processing Module code allows denial of service
7754| [22602] RHSA-2005:582 updates for Apache httpd not installed
7755| [22520] Apache mod-auth-shadow "
7756| [22466] ApacheTop symlink
7757| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7758| [22006] Apache HTTP Server byte-range filter denial of service
7759| [21567] Apache mod_ssl off-by-one buffer overflow
7760| [21195] Apache HTTP Server header HTTP request smuggling
7761| [20383] Apache HTTP Server htdigest buffer overflow
7762| [19681] Apache Tomcat AJP12 request denial of service
7763| [18993] Apache HTTP server check_forensic symlink attack
7764| [18790] Apache Tomcat Manager cross-site scripting
7765| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7766| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7767| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7768| [17961] Apache Web server ServerTokens has not been set
7769| [17930] Apache HTTP Server HTTP GET request denial of service
7770| [17785] Apache mod_include module buffer overflow
7771| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7772| [17473] Apache HTTP Server Satisfy directive allows access to resources
7773| [17413] Apache htpasswd buffer overflow
7774| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7775| [17382] Apache HTTP Server IPv6 apr_util denial of service
7776| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7777| [17273] Apache HTTP Server speculative mode denial of service
7778| [17200] Apache HTTP Server mod_ssl denial of service
7779| [16890] Apache HTTP Server server-info request has been detected
7780| [16889] Apache HTTP Server server-status request has been detected
7781| [16705] Apache mod_ssl format string attack
7782| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7783| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7784| [16230] Apache HTTP Server PHP denial of service
7785| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7786| [15958] Apache HTTP Server authentication modules memory corruption
7787| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7788| [15540] Apache HTTP Server socket starvation denial of service
7789| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7790| [15422] Apache HTTP Server mod_access information disclosure
7791| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7792| [15293] Apache for Cygwin "
7793| [15065] Apache-SSL has a default password
7794| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7795| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7796| [14751] Apache Mod_python output filter information disclosure
7797| [14125] Apache HTTP Server mod_userdir module information disclosure
7798| [14075] Apache HTTP Server mod_php file descriptor leak
7799| [13703] Apache HTTP Server account
7800| [13689] Apache HTTP Server configuration allows symlinks
7801| [13688] Apache HTTP Server configuration allows SSI
7802| [13687] Apache HTTP Server Server: header value
7803| [13685] Apache HTTP Server ServerTokens value
7804| [13684] Apache HTTP Server ServerSignature value
7805| [13672] Apache HTTP Server config allows directory autoindexing
7806| [13671] Apache HTTP Server default content
7807| [13670] Apache HTTP Server config file directive references outside content root
7808| [13668] Apache HTTP Server httpd not running in chroot environment
7809| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7810| [13664] Apache HTTP Server config file contains ScriptAlias entry
7811| [13663] Apache HTTP Server CGI support modules loaded
7812| [13661] Apache HTTP Server config file contains AddHandler entry
7813| [13660] Apache HTTP Server 500 error page not CGI script
7814| [13659] Apache HTTP Server 413 error page not CGI script
7815| [13658] Apache HTTP Server 403 error page not CGI script
7816| [13657] Apache HTTP Server 401 error page not CGI script
7817| [13552] Apache HTTP Server mod_cgid module information disclosure
7818| [13550] Apache GET request directory traversal
7819| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7820| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7821| [13429] Apache Tomcat non-HTTP request denial of service
7822| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7823| [13295] Apache weak password encryption
7824| [13254] Apache Tomcat .jsp cross-site scripting
7825| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7826| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7827| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7828| [12662] Apache HTTP Server rotatelogs denial of service
7829| [12554] Apache Tomcat stores password in plain text
7830| [12553] Apache HTTP Server redirects and subrequests denial of service
7831| [12552] Apache HTTP Server FTP proxy server denial of service
7832| [12551] Apache HTTP Server prefork MPM denial of service
7833| [12550] Apache HTTP Server weaker than expected encryption
7834| [12549] Apache HTTP Server type-map file denial of service
7835| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7836| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7837| [12091] Apache HTTP Server apr_password_validate denial of service
7838| [12090] Apache HTTP Server apr_psprintf code execution
7839| [11804] Apache HTTP Server mod_access_referer denial of service
7840| [11750] Apache HTTP Server could leak sensitive file descriptors
7841| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7842| [11703] Apache long slash path allows directory listing
7843| [11695] Apache HTTP Server LF (Line Feed) denial of service
7844| [11694] Apache HTTP Server filestat.c denial of service
7845| [11438] Apache HTTP Server MIME message boundaries information disclosure
7846| [11412] Apache HTTP Server error log terminal escape sequence injection
7847| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7848| [11195] Apache Tomcat web.xml could be used to read files
7849| [11194] Apache Tomcat URL appended with a null character could list directories
7850| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7851| [11126] Apache HTTP Server illegal character file disclosure
7852| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7853| [11124] Apache HTTP Server DOS device name denial of service
7854| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7855| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7856| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7857| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7858| [10499] Apache HTTP Server WebDAV HTTP POST view source
7859| [10457] Apache HTTP Server mod_ssl "
7860| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7861| [10414] Apache HTTP Server htdigest multiple buffer overflows
7862| [10413] Apache HTTP Server htdigest temporary file race condition
7863| [10412] Apache HTTP Server htpasswd temporary file race condition
7864| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7865| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7866| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7867| [10280] Apache HTTP Server shared memory scorecard overwrite
7868| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7869| [10241] Apache HTTP Server Host: header cross-site scripting
7870| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7871| [10208] Apache HTTP Server mod_dav denial of service
7872| [10206] HP VVOS Apache mod_ssl denial of service
7873| [10200] Apache HTTP Server stderr denial of service
7874| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7875| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7876| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7877| [10098] Slapper worm targets OpenSSL/Apache systems
7878| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7879| [9875] Apache HTTP Server .var file request could disclose installation path
7880| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7881| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7882| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7883| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7884| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7885| [9396] Apache Tomcat null character to threads denial of service
7886| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7887| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7888| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7889| [8932] Apache Tomcat example class information disclosure
7890| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7891| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7892| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7893| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7894| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7895| [8400] Apache HTTP Server mod_frontpage buffer overflows
7896| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7897| [8308] Apache "
7898| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7899| [8119] Apache and PHP OPTIONS request reveals "
7900| [8054] Apache is running on the system
7901| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7902| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7903| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7904| [7836] Apache HTTP Server log directory denial of service
7905| [7815] Apache for Windows "
7906| [7810] Apache HTTP request could result in unexpected behavior
7907| [7599] Apache Tomcat reveals installation path
7908| [7494] Apache "
7909| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7910| [7363] Apache Web Server hidden HTTP requests
7911| [7249] Apache mod_proxy denial of service
7912| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7913| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7914| [7059] Apache "
7915| [7057] Apache "
7916| [7056] Apache "
7917| [7055] Apache "
7918| [7054] Apache "
7919| [6997] Apache Jakarta Tomcat error message may reveal information
7920| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7921| [6970] Apache crafted HTTP request could reveal the internal IP address
7922| [6921] Apache long slash path allows directory listing
7923| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7924| [6527] Apache Web Server for Windows and OS2 denial of service
7925| [6316] Apache Jakarta Tomcat may reveal JSP source code
7926| [6305] Apache Jakarta Tomcat directory traversal
7927| [5926] Linux Apache symbolic link
7928| [5659] Apache Web server discloses files when used with php script
7929| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7930| [5204] Apache WebDAV directory listings
7931| [5197] Apache Web server reveals CGI script source code
7932| [5160] Apache Jakarta Tomcat default installation
7933| [5099] Trustix Secure Linux installs Apache with world writable access
7934| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7935| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7936| [4931] Apache source.asp example file allows users to write to files
7937| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7938| [4205] Apache Jakarta Tomcat delivers file contents
7939| [2084] Apache on Debian by default serves the /usr/doc directory
7940| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7941| [697] Apache HTTP server beck exploit
7942| [331] Apache cookies buffer overflow
7943|
7944| Exploit-DB - https://www.exploit-db.com:
7945| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7946| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7947| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7948| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7949| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7950| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7951| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7952| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7953| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7954| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7955| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7956| [29859] Apache Roller OGNL Injection
7957| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7958| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7959| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7960| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7961| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7962| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7963| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7964| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7965| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7966| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7967| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7968| [27096] Apache Geronimo 1.0 Error Page XSS
7969| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7970| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7971| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7972| [25986] Plesk Apache Zeroday Remote Exploit
7973| [25980] Apache Struts includeParams Remote Code Execution
7974| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7975| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7976| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7977| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7978| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7979| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7980| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7981| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7982| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7983| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7984| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7985| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7986| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7987| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7988| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7989| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7990| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7991| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7992| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7993| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7994| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7995| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7996| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7997| [21719] Apache 2.0 Path Disclosure Vulnerability
7998| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7999| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
8000| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
8001| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
8002| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
8003| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
8004| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
8005| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
8006| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
8007| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
8008| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
8009| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
8010| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
8011| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
8012| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
8013| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
8014| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
8015| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
8016| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
8017| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
8018| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
8019| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
8020| [20558] Apache 1.2 Web Server DoS Vulnerability
8021| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
8022| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
8023| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
8024| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
8025| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
8026| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
8027| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
8028| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
8029| [19231] PHP apache_request_headers Function Buffer Overflow
8030| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
8031| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
8032| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
8033| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
8034| [18442] Apache httpOnly Cookie Disclosure
8035| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
8036| [18221] Apache HTTP Server Denial of Service
8037| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
8038| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
8039| [17691] Apache Struts < 2.2.0 - Remote Command Execution
8040| [16798] Apache mod_jk 1.2.20 Buffer Overflow
8041| [16782] Apache Win32 Chunked Encoding
8042| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
8043| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
8044| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
8045| [15319] Apache 2.2 (Windows) Local Denial of Service
8046| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
8047| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8048| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
8049| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
8050| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
8051| [12330] Apache OFBiz - Multiple XSS
8052| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
8053| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
8054| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
8055| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
8056| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
8057| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
8058| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
8059| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
8060| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8061| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
8062| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
8063| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
8064| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
8065| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
8066| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
8067| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
8068| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
8069| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
8070| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
8071| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
8072| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
8073| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
8074| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
8075| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
8076| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
8077| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
8078| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
8079| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
8080| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
8081| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
8082| [466] htpasswd Apache 1.3.31 - Local Exploit
8083| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
8084| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
8085| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
8086| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
8087| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
8088| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
8089| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
8090| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
8091| [9] Apache HTTP Server 2.x Memory Leak Exploit
8092|
8093| OpenVAS (Nessus) - http://www.openvas.org:
8094| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
8095| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
8096| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
8097| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
8098| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
8099| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
8100| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
8101| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
8102| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
8103| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
8104| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
8105| [900571] Apache APR-Utils Version Detection
8106| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
8107| [900496] Apache Tiles Multiple XSS Vulnerability
8108| [900493] Apache Tiles Version Detection
8109| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
8110| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
8111| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
8112| [870175] RedHat Update for apache RHSA-2008:0004-01
8113| [864591] Fedora Update for apache-poi FEDORA-2012-10835
8114| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
8115| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
8116| [864250] Fedora Update for apache-poi FEDORA-2012-7683
8117| [864249] Fedora Update for apache-poi FEDORA-2012-7686
8118| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
8119| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
8120| [855821] Solaris Update for Apache 1.3 122912-19
8121| [855812] Solaris Update for Apache 1.3 122911-19
8122| [855737] Solaris Update for Apache 1.3 122911-17
8123| [855731] Solaris Update for Apache 1.3 122912-17
8124| [855695] Solaris Update for Apache 1.3 122911-16
8125| [855645] Solaris Update for Apache 1.3 122912-16
8126| [855587] Solaris Update for kernel update and Apache 108529-29
8127| [855566] Solaris Update for Apache 116973-07
8128| [855531] Solaris Update for Apache 116974-07
8129| [855524] Solaris Update for Apache 2 120544-14
8130| [855494] Solaris Update for Apache 1.3 122911-15
8131| [855478] Solaris Update for Apache Security 114145-11
8132| [855472] Solaris Update for Apache Security 113146-12
8133| [855179] Solaris Update for Apache 1.3 122912-15
8134| [855147] Solaris Update for kernel update and Apache 108528-29
8135| [855077] Solaris Update for Apache 2 120543-14
8136| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
8137| [850088] SuSE Update for apache2 SUSE-SA:2007:061
8138| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
8139| [841209] Ubuntu Update for apache2 USN-1627-1
8140| [840900] Ubuntu Update for apache2 USN-1368-1
8141| [840798] Ubuntu Update for apache2 USN-1259-1
8142| [840734] Ubuntu Update for apache2 USN-1199-1
8143| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
8144| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
8145| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
8146| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
8147| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
8148| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
8149| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
8150| [835253] HP-UX Update for Apache Web Server HPSBUX02645
8151| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
8152| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
8153| [835236] HP-UX Update for Apache with PHP HPSBUX02543
8154| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
8155| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
8156| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
8157| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
8158| [835188] HP-UX Update for Apache HPSBUX02308
8159| [835181] HP-UX Update for Apache With PHP HPSBUX02332
8160| [835180] HP-UX Update for Apache with PHP HPSBUX02342
8161| [835172] HP-UX Update for Apache HPSBUX02365
8162| [835168] HP-UX Update for Apache HPSBUX02313
8163| [835148] HP-UX Update for Apache HPSBUX01064
8164| [835139] HP-UX Update for Apache with PHP HPSBUX01090
8165| [835131] HP-UX Update for Apache HPSBUX00256
8166| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
8167| [835104] HP-UX Update for Apache HPSBUX00224
8168| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
8169| [835101] HP-UX Update for Apache HPSBUX01232
8170| [835080] HP-UX Update for Apache HPSBUX02273
8171| [835078] HP-UX Update for ApacheStrong HPSBUX00255
8172| [835044] HP-UX Update for Apache HPSBUX01019
8173| [835040] HP-UX Update for Apache PHP HPSBUX00207
8174| [835025] HP-UX Update for Apache HPSBUX00197
8175| [835023] HP-UX Update for Apache HPSBUX01022
8176| [835022] HP-UX Update for Apache HPSBUX02292
8177| [835005] HP-UX Update for Apache HPSBUX02262
8178| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
8179| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
8180| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
8181| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
8182| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
8183| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
8184| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
8185| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
8186| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
8187| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
8188| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
8189| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
8190| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
8191| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
8192| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
8193| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
8194| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
8195| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
8196| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
8197| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
8198| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
8199| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
8200| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
8201| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
8202| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
8203| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
8204| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
8205| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
8206| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
8207| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
8208| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
8209| [801942] Apache Archiva Multiple Vulnerabilities
8210| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
8211| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
8212| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
8213| [801284] Apache Derby Information Disclosure Vulnerability
8214| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
8215| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
8216| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
8217| [800680] Apache APR Version Detection
8218| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
8219| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
8220| [800677] Apache Roller Version Detection
8221| [800279] Apache mod_jk Module Version Detection
8222| [800278] Apache Struts Cross Site Scripting Vulnerability
8223| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
8224| [800276] Apache Struts Version Detection
8225| [800271] Apache Struts Directory Traversal Vulnerability
8226| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
8227| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
8228| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
8229| [103122] Apache Web Server ETag Header Information Disclosure Weakness
8230| [103074] Apache Continuum Cross Site Scripting Vulnerability
8231| [103073] Apache Continuum Detection
8232| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
8233| [101023] Apache Open For Business Weak Password security check
8234| [101020] Apache Open For Business HTML injection vulnerability
8235| [101019] Apache Open For Business service detection
8236| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
8237| [100923] Apache Archiva Detection
8238| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
8239| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
8240| [100813] Apache Axis2 Detection
8241| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
8242| [100795] Apache Derby Detection
8243| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
8244| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
8245| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
8246| [100514] Apache Multiple Security Vulnerabilities
8247| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
8248| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
8249| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
8250| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
8251| [72626] Debian Security Advisory DSA 2579-1 (apache2)
8252| [72612] FreeBSD Ports: apache22
8253| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
8254| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
8255| [71512] FreeBSD Ports: apache
8256| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
8257| [71256] Debian Security Advisory DSA 2452-1 (apache2)
8258| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
8259| [70737] FreeBSD Ports: apache
8260| [70724] Debian Security Advisory DSA 2405-1 (apache2)
8261| [70600] FreeBSD Ports: apache
8262| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
8263| [70235] Debian Security Advisory DSA 2298-2 (apache2)
8264| [70233] Debian Security Advisory DSA 2298-1 (apache2)
8265| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
8266| [69338] Debian Security Advisory DSA 2202-1 (apache2)
8267| [67868] FreeBSD Ports: apache
8268| [66816] FreeBSD Ports: apache
8269| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
8270| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
8271| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
8272| [66081] SLES11: Security update for Apache 2
8273| [66074] SLES10: Security update for Apache 2
8274| [66070] SLES9: Security update for Apache 2
8275| [65998] SLES10: Security update for apache2-mod_python
8276| [65893] SLES10: Security update for Apache 2
8277| [65888] SLES10: Security update for Apache 2
8278| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
8279| [65510] SLES9: Security update for Apache 2
8280| [65472] SLES9: Security update for Apache
8281| [65467] SLES9: Security update for Apache
8282| [65450] SLES9: Security update for apache2
8283| [65390] SLES9: Security update for Apache2
8284| [65363] SLES9: Security update for Apache2
8285| [65309] SLES9: Security update for Apache and mod_ssl
8286| [65296] SLES9: Security update for webdav apache module
8287| [65283] SLES9: Security update for Apache2
8288| [65249] SLES9: Security update for Apache 2
8289| [65230] SLES9: Security update for Apache 2
8290| [65228] SLES9: Security update for Apache 2
8291| [65212] SLES9: Security update for apache2-mod_python
8292| [65209] SLES9: Security update for apache2-worker
8293| [65207] SLES9: Security update for Apache 2
8294| [65168] SLES9: Security update for apache2-mod_python
8295| [65142] SLES9: Security update for Apache2
8296| [65136] SLES9: Security update for Apache 2
8297| [65132] SLES9: Security update for apache
8298| [65131] SLES9: Security update for Apache 2 oes/CORE
8299| [65113] SLES9: Security update for apache2
8300| [65072] SLES9: Security update for apache and mod_ssl
8301| [65017] SLES9: Security update for Apache 2
8302| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
8303| [64783] FreeBSD Ports: apache
8304| [64774] Ubuntu USN-802-2 (apache2)
8305| [64653] Ubuntu USN-813-2 (apache2)
8306| [64559] Debian Security Advisory DSA 1834-2 (apache2)
8307| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
8308| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
8309| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
8310| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
8311| [64443] Ubuntu USN-802-1 (apache2)
8312| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
8313| [64423] Debian Security Advisory DSA 1834-1 (apache2)
8314| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
8315| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
8316| [64251] Debian Security Advisory DSA 1816-1 (apache2)
8317| [64201] Ubuntu USN-787-1 (apache2)
8318| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
8319| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
8320| [63565] FreeBSD Ports: apache
8321| [63562] Ubuntu USN-731-1 (apache2)
8322| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
8323| [61185] FreeBSD Ports: apache
8324| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
8325| [60387] Slackware Advisory SSA:2008-045-02 apache
8326| [58826] FreeBSD Ports: apache-tomcat
8327| [58825] FreeBSD Ports: apache-tomcat
8328| [58804] FreeBSD Ports: apache
8329| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
8330| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
8331| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
8332| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
8333| [57335] Debian Security Advisory DSA 1167-1 (apache)
8334| [57201] Debian Security Advisory DSA 1131-1 (apache)
8335| [57200] Debian Security Advisory DSA 1132-1 (apache2)
8336| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
8337| [57145] FreeBSD Ports: apache
8338| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
8339| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
8340| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
8341| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
8342| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
8343| [56067] FreeBSD Ports: apache
8344| [55803] Slackware Advisory SSA:2005-310-04 apache
8345| [55519] Debian Security Advisory DSA 839-1 (apachetop)
8346| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
8347| [55355] FreeBSD Ports: apache
8348| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
8349| [55261] Debian Security Advisory DSA 805-1 (apache2)
8350| [55259] Debian Security Advisory DSA 803-1 (apache)
8351| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
8352| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
8353| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
8354| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
8355| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
8356| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
8357| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
8358| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
8359| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
8360| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
8361| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
8362| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
8363| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
8364| [54439] FreeBSD Ports: apache
8365| [53931] Slackware Advisory SSA:2004-133-01 apache
8366| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
8367| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
8368| [53878] Slackware Advisory SSA:2003-308-01 apache security update
8369| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
8370| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
8371| [53848] Debian Security Advisory DSA 131-1 (apache)
8372| [53784] Debian Security Advisory DSA 021-1 (apache)
8373| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
8374| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
8375| [53735] Debian Security Advisory DSA 187-1 (apache)
8376| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
8377| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
8378| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
8379| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
8380| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
8381| [53282] Debian Security Advisory DSA 594-1 (apache)
8382| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
8383| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
8384| [53215] Debian Security Advisory DSA 525-1 (apache)
8385| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
8386| [52529] FreeBSD Ports: apache+ssl
8387| [52501] FreeBSD Ports: apache
8388| [52461] FreeBSD Ports: apache
8389| [52390] FreeBSD Ports: apache
8390| [52389] FreeBSD Ports: apache
8391| [52388] FreeBSD Ports: apache
8392| [52383] FreeBSD Ports: apache
8393| [52339] FreeBSD Ports: apache+mod_ssl
8394| [52331] FreeBSD Ports: apache
8395| [52329] FreeBSD Ports: ru-apache+mod_ssl
8396| [52314] FreeBSD Ports: apache
8397| [52310] FreeBSD Ports: apache
8398| [15588] Detect Apache HTTPS
8399| [15555] Apache mod_proxy content-length buffer overflow
8400| [15554] Apache mod_include priviledge escalation
8401| [14771] Apache <= 1.3.33 htpasswd local overflow
8402| [14177] Apache mod_access rule bypass
8403| [13644] Apache mod_rootme Backdoor
8404| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
8405| [12280] Apache Connection Blocking Denial of Service
8406| [12239] Apache Error Log Escape Sequence Injection
8407| [12123] Apache Tomcat source.jsp malformed request information disclosure
8408| [12085] Apache Tomcat servlet/JSP container default files
8409| [11438] Apache Tomcat Directory Listing and File disclosure
8410| [11204] Apache Tomcat Default Accounts
8411| [11092] Apache 2.0.39 Win32 directory traversal
8412| [11046] Apache Tomcat TroubleShooter Servlet Installed
8413| [11042] Apache Tomcat DOS Device Name XSS
8414| [11041] Apache Tomcat /servlet Cross Site Scripting
8415| [10938] Apache Remote Command Execution via .bat files
8416| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
8417| [10773] MacOS X Finder reveals contents of Apache Web files
8418| [10766] Apache UserDir Sensitive Information Disclosure
8419| [10756] MacOS X Finder reveals contents of Apache Web directories
8420| [10752] Apache Auth Module SQL Insertion Attack
8421| [10704] Apache Directory Listing
8422| [10678] Apache /server-info accessible
8423| [10677] Apache /server-status accessible
8424| [10440] Check for Apache Multiple / vulnerability
8425|
8426| SecurityTracker - https://www.securitytracker.com:
8427| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
8428| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
8429| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
8430| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
8431| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8432| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8433| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8434| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
8435| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
8436| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
8437| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
8438| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
8439| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
8440| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
8441| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
8442| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
8443| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
8444| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
8445| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
8446| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
8447| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
8448| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
8449| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
8450| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
8451| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
8452| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8453| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
8454| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
8455| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
8456| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
8457| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
8458| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
8459| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
8460| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
8461| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
8462| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
8463| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
8464| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
8465| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
8466| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
8467| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
8468| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
8469| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
8470| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
8471| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
8472| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
8473| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
8474| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
8475| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
8476| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
8477| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
8478| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
8479| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
8480| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
8481| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
8482| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
8483| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
8484| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
8485| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
8486| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
8487| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
8488| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
8489| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
8490| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
8491| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
8492| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
8493| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
8494| [1024096] Apache mod_proxy_http May Return Results for a Different Request
8495| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
8496| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
8497| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
8498| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
8499| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
8500| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
8501| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
8502| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
8503| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
8504| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
8505| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
8506| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
8507| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
8508| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8509| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
8510| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
8511| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
8512| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
8513| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
8514| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
8515| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
8516| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
8517| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
8518| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
8519| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
8520| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
8521| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
8522| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
8523| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
8524| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
8525| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
8526| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
8527| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
8528| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
8529| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
8530| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
8531| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
8532| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
8533| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
8534| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
8535| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
8536| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
8537| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
8538| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
8539| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
8540| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
8541| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
8542| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
8543| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
8544| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
8545| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
8546| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
8547| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
8548| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
8549| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
8550| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
8551| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
8552| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
8553| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
8554| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
8555| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
8556| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
8557| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
8558| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
8559| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
8560| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
8561| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
8562| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
8563| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
8564| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
8565| [1008920] Apache mod_digest May Validate Replayed Client Responses
8566| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
8567| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
8568| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
8569| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
8570| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
8571| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
8572| [1008030] Apache mod_rewrite Contains a Buffer Overflow
8573| [1008029] Apache mod_alias Contains a Buffer Overflow
8574| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
8575| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
8576| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
8577| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
8578| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
8579| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
8580| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
8581| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
8582| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
8583| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
8584| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
8585| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
8586| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
8587| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
8588| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
8589| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
8590| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
8591| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
8592| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
8593| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
8594| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
8595| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
8596| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
8597| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
8598| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
8599| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
8600| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
8601| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
8602| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
8603| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
8604| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
8605| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
8606| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
8607| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
8608| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
8609| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
8610| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
8611| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
8612| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8613| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
8614| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
8615| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
8616| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
8617| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
8618| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
8619| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
8620| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
8621| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
8622| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
8623| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
8624| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8625| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8626| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8627| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8628| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8629| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8630|
8631| OSVDB - http://www.osvdb.org:
8632| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8633| [96077] Apache CloudStack Global Settings Multiple Field XSS
8634| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8635| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8636| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8637| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8638| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8639| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8640| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8641| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8642| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8643| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8644| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8645| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8646| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8647| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8648| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8649| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8650| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8651| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8652| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8653| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8654| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8655| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8656| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8657| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8658| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8659| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8660| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8661| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8662| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8663| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8664| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8665| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8666| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8667| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8668| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8669| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8670| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8671| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8672| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8673| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8674| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8675| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8676| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8677| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8678| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8679| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8680| [94279] Apache Qpid CA Certificate Validation Bypass
8681| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8682| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8683| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8684| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8685| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8686| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8687| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8688| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8689| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8690| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8691| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8692| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8693| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8694| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8695| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8696| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8697| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8698| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8699| [93541] Apache Solr json.wrf Callback XSS
8700| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8701| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8702| [93520] Apache CloudStack Default SSL Key Weakness
8703| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8704| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8705| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8706| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8707| [93515] Apache HBase table.jsp name Parameter XSS
8708| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8709| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8710| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8711| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8712| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8713| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8714| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8715| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8716| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8717| [93252] Apache Tomcat FORM Authenticator Session Fixation
8718| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8719| [93171] Apache Sling HtmlResponse Error Message XSS
8720| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8721| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8722| [93168] Apache Click ErrorReport.java id Parameter XSS
8723| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8724| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8725| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8726| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8727| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8728| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8729| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8730| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8731| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8732| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8733| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8734| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8735| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8736| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8737| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8738| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8739| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8740| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8741| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8742| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8743| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8744| [93144] Apache Solr Admin Command Execution CSRF
8745| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8746| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8747| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8748| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8749| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8750| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8751| [92748] Apache CloudStack VM Console Access Restriction Bypass
8752| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8753| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8754| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8755| [92706] Apache ActiveMQ Debug Log Rendering XSS
8756| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8757| [92270] Apache Tomcat Unspecified CSRF
8758| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8759| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8760| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8761| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8762| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8763| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8764| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8765| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8766| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8767| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8768| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8769| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8770| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8771| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8772| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8773| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8774| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8775| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8776| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8777| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8778| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8779| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8780| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8781| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8782| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8783| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8784| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8785| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8786| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8787| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8788| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8789| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8790| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8791| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8792| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8793| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8794| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8795| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8796| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8797| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8798| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8799| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8800| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8801| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8802| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8803| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8804| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8805| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8806| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8807| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8808| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8809| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8810| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8811| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8812| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8813| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8814| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8815| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8816| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8817| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8818| [86901] Apache Tomcat Error Message Path Disclosure
8819| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8820| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8821| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8822| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8823| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8824| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8825| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8826| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8827| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8828| [85430] Apache mod_pagespeed Module Unspecified XSS
8829| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8830| [85249] Apache Wicket Unspecified XSS
8831| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8832| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8833| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8834| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8835| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8836| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8837| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8838| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8839| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8840| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8841| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8842| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8843| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8844| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8845| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8846| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8847| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8848| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8849| [83339] Apache Roller Blogger Roll Unspecified XSS
8850| [83270] Apache Roller Unspecified Admin Action CSRF
8851| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8852| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8853| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8854| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8855| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8856| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8857| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8858| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8859| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8860| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8861| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8862| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8863| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8864| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8865| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8866| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8867| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8868| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8869| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8870| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8871| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8872| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8873| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8874| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8875| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8876| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8877| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8878| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8879| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8880| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8881| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8882| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8883| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8884| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8885| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8886| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8887| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8888| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8889| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8890| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8891| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8892| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8893| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8894| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8895| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8896| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8897| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8898| [77593] Apache Struts Conversion Error OGNL Expression Injection
8899| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8900| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8901| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8902| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8903| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8904| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8905| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8906| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8907| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8908| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8909| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8910| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8911| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8912| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8913| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8914| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8915| [74725] Apache Wicket Multi Window Support Unspecified XSS
8916| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8917| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8918| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8919| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8920| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8921| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8922| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8923| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8924| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8925| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8926| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8927| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8928| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8929| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8930| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8931| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8932| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8933| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8934| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8935| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8936| [73154] Apache Archiva Multiple Unspecified CSRF
8937| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8938| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8939| [72238] Apache Struts Action / Method Names <
8940| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8941| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8942| [71557] Apache Tomcat HTML Manager Multiple XSS
8943| [71075] Apache Archiva User Management Page XSS
8944| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8945| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8946| [70924] Apache Continuum Multiple Admin Function CSRF
8947| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8948| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8949| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8950| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8951| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8952| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8953| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8954| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8955| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8956| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8957| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8958| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8959| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8960| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8961| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8962| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8963| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8964| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8965| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8966| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8967| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8968| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8969| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8970| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8971| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8972| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8973| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8974| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8975| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8976| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8977| [65054] Apache ActiveMQ Jetty Error Handler XSS
8978| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8979| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8980| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8981| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8982| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8983| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8984| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8985| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8986| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8987| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8988| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8989| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8990| [63895] Apache HTTP Server mod_headers Unspecified Issue
8991| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8992| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8993| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8994| [63140] Apache Thrift Service Malformed Data Remote DoS
8995| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8996| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8997| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8998| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8999| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
9000| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
9001| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
9002| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
9003| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
9004| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
9005| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
9006| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
9007| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
9008| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
9009| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
9010| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
9011| [60678] Apache Roller Comment Email Notification Manipulation DoS
9012| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
9013| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
9014| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
9015| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
9016| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
9017| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
9018| [60232] PHP on Apache php.exe Direct Request Remote DoS
9019| [60176] Apache Tomcat Windows Installer Admin Default Password
9020| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
9021| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
9022| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
9023| [59944] Apache Hadoop jobhistory.jsp XSS
9024| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
9025| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
9026| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
9027| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
9028| [59019] Apache mod_python Cookie Salting Weakness
9029| [59018] Apache Harmony Error Message Handling Overflow
9030| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
9031| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
9032| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
9033| [59010] Apache Solr get-file.jsp XSS
9034| [59009] Apache Solr action.jsp XSS
9035| [59008] Apache Solr analysis.jsp XSS
9036| [59007] Apache Solr schema.jsp Multiple Parameter XSS
9037| [59006] Apache Beehive select / checkbox Tag XSS
9038| [59005] Apache Beehive jpfScopeID Global Parameter XSS
9039| [59004] Apache Beehive Error Message XSS
9040| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
9041| [59002] Apache Jetspeed default-page.psml URI XSS
9042| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
9043| [59000] Apache CXF Unsigned Message Policy Bypass
9044| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
9045| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
9046| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
9047| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
9048| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
9049| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
9050| [58993] Apache Hadoop browseBlock.jsp XSS
9051| [58991] Apache Hadoop browseDirectory.jsp XSS
9052| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
9053| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
9054| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
9055| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
9056| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
9057| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
9058| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
9059| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
9060| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
9061| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
9062| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
9063| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
9064| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
9065| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
9066| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
9067| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
9068| [58974] Apache Sling /apps Script User Session Management Access Weakness
9069| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
9070| [58931] Apache Geronimo Cookie Parameters Validation Weakness
9071| [58930] Apache Xalan-C++ XPath Handling Remote DoS
9072| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
9073| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
9074| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
9075| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
9076| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
9077| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
9078| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
9079| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
9080| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
9081| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
9082| [58805] Apache Derby Unauthenticated Database / Admin Access
9083| [58804] Apache Wicket Header Contribution Unspecified Issue
9084| [58803] Apache Wicket Session Fixation
9085| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
9086| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
9087| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
9088| [58799] Apache Tapestry Logging Cleartext Password Disclosure
9089| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
9090| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
9091| [58796] Apache Jetspeed Unsalted Password Storage Weakness
9092| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
9093| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
9094| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
9095| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
9096| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
9097| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
9098| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
9099| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
9100| [58775] Apache JSPWiki preview.jsp action Parameter XSS
9101| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9102| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
9103| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
9104| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
9105| [58770] Apache JSPWiki Group.jsp group Parameter XSS
9106| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
9107| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
9108| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
9109| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
9110| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
9111| [58763] Apache JSPWiki Include Tag Multiple Script XSS
9112| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
9113| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
9114| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
9115| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
9116| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
9117| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
9118| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
9119| [58755] Apache Harmony DRLVM Non-public Class Member Access
9120| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
9121| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
9122| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
9123| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
9124| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
9125| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
9126| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
9127| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
9128| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
9129| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
9130| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
9131| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
9132| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
9133| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
9134| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
9135| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
9136| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
9137| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
9138| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
9139| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
9140| [58725] Apache Tapestry Basic String ACL Bypass Weakness
9141| [58724] Apache Roller Logout Functionality Failure Session Persistence
9142| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
9143| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
9144| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
9145| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
9146| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
9147| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
9148| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
9149| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
9150| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
9151| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
9152| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
9153| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
9154| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
9155| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
9156| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
9157| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
9158| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
9159| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
9160| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
9161| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
9162| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
9163| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
9164| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
9165| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
9166| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
9167| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
9168| [58687] Apache Axis Invalid wsdl Request XSS
9169| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
9170| [58685] Apache Velocity Template Designer Privileged Code Execution
9171| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
9172| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
9173| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
9174| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
9175| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
9176| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
9177| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
9178| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
9179| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
9180| [58667] Apache Roller Database Cleartext Passwords Disclosure
9181| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
9182| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
9183| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
9184| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
9185| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
9186| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
9187| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
9188| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
9189| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
9190| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
9191| [56984] Apache Xerces2 Java Malformed XML Input DoS
9192| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
9193| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
9194| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
9195| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
9196| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
9197| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
9198| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
9199| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
9200| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
9201| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
9202| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
9203| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
9204| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
9205| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
9206| [55056] Apache Tomcat Cross-application TLD File Manipulation
9207| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
9208| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
9209| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
9210| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
9211| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
9212| [54589] Apache Jserv Nonexistent JSP Request XSS
9213| [54122] Apache Struts s:a / s:url Tag href Element XSS
9214| [54093] Apache ActiveMQ Web Console JMS Message XSS
9215| [53932] Apache Geronimo Multiple Admin Function CSRF
9216| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
9217| [53930] Apache Geronimo /console/portal/ URI XSS
9218| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
9219| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
9220| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
9221| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
9222| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
9223| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
9224| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
9225| [53380] Apache Struts Unspecified XSS
9226| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
9227| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
9228| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
9229| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
9230| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
9231| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
9232| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
9233| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
9234| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
9235| [51151] Apache Roller Search Function q Parameter XSS
9236| [50482] PHP with Apache php_value Order Unspecified Issue
9237| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
9238| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
9239| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
9240| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
9241| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
9242| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
9243| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
9244| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
9245| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
9246| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
9247| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
9248| [47096] Oracle Weblogic Apache Connector POST Request Overflow
9249| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
9250| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
9251| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
9252| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
9253| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
9254| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
9255| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
9256| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
9257| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
9258| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
9259| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
9260| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
9261| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
9262| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
9263| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
9264| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
9265| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
9266| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
9267| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
9268| [43452] Apache Tomcat HTTP Request Smuggling
9269| [43309] Apache Geronimo LoginModule Login Method Bypass
9270| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
9271| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
9272| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
9273| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
9274| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
9275| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
9276| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
9277| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
9278| [42091] Apache Maven Site Plugin Installation Permission Weakness
9279| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
9280| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
9281| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
9282| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
9283| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
9284| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
9285| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
9286| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
9287| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
9288| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
9289| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
9290| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
9291| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
9292| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
9293| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
9294| [40262] Apache HTTP Server mod_status refresh XSS
9295| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
9296| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
9297| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
9298| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
9299| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
9300| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
9301| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
9302| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
9303| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
9304| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
9305| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
9306| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
9307| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
9308| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
9309| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
9310| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
9311| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
9312| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
9313| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
9314| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
9315| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
9316| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
9317| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
9318| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
9319| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
9320| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
9321| [36080] Apache Tomcat JSP Examples Crafted URI XSS
9322| [36079] Apache Tomcat Manager Uploaded Filename XSS
9323| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
9324| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
9325| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
9326| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
9327| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
9328| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
9329| [34881] Apache Tomcat Malformed Accept-Language Header XSS
9330| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
9331| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
9332| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
9333| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
9334| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
9335| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
9336| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
9337| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
9338| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
9339| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
9340| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
9341| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
9342| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
9343| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
9344| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
9345| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
9346| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
9347| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
9348| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
9349| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
9350| [32724] Apache mod_python _filter_read Freed Memory Disclosure
9351| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
9352| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
9353| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
9354| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
9355| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
9356| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
9357| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
9358| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
9359| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
9360| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
9361| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
9362| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
9363| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
9364| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
9365| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
9366| [24365] Apache Struts Multiple Function Error Message XSS
9367| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
9368| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
9369| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
9370| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
9371| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
9372| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
9373| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
9374| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
9375| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
9376| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
9377| [22459] Apache Geronimo Error Page XSS
9378| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
9379| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
9380| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
9381| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
9382| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
9383| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
9384| [21021] Apache Struts Error Message XSS
9385| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
9386| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
9387| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
9388| [20439] Apache Tomcat Directory Listing Saturation DoS
9389| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
9390| [20285] Apache HTTP Server Log File Control Character Injection
9391| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
9392| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
9393| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
9394| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
9395| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
9396| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
9397| [19821] Apache Tomcat Malformed Post Request Information Disclosure
9398| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
9399| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
9400| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
9401| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
9402| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
9403| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
9404| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
9405| [18233] Apache HTTP Server htdigest user Variable Overfow
9406| [17738] Apache HTTP Server HTTP Request Smuggling
9407| [16586] Apache HTTP Server Win32 GET Overflow DoS
9408| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
9409| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
9410| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
9411| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
9412| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
9413| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
9414| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
9415| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
9416| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
9417| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
9418| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
9419| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
9420| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
9421| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
9422| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
9423| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
9424| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
9425| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
9426| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
9427| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
9428| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
9429| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
9430| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
9431| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
9432| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
9433| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
9434| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
9435| [13304] Apache Tomcat realPath.jsp Path Disclosure
9436| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
9437| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
9438| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
9439| [12848] Apache HTTP Server htdigest realm Variable Overflow
9440| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
9441| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
9442| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
9443| [12557] Apache HTTP Server prefork MPM accept Error DoS
9444| [12233] Apache Tomcat MS-DOS Device Name Request DoS
9445| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
9446| [12231] Apache Tomcat web.xml Arbitrary File Access
9447| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
9448| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
9449| [12178] Apache Jakarta Lucene results.jsp XSS
9450| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
9451| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
9452| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
9453| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
9454| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
9455| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
9456| [10471] Apache Xerces-C++ XML Parser DoS
9457| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
9458| [10068] Apache HTTP Server htpasswd Local Overflow
9459| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
9460| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
9461| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
9462| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
9463| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
9464| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
9465| [9717] Apache HTTP Server mod_cookies Cookie Overflow
9466| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
9467| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
9468| [9714] Apache Authentication Module Threaded MPM DoS
9469| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
9470| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
9471| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
9472| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
9473| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
9474| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
9475| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
9476| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
9477| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
9478| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
9479| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
9480| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
9481| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
9482| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
9483| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
9484| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
9485| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
9486| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
9487| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
9488| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
9489| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
9490| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
9491| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
9492| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
9493| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
9494| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
9495| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
9496| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
9497| [9208] Apache Tomcat .jsp Encoded Newline XSS
9498| [9204] Apache Tomcat ROOT Application XSS
9499| [9203] Apache Tomcat examples Application XSS
9500| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
9501| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
9502| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
9503| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
9504| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
9505| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
9506| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
9507| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
9508| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
9509| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
9510| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
9511| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
9512| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
9513| [7611] Apache HTTP Server mod_alias Local Overflow
9514| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
9515| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
9516| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
9517| [6882] Apache mod_python Malformed Query String Variant DoS
9518| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
9519| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
9520| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
9521| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
9522| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
9523| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
9524| [5526] Apache Tomcat Long .JSP URI Path Disclosure
9525| [5278] Apache Tomcat web.xml Restriction Bypass
9526| [5051] Apache Tomcat Null Character DoS
9527| [4973] Apache Tomcat servlet Mapping XSS
9528| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
9529| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
9530| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
9531| [4568] mod_survey For Apache ENV Tags SQL Injection
9532| [4553] Apache HTTP Server ApacheBench Overflow DoS
9533| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
9534| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
9535| [4383] Apache HTTP Server Socket Race Condition DoS
9536| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
9537| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
9538| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
9539| [4231] Apache Cocoon Error Page Server Path Disclosure
9540| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
9541| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
9542| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
9543| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
9544| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
9545| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
9546| [3322] mod_php for Apache HTTP Server Process Hijack
9547| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
9548| [2885] Apache mod_python Malformed Query String DoS
9549| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
9550| [2733] Apache HTTP Server mod_rewrite Local Overflow
9551| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
9552| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
9553| [2149] Apache::Gallery Privilege Escalation
9554| [2107] Apache HTTP Server mod_ssl Host: Header XSS
9555| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
9556| [1833] Apache HTTP Server Multiple Slash GET Request DoS
9557| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
9558| [872] Apache Tomcat Multiple Default Accounts
9559| [862] Apache HTTP Server SSI Error Page XSS
9560| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
9561| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
9562| [845] Apache Tomcat MSDOS Device XSS
9563| [844] Apache Tomcat Java Servlet Error Page XSS
9564| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
9565| [838] Apache HTTP Server Chunked Encoding Remote Overflow
9566| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
9567| [775] Apache mod_python Module Importing Privilege Function Execution
9568| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
9569| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
9570| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
9571| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
9572| [637] Apache HTTP Server UserDir Directive Username Enumeration
9573| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
9574| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
9575| [562] Apache HTTP Server mod_info /server-info Information Disclosure
9576| [561] Apache Web Servers mod_status /server-status Information Disclosure
9577| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
9578| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
9579| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
9580| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
9581| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
9582| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
9583| [376] Apache Tomcat contextAdmin Arbitrary File Access
9584| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
9585| [222] Apache HTTP Server test-cgi Arbitrary File Access
9586| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
9587| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
9588|_
9589139/tcp closed netbios-ssn
9590443/tcp closed https
9591445/tcp closed microsoft-ds
9592#####################################################################################################################################
9593 Anonymous JTSEC #OpWhales Full Recon #36