· 6 years ago · Jan 04, 2020, 08:36 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.svs.gob.cl ISP INTESIS CHILE S.A
4Continent South America Flag
5CL
6Country Chile Country Code CL
7Region Santiago Metropolitan Local time 04 Jan 2020 16:44 -03
8City San Miguel Postal Code Unknown
9IP Address 201.131.38.40 Latitude -33.5
10 Longitude -70.667
11
12=======================================================================================================================================
13#######################################################################################################################################
14> www.svs.gob.cl
15Server: 38.132.106.139
16Address: 38.132.106.139#53
17
18Non-authoritative answer:
19www.svs.gob.cl canonical name = canelo.svs.gob.cl.
20Name: canelo.svs.gob.cl
21Address: 201.131.38.40
22>
23######################################################################################################################################
24
25inetnum: 201.131.38.32/28
26status: reassigned
27owner: SVS
28ownerid: CL-SVSS-LACNIC
29responsible: sebastian hernandez
30address: eliodoro yañez, 2238,
31address: 1234567 - santiago - rm
32country: CL
33phone: +56 02 27133600 []
34owner-c: SEH9
35tech-c: SEH9
36abuse-c: SEH9
37created: 20141223
38changed: 20141223
39inetnum-up: 201.131.38/23
40
41nic-hdl: SEH9
42person: Redes TI
43e-mail: mlopezr@GRUPOGTD.COM
44address: Eliodoro Yanez, 2238, -
45address: 7510354 - Santiago - RM
46country: CL
47phone: +56 0227133600 [3652]
48created: 20130212
49changed: 20181217
50#######################################################################################################################################
51[+] Target : www.svs.gob.cl
52
53[+] IP Address : 201.131.38.40
54
55[+] Headers :
56
57[+] Date : Sat, 04 Jan 2020 19:50:15 GMT
58[+] Server : Apache
59[+] Content-Length : 321
60[+] Keep-Alive : timeout=10, max=850
61[+] Connection : Keep-Alive
62[+] Content-Type : text/html; charset=iso-8859-1
63[+] Set-Cookie : cookiesession1=0786DB2C9MPGVKJL4QDUQRJ2FSDCDCF8;Path=/;HttpOnly
64
65[+] SSL Certificate Information :
66
67[+] businessCategory : Government Entity
68[+] jurisdictionCountryName : CL
69[+] serialNumber : 60810000-8
70[+] countryName : CL
71[+] localityName : Santiago
72[+] organizationName : Superintendencia de Valores y Seguros
73[+] commonName : www.svs.cl
74[+] countryName : US
75[+] organizationName : DigiCert Inc
76[+] organizationalUnitName : www.digicert.com
77[+] commonName : DigiCert SHA2 Extended Validation Server CA
78[+] Version : 3
79[+] Serial Number : 0213C2EC096939C73EC1D72D02EE0FDD
80[+] Not Before : Dec 27 00:00:00 2017 GMT
81[+] Not After : Feb 25 12:00:00 2020 GMT
82[+] OCSP : ('http://ocsp.digicert.com',)
83[+] subject Alt Name : (('DNS', 'www.svs.cl'), ('DNS', 'svs.cl'))
84[+] CA Issuers : ('http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt',)
85[+] CRL Distribution Points : ('http://crl3.digicert.com/sha2-ev-server-g2.crl', 'http://crl4.digicert.com/sha2-ev-server-g2.crl')
86
87[+] Whois Lookup :
88
89[+] NIR : None
90[+] ASN Registry : lacnic
91[+] ASN : 263688
92[+] ASN CIDR : 201.131.38.0/23
93[+] ASN Country Code : CL
94[+] ASN Date : 2014-10-02
95[+] ASN Description : INTESIS CHILE S.A, CL
96[+] cidr : 201.131.38.32/28
97[+] name : None
98[+] handle : SEH9
99[+] range : 201.131.38.32 - 201.131.38.47
100[+] description : SVS
101[+] country : CL
102[+] state : None
103[+] city : None
104[+] address : None
105[+] postal_code : None
106[+] emails : ['mlopezr@GRUPOGTD.COM']
107[+] created : 20141223
108[+] updated : 20141223
109
110[+] Crawling Target...
111
112[+] Looking for robots.txt........[ 403 ]
113[+] Looking for sitemap.xml.......[ Not Found ]
114[+] Extracting CSS Links..........[ 4 ]
115[+] Extracting Javascript Links...[ 4 ]
116[+] Extracting Internal Links.....[ 0 ]
117[+] Extracting External Links.....[ 30 ]
118[+] Extracting Images.............[ 11 ]
119
120[+] Total Links Extracted : 49
121
122[+] Dumping Links in /opt/FinalRecon/dumps/www.svs.gob.cl.dump
123[+] Completed!
124######################################################################################################################################
125[i] Scanning Site: http://201.131.38.40
126
127
128
129B A S I C I N F O
130====================
131
132
133[+] Site Title: Comisión para el Mercado Financiero de Chile (CMF Chile)
134[+] IP address: 201.131.38.40
135[+] Web Server: Apache
136[+] CMS: Could Not Detect
137[+] Cloudflare: Not Detected
138[+] Robots File: Could NOT Find robots.txt!
139
140
141
142
143W H O I S L O O K U P
144========================
145
146 % This is the RIPE Database query service.
147% The objects are in RPSL format.
148%
149% The RIPE Database is subject to Terms and Conditions.
150% See http://www.ripe.net/db/support/db-terms-conditions.pdf
151
152% Note: this output has been filtered.
153% To receive output for a database update, use the "-B" flag.
154
155% Information related to '199.250.160.0 - 202.0.76.255'
156
157% No abuse contact registered for 199.250.160.0 - 202.0.76.255
158
159inetnum: 199.250.160.0 - 202.0.76.255
160netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
161descr: IPv4 address block not managed by the RIPE NCC
162remarks: ------------------------------------------------------
163remarks:
164remarks: For registration information,
165remarks: you can consult the following sources:
166remarks:
167remarks: IANA
168remarks: http://www.iana.org/assignments/ipv4-address-space
169remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
170remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
171remarks:
172remarks: AFRINIC (Africa)
173remarks: http://www.afrinic.net/ whois.afrinic.net
174remarks:
175remarks: APNIC (Asia Pacific)
176remarks: http://www.apnic.net/ whois.apnic.net
177remarks:
178remarks: ARIN (Northern America)
179remarks: http://www.arin.net/ whois.arin.net
180remarks:
181remarks: LACNIC (Latin America and the Carribean)
182remarks: http://www.lacnic.net/ whois.lacnic.net
183remarks:
184remarks: ------------------------------------------------------
185country: EU # Country is really world wide
186admin-c: IANA1-RIPE
187tech-c: IANA1-RIPE
188status: ALLOCATED UNSPECIFIED
189mnt-by: RIPE-NCC-HM-MNT
190created: 2019-01-07T10:44:53Z
191last-modified: 2019-01-07T10:44:53Z
192source: RIPE
193
194% This query was served by the RIPE Database Query Service version 1.96 (HEREFORD)
195
196
197
198
199
200
201G E O I P L O O K U P
202=========================
203
204[i] IP Address: 201.131.38.40
205[i] Country: Chile
206[i] State:
207[i] City:
208[i] Latitude: -33.4378
209[i] Longitude: -70.6503
210
211
212
213
214H T T P H E A D E R S
215=======================
216
217
218[i] HTTP/1.1 200 OK
219[i] Date: Sat, 04 Jan 2020 19:51:07 GMT
220[i] Server: Apache
221[i] Last-Modified: Fri, 20 Dec 2019 17:49:17 GMT
222[i] Accept-Ranges: bytes
223[i] Content-Length: 14518
224[i] Access-Control-Allow-Origin: http://www.cmfchile.cl
225[i] Connection: close
226[i] Content-Type: text/html; charset=UTF-8
227[i] Set-Cookie: cookiesession1=0786DB2CJBMTROIEAPDFPPLIRIXEBEE9;Path=/;HttpOnly
228
229
230
231
232D N S L O O K U P
233===================
234
235no records found
236
237
238
239S U B N E T C A L C U L A T I O N
240====================================
241
242Address = 201.131.38.40
243Network = 201.131.38.40 / 32
244Netmask = 255.255.255.255
245Broadcast = not needed on Point-to-Point links
246Wildcard Mask = 0.0.0.0
247Hosts Bits = 0
248Max. Hosts = 1 (2^0 - 0)
249Host Range = { 201.131.38.40 - 201.131.38.40 }
250
251
252
253N M A P P O R T S C A N
254============================
255
256Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-04 19:51 UTC
257Nmap scan report for 201.131.38.40
258Host is up (0.15s latency).
259
260PORT STATE SERVICE
26121/tcp filtered ftp
26222/tcp filtered ssh
26323/tcp filtered telnet
26480/tcp open http
265110/tcp filtered pop3
266143/tcp filtered imap
267443/tcp open https
2683389/tcp filtered ms-wbt-server
269
270Nmap done: 1 IP address (1 host up) scanned in 2.85 seconds
271
272#######################################################################################################################################
273[+] Starting At 2020-01-04 14:51:15.192256
274[+] Collecting Information On: http://www.svs.gob.cl/
275[#] Status: 200
276--------------------------------------------------
277[#] Web Server Detected: Apache
278[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
279- Date: Sat, 04 Jan 2020 19:51:14 GMT
280- Server: Apache
281- Last-Modified: Fri, 20 Dec 2019 17:49:17 GMT
282- Accept-Ranges: bytes
283- Content-Length: 14518
284- Access-Control-Allow-Origin: http://www.cmfchile.cl
285- Keep-Alive: timeout=10, max=850
286- Connection: Keep-Alive
287- Content-Type: text/html; charset=UTF-8
288- Set-Cookie: cookiesession1=0786DB2CEN38JLH1IBHVSRCAUREG130B;Path=/;HttpOnly
289--------------------------------------------------
290[#] Finding Location..!
291[#] status: fail
292[#] message: invalid query
293[#] query: svs.gob.cl
294--------------------------------------------------
295[x] Didn't Detect WAF Presence on: http://www.svs.gob.cl/
296--------------------------------------------------
297[#] Starting Reverse DNS
298[-] Failed ! Fail
299--------------------------------------------------
300[!] Scanning Open Port
301--------------------------------------------------
302[+] Getting SSL Info
303[Errno -2] Name or service not known
304--------------------------------------------------
305[+] Collecting Information Disclosure!
306[#] Detecting sitemap.xml file
307[-] sitemap.xml file not Found!?
308[#] Detecting robots.txt file
309[!] robots.txt File Found: http://www.svs.gob.cl//robots.txt
310[#] Detecting GNU Mailman
311[-] GNU Mailman App Not Detected!?
312--------------------------------------------------
313[+] Crawling Url Parameter On: http://www.svs.gob.cl/
314--------------------------------------------------
315[#] Searching Html Form !
316[-] No Html Form Found!?
317--------------------------------------------------
318[-] No DOM Paramter Found!?
319--------------------------------------------------
320[-] No internal Dynamic Parameter Found!?
321--------------------------------------------------
322[!] 9 External Dynamic Parameter Discovered
323[#] https://fonts.googleapis.com/css?family=Muli:400,700
324[#] http://extranet.sbif.cl/extmanuals/edocs.do?_appl=extranet
325[#] http://extranet.sbif.cl/extmanuals/edocs.do?_appl=extranet
326[#] https://www.sbif.cl/sbifweb/servlet/Portada?indice=0.0
327[#] https://www.sbif.cl/sbifweb/servlet/Portada?indice=0.0
328[#] https://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=AE009
329[#] https://www.portaltransparencia.cl/PortalPdT/web/guest/directorio-de-organismos-regulados?p_p_id=pdtorganismos_WAR_pdtorganismosportlet&orgcode=b66b4f60efa5e25a62b0af6a514f4f88
330[#] https://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=AE009
331[#] https://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=AE009
332--------------------------------------------------
333[!] 6 Internal links Discovered
334[+] http://www.svs.gob.cl//CMF-assets/css/bootstrap.min.css
335[+] http://www.svs.gob.cl//CMF-assets/css/bootstrap-grid.min.css
336[+] http://www.svs.gob.cl//CMF-assets/css/bootstrap-reboot.min.css
337[+] http://www.svs.gob.cl//CMF-assets/css/style-CMF.css
338[+] http://www.svs.gob.cl//CMF-assets/favicon/favicon.ico
339[+] http://www.svs.gob.cl//ver-mas.html
340--------------------------------------------------
341[!] 40 External links Discovered
342[#] https://www.svs.cl/institucional/seil/conecta_seil.php
343[#] https://www.svs.cl/institucional/seil/conecta_seil.php
344[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
345[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
346[#] http://www.cmfchile.cl/
347[#] http://www.cmfchile.cl/
348[#] https://www.cmfmascerca.cl/mascerca/601/w3-channel.html
349[#] http://www.cmfchile.cl/institucional/mercados/cmfsp_index.php
350[#] http://www.cmfchile.cl/portal/principal/605/w3-channel.html
351[#] http://www.cmfchile.cl/portal/principal/605/w3-channel.html
352[#] http://www.cmfchile.cl/portal/principal/605/w3-article-16237.html
353[#] http://www.gob.cl/
354[#] http://www.hacienda.cl/
355[#] http://www.bcentral.cl/
356[#] http://www.spensiones.cl/
357[#] http://www.cssf.cl/
358[#] http://www.uaf.cl/
359[#] http://www.cmfchile.cl/sitio/siac2/ingresoWebCiudadano.php
360[#] https://www.cmfeduca.cl/educa/600/w3-channel.html
361[#] https://www.cmfmascerca.cl/mascerca/601/w3-channel.html
362[#] http://www.conocetuseguro.cl/603/w3-channel.html
363[#] https://www.clientebancario.cl/
364[#] http://www.cronologiabancaria.cl/
365[#] http://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-25539.html
366[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
367[#] https://www.leylobby.gob.cl/instituciones/AE009/cargos-pasivos
368[#] https://www.chileatiende.gob.cl/instituciones/AE009
369[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1833.html
370[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1832.html
371[#] http://www.cmfchile.cl/
372[#] http://www.cmfchile.cl/portal/principal/605/w3-article-26850.html
373[#] https://twitter.com/CMFChile_
374[#] https://www.cmfchile.cl/
375[#] http://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-25539.html
376[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
377[#] https://www.leylobby.gob.cl/instituciones/AE009/cargos-pasivos
378[#] https://www.chileatiende.gob.cl/instituciones/AE009
379[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1833.html
380[#] http://www.cmfchile.cl/portal/principal/605/w3-article-1832.html
381[#] http://www.cmfchile.cl/portal/principal/605/w3-article-26850.html
382--------------------------------------------------
383[#] Mapping Subdomain..
384[-] No Any Subdomain Found
385[!] Found 0 Subdomain
386--------------------------------------------------
387[!] Done At 2020-01-04 14:51:24.258628
388######################################################################################################################################
389[INFO] ------TARGET info------
390[*] TARGET: http://www.svs.gob.cl/
391[*] TARGET IP: 201.131.38.40
392[INFO] NO load balancer detected for www.svs.gob.cl...
393[*] DNS servers: canelo.svs.gob.cl. araucaria.svs.gob.cl.
394[*] TARGET server: Apache
395[*] CC: CL
396[*] Country: Chile
397[*] RegionCode: RM
398[*] RegionName: Santiago Metropolitan
399[*] City: San Miguel
400[*] ASN: AS263688
401[*] BGP_PREFIX: 201.131.38.0/23
402[*] ISP: INTESIS CHILE S.A, CL
403[INFO] DNS enumeration:
404[*] mail.svs.gob.cl ulmo.svs.gob.cl. 201.131.38.37
405[*] ns2.svs.gob.cl 200.73.32.70
406[INFO] Possible abuse mails are:
407[*] abuse@gob.cl
408[*] abuse@svs.gob.cl
409[*] abuse@www.svs.gob.cl
410[*] mlopezr@grupogtd.com
411[INFO] NO PAC (Proxy Auto Configuration) file FOUND
412[INFO] Starting FUZZing in http://www.svs.gob.cl/FUzZzZzZzZz...
413[INFO] Status code Folders
414[*] 200 http://www.svs.gob.cl/index
415[ALERT] Look in the source code. It may contain passwords
416[INFO] SAME content in http://www.svs.gob.cl/ AND http://201.131.38.40/
417[INFO] Links found from http://www.svs.gob.cl/:
418[*] http://extranet.sbif.cl/extmanuals/edocs.do?_appl=extranet
419[*] https://twitter.com/CMFChile_
420[*] https://www.chileatiende.gob.cl/instituciones/AE009
421[*] https://www.clientebancario.cl/
422[*] https://www.cmfchile.cl/
423[*] https://www.cmfeduca.cl/educa/600/w3-channel.html
424[*] https://www.cmfmascerca.cl/mascerca/601/w3-channel.html
425[*] https://www.leylobby.gob.cl/instituciones/AE009/cargos-pasivos
426[*] https://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=AE009
427[*] https://www.portaltransparencia.cl/PortalPdT/web/guest/directorio-de-organismos-regulados?p_p_id=pdtorganismos_WAR_pdtorganismosportlet&orgcode=b66b4f60efa5e25a62b0af6a514f4f88
428[*] https://www.sbif.cl/sbifweb/servlet/Portada?indice=0.0
429[*] https://www.svs.cl/institucional/seil/conecta_seil.php
430[*] http://www.bcentral.cl/
431[*] http://www.cmfchile.cl/
432[*] http://www.cmfchile.cl/institucional/mercados/cmfsp_index.php
433[*] http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
434[*] http://www.cmfchile.cl/portal/principal/605/w3-article-16237.html
435[*] http://www.cmfchile.cl/portal/principal/605/w3-article-1832.html
436[*] http://www.cmfchile.cl/portal/principal/605/w3-article-1833.html
437[*] http://www.cmfchile.cl/portal/principal/605/w3-article-26850.html
438[*] http://www.cmfchile.cl/portal/principal/605/w3-channel.html
439[*] http://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-25539.html
440[*] http://www.cmfchile.cl/sitio/siac2/ingresoWebCiudadano.php
441[*] http://www.conocetuseguro.cl/603/w3-channel.html
442[*] http://www.cronologiabancaria.cl/
443[*] http://www.cssf.cl/
444[*] http://www.gob.cl/
445[*] http://www.hacienda.cl/
446[*] http://www.spensiones.cl/
447[*] http://www.svs.gob.cl/ver-mas.html
448[*] http://www.uaf.cl/
449[INFO] GOOGLE has Search instead for www.svs.gob.cl about http://www.svs.gob.cl/
450[INFO] Shodan detected the following opened ports on 201.131.38.40:
451[*] 443
452[*] 80
453[INFO] ------VirusTotal SECTION------
454[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
455[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
456[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
457[INFO] ------Alexa Rank SECTION------
458[INFO] Percent of Visitors Rank in Country:
459[INFO] Percent of Search Traffic:
460[INFO] Percent of Unique Visits:
461[INFO] Total Sites Linking In:
462[*] Total Sites
463[INFO] Useful links related to www.svs.gob.cl - 201.131.38.40:
464[*] https://www.virustotal.com/pt/ip-address/201.131.38.40/information/
465[*] https://www.hybrid-analysis.com/search?host=201.131.38.40
466[*] https://www.shodan.io/host/201.131.38.40
467[*] https://www.senderbase.org/lookup/?search_string=201.131.38.40
468[*] https://www.alienvault.com/open-threat-exchange/ip/201.131.38.40
469[*] http://pastebin.com/search?q=201.131.38.40
470[*] http://urlquery.net/search.php?q=201.131.38.40
471[*] http://www.alexa.com/siteinfo/www.svs.gob.cl
472[*] http://www.google.com/safebrowsing/diagnostic?site=www.svs.gob.cl
473[*] https://censys.io/ipv4/201.131.38.40
474[*] https://www.abuseipdb.com/check/201.131.38.40
475[*] https://urlscan.io/search/#201.131.38.40
476[*] https://github.com/search?q=201.131.38.40&type=Code
477[INFO] Useful links related to AS263688 - 201.131.38.0/23:
478[*] http://www.google.com/safebrowsing/diagnostic?site=AS:263688
479[*] https://www.senderbase.org/lookup/?search_string=201.131.38.0/23
480[*] http://bgp.he.net/AS263688
481[*] https://stat.ripe.net/AS263688
482[INFO] Date: 04/01/20 | Time: 14:52:16
483[INFO] Total time: 0 minute(s) and 50 second(s)
484#######################################################################################################################################
485Trying "svs.gob.cl"
486;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38723
487;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2
488
489;; QUESTION SECTION:
490;svs.gob.cl. IN ANY
491
492;; ANSWER SECTION:
493svs.gob.cl. 5 IN MX 5 ulmo.svs.cl.
494svs.gob.cl. 5 IN SOA araucaria.svs.gob.cl. ulmo.svs.gob.cl. 1997022743 3600 900 604800 86400
495svs.gob.cl. 5 IN NS ns2.svs.cl.
496svs.gob.cl. 5 IN NS araucaria.svs.cl.
497
498;; AUTHORITY SECTION:
499svs.gob.cl. 3600 IN NS ns2.svs.cl.
500svs.gob.cl. 3600 IN NS araucaria.svs.cl.
501
502;; ADDITIONAL SECTION:
503ns2.svs.cl. 3600 IN A 200.73.32.70
504araucaria.svs.cl. 3600 IN A 201.131.38.36
505
506Received 206 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 446 ms
507#######################################################################################################################################
508; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace svs.gob.cl any
509;; global options: +cmd
510. 83935 IN NS g.root-servers.net.
511. 83935 IN NS f.root-servers.net.
512. 83935 IN NS h.root-servers.net.
513. 83935 IN NS m.root-servers.net.
514. 83935 IN NS i.root-servers.net.
515. 83935 IN NS k.root-servers.net.
516. 83935 IN NS l.root-servers.net.
517. 83935 IN NS c.root-servers.net.
518. 83935 IN NS d.root-servers.net.
519. 83935 IN NS j.root-servers.net.
520. 83935 IN NS e.root-servers.net.
521. 83935 IN NS a.root-servers.net.
522. 83935 IN NS b.root-servers.net.
523. 83935 IN RRSIG NS 8 0 518400 20200117050000 20200104040000 33853 . GQesRY7r4lGoXkRm254AsjJYq2stXHJafVZreV98wXfaYeM1Z/RJEZqu pykaakR5gvRe4AvFyJ7coZoaHERFaIJ/eKQ8ewqas24/WMtnzuKpCLEf HF/OCfa3EhhB6J0RQiEQyuHFzdzL7DGhPGi80o6kB2wwoqqOA7E6xj/o 4IlIbu0TB70WStyNtT3WLi7WVkbzuJdoXgVRxuIQwlcfqvwwGH/5vSJA LcGo1ARr8FRXBh9anz9JWkbu5CXqF0Mf0uEoLuPr8oP0XoxBwi4Iy1SM wp8kGY/OI8mjcMRd8bI9JgUNyzLxGj0HQVxFKlUEEs0Af9GG/9m+1lAY RsIJog==
524;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 134 ms
525
526cl. 172800 IN NS a.nic.cl.
527cl. 172800 IN NS b.nic.cl.
528cl. 172800 IN NS c.nic.cl.
529cl. 172800 IN NS cl1.dnsnode.net.
530cl. 172800 IN NS cl-ns.anycast.pch.net.
531cl. 172800 IN NS cl1-tld.d-zone.ca.
532cl. 172800 IN NS cl2-tld.d-zone.ca.
533cl. 86400 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
534cl. 86400 IN RRSIG DS 8 1 86400 20200117050000 20200104040000 33853 . pnYkw6pMgk5pYaeCo6aN8N5fKoqTEHrQFhso8uwAq9vnFFbXS3MRqbZV 2KWgLnYoC6V1gWZTnLMIkWswMHdDruSkfMcBUTRtO9nP3j4S8x+zpyCj GOTLVNCvJRVE1ZVnDDwz5PRFYMbC08i2cLZSBvgswHRbjt5NegO/DMHi wfkcK2I8bML+M6c8AqktwaD2wQ1IISGeRhw0b9FpXWgp6HnNJ993nDIa SO0PQgLvI7qD+wDf58NSwSmtZvvRdz1mw8YB4E31LEj/ZOgoCGwoU+vF Lt+Ex5NsuS5bktTe+sR+FgAO27j8pjE6IfF2sGKc9iajyequ5sx/onkN m78ZOA==
535;; Received 820 bytes from 2001:500:a8::e#53(e.root-servers.net) in 27 ms
536
537gob.cl. 3600 IN NS a.nic.cl.
538gob.cl. 3600 IN NS b.nic.cl.
539gob.cl. 3600 IN NS ns.gob.cl.
540gob.cl. 3600 IN NS ns2.gob.cl.
541gob.cl. 3600 IN NS ns6.gob.cl.
542gob.cl. 3600 IN NS ns7.gob.cl.
543enj56t1dnaej9qo23nsklrtit3rh6a0q.cl. 900 IN NSEC3 1 1 2 15C4F375A9FC5E8F74D9A3E0646F8B47 ESFL3ESLN592VMME2MBHGQPPJDA7DR6U NS SOA TXT RRSIG DNSKEY NSEC3PARAM
544enj56t1dnaej9qo23nsklrtit3rh6a0q.cl. 900 IN RRSIG NSEC3 8 2 900 20200216080343 20200104183024 12363 cl. RdSbD0Ht5k8vt2i8HYuIEIQI6hCjyRgLARzXqf4C4jam797bHtj6V8a/ R4yt5XQkj7e68IQsYVGM6v2e8Vg/89u0wrQpiJrXknKQeiyrht5jMhw+ IQN3cI0imbvbrfvAVHE4g2i3l+nE7PbGDKWEGRifiv9cClFZcK1x8OnO SEk=
545;; Received 672 bytes from 2620:10a:80aa::56#53(cl1-tld.d-zone.ca) in 25 ms
546
547svs.gob.cl. 3600 IN NS araucaria.svs.cl.
548svs.gob.cl. 3600 IN NS ns2.svs.cl.
549;; Received 113 bytes from 163.247.54.111#53(ns.gob.cl) in 257 ms
550
551svs.gob.cl. 3600 IN SOA araucaria.svs.gob.cl. ulmo.svs.gob.cl. 1997022743 3600 900 604800 86400
552svs.gob.cl. 3600 IN NS araucaria.svs.cl.
553svs.gob.cl. 3600 IN NS ns2.svs.cl.
554svs.gob.cl. 3600 IN MX 5 ulmo.svs.cl.
555;; Received 205 bytes from 200.73.32.70#53(ns2.svs.cl) in 270 ms
556#######################################################################################################################################
557[*] Performing General Enumeration of Domain: svs.gob.cl
558[-] DNSSEC is not configured for svs.gob.cl
559[*] SOA araucaria.svs.gob.cl 201.131.38.36
560[*] NS ns2.svs.cl 200.73.32.70
561[*] Bind Version for 200.73.32.70 Nameserver Linux
562[*] NS araucaria.svs.cl 201.131.38.36
563[*] Bind Version for 201.131.38.36 Nameserver Linux
564[*] MX ulmo.svs.cl 201.131.38.37
565[*] Enumerating SRV Records
566[-] No SRV Records Found for svs.gob.cl
567[+] 0 Records Found
568#######################################################################################################################################
569[*] Processing domain svs.gob.cl
570[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
571[+] Getting nameservers
572200.73.32.70 - ns2.svs.cl
573201.131.38.36 - araucaria.svs.cl
574[-] Zone transfer failed
575
576[+] MX records found, added to target list
5775 ulmo.svs.cl.
578
579[*] Scanning svs.gob.cl for A records
580201.131.38.39 - correo.svs.gob.cl
581201.131.38.37 - mail.svs.gob.cl
582201.131.38.36 - ns.svs.gob.cl
583200.73.32.70 - ns2.svs.gob.cl
584200.73.32.73 - ww2.svs.gob.cl
585201.131.38.40 - www.svs.gob.cl
586#######################################################################################################################################
587 AVAILABLE PLUGINS
588 -----------------
589
590 HeartbleedPlugin
591 CompressionPlugin
592 FallbackScsvPlugin
593 OpenSslCipherSuitesPlugin
594 HttpHeadersPlugin
595 RobotPlugin
596 EarlyDataPlugin
597 CertificateInfoPlugin
598 OpenSslCcsInjectionPlugin
599 SessionResumptionPlugin
600 SessionRenegotiationPlugin
601
602
603
604 CHECKING HOST(S) AVAILABILITY
605 -----------------------------
606
607 201.131.38.40:443 => 201.131.38.40
608
609
610
611
612 SCAN RESULTS FOR 201.131.38.40:443 - 201.131.38.40
613 --------------------------------------------------
614
615 * SSLV2 Cipher Suites:
616 Server rejected all cipher suites.
617
618 * OpenSSL Heartbleed:
619 OK - Not vulnerable to Heartbleed
620
621 * TLSV1_3 Cipher Suites:
622 Server rejected all cipher suites.
623
624 * Session Renegotiation:
625 Client-initiated Renegotiation: VULNERABLE - Server honors client-initiated renegotiations
626 Secure Renegotiation: OK - Supported
627
628 * TLS 1.2 Session Resumption Support:
629 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
630 With TLS Tickets: OK - Supported
631
632 * Deflate Compression:
633 OK - Compression disabled
634
635 * Downgrade Attacks:
636 TLS_FALLBACK_SCSV: OK - Supported
637
638 * TLSV1_1 Cipher Suites:
639 Forward Secrecy INSECURE - Not Supported
640 RC4 OK - Not Supported
641
642 Preferred:
643 None - Server followed client cipher suite preference.
644 Accepted:
645 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 200 OK
646 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 200 OK
647 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
648 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
649 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
650 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
651 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
652
653 * TLSV1_2 Cipher Suites:
654 Forward Secrecy INSECURE - Not Supported
655 RC4 OK - Not Supported
656
657 Preferred:
658 None - Server followed client cipher suite preference.
659 Accepted:
660 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 200 OK
661 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 200 OK
662 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
663 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
664 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
665 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
666 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
667 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
668 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
669 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
670 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
671
672 * SSLV3 Cipher Suites:
673 Server rejected all cipher suites.
674
675 * TLSV1 Cipher Suites:
676 Forward Secrecy INSECURE - Not Supported
677 RC4 OK - Not Supported
678
679 Preferred:
680 None - Server followed client cipher suite preference.
681 Accepted:
682 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 200 OK
683 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 200 OK
684 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
685 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
686 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
687 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
688 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
689
690 * Certificate Information:
691 Content
692 SHA1 Fingerprint: 6961e9af47664a95f822c75ff4e21f0fcafececa
693 Common Name: www.svs.cl
694 Issuer: DigiCert SHA2 Extended Validation Server CA
695 Serial Number: 2761063120104030410960979402962112477
696 Not Before: 2017-12-27 00:00:00
697 Not After: 2020-02-25 12:00:00
698 Signature Algorithm: sha256
699 Public Key Algorithm: RSA
700 Key Size: 2048
701 Exponent: 65537 (0x10001)
702 DNS Subject Alternative Names: ['www.svs.cl', 'svs.cl']
703
704 Trust
705 Hostname Validation: FAILED - Certificate does NOT match 201.131.38.40
706 Android CA Store (9.0.0_r9): OK - Certificate is trusted
707 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
708 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
709 Mozilla CA Store (2019-03-14): OK - Certificate is trusted, Extended Validation
710 Windows CA Store (2019-05-27): OK - Certificate is trusted
711 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
712 Received Chain: www.svs.cl --> DigiCert SHA2 Extended Validation Server CA
713 Verified Chain: www.svs.cl --> DigiCert SHA2 Extended Validation Server CA --> DigiCert High Assurance EV Root CA
714 Received Chain Contains Anchor: OK - Anchor certificate not sent
715 Received Chain Order: OK - Order is valid
716 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
717
718 Extensions
719 OCSP Must-Staple: NOT SUPPORTED - Extension not found
720 Certificate Transparency: OK - 4 SCTs included
721
722 OCSP Stapling
723 NOT SUPPORTED - Server did not send back an OCSP response
724
725 * OpenSSL CCS Injection:
726 OK - Not vulnerable to OpenSSL CCS injection
727
728 * ROBOT Attack:
729 OK - Not vulnerable
730
731
732 SCAN COMPLETED IN 24.73 S
733 -------------------------
734#######################################################################################################################################
735Domains still to check: 1
736 Checking if the hostname svs.gob.cl. given is in fact a domain...
737
738Analyzing domain: svs.gob.cl.
739 Checking NameServers using system default resolver...
740 IP: 200.73.32.70 (Chile)
741 HostName: ns2.svs.cl Type: NS
742 HostName: host70.200.73.32.static.adsl.ifxnw.cl Type: PTR
743 IP: 201.131.38.36 (Chile)
744 HostName: araucaria.svs.cl Type: NS
745
746 Checking MailServers using system default resolver...
747 IP: 201.131.38.37 (Chile)
748 HostName: ulmo.svs.cl Type: MX
749 HostName: ulmo.svs.cl Type: PTR
750
751 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
752 No zone transfer found on nameserver 201.131.38.36
753 No zone transfer found on nameserver 200.73.32.70
754
755 Checking SPF record...
756 No SPF record
757
758 Checking 192 most common hostnames using system default resolver...
759 IP: 201.131.38.40 (Chile)
760 HostName: www.svs.gob.cl. Type: A
761 IP: 201.131.38.37 (Chile)
762 HostName: ulmo.svs.cl Type: MX
763 HostName: ulmo.svs.cl Type: PTR
764 HostName: mail.svs.gob.cl. Type: A
765 IP: 201.131.38.36 (Chile)
766 HostName: araucaria.svs.cl Type: NS
767 HostName: ns.svs.gob.cl. Type: A
768 IP: 200.73.32.70 (Chile)
769 HostName: ns2.svs.cl Type: NS
770 HostName: host70.200.73.32.static.adsl.ifxnw.cl Type: PTR
771 HostName: ns2.svs.gob.cl. Type: A
772
773 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
774 Checking netblock 201.131.38.0
775 Checking netblock 200.73.32.0
776
777 Searching for svs.gob.cl. emails in Google
778
779 Checking 4 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
780 Host 201.131.38.40 is up (reset ttl 64)
781 Host 201.131.38.37 is up (reset ttl 64)
782 Host 201.131.38.36 is up (reset ttl 64)
783 Host 200.73.32.70 is up (reset ttl 64)
784
785 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
786 Scanning ip 201.131.38.40 (www.svs.gob.cl.):
787adjust_timeouts2: packet supposedly had rtt of -581399 microseconds. Ignoring time.
788adjust_timeouts2: packet supposedly had rtt of -581399 microseconds. Ignoring time.
789adjust_timeouts2: packet supposedly had rtt of -557181 microseconds. Ignoring time.
790adjust_timeouts2: packet supposedly had rtt of -557181 microseconds. Ignoring time.
791adjust_timeouts2: packet supposedly had rtt of -387044 microseconds. Ignoring time.
792adjust_timeouts2: packet supposedly had rtt of -387044 microseconds. Ignoring time.
793 80/tcp open http syn-ack ttl 50 Apache httpd
794 |_http-server-header: Apache
795 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
796 |_http-favicon: Unknown favicon MD5: 3D8F6CCB8A9C643BD49ED1798A8A3E6A
797 | http-methods:
798 |_ Supported Methods: GET HEAD POST OPTIONS
799 |_http-server-header: Apache
800 |_http-title: Comisi\xC3\xB3n para el Mercado Financiero de Chile (CMF Chile)
801 | ssl-cert: Subject: commonName=www.svs.cl/organizationName=Superintendencia de Valores y Seguros/countryName=CL
802 | Subject Alternative Name: DNS:www.svs.cl, DNS:svs.cl
803 | Issuer: commonName=DigiCert SHA2 Extended Validation Server CA/organizationName=DigiCert Inc/countryName=US
804 | Public Key type: rsa
805 | Public Key bits: 2048
806 | Signature Algorithm: sha256WithRSAEncryption
807 | Not valid before: 2017-12-27T00:00:00
808 | Not valid after: 2020-02-25T12:00:00
809 | MD5: e388 a01d 9839 d054 957a 48f4 78d2 3573
810 |_SHA-1: 6961 e9af 4766 4a95 f822 c75f f4e2 1f0f cafe ceca
811 |_ssl-date: TLS randomness does not represent time
812 Device type: general purpose|WAP
813 Scanning ip 201.131.38.37 (mail.svs.gob.cl.):
814 8008/tcp open http syn-ack ttl 51
815 | fingerprint-strings:
816 | FourOhFourRequest:
817 | HTTP/1.1 302 Found
818 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
819 | Connection: close
820 | X-Frame-Options: SAMEORIGIN
821 | X-XSS-Protection: 1; mode=block
822 | X-Content-Type-Options: nosniff
823 | Content-Security-Policy: frame-ancestors
824 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
825 | HTTP/1.1 302 Found
826 | Location: https://:8010
827 | Connection: close
828 | X-Frame-Options: SAMEORIGIN
829 | X-XSS-Protection: 1; mode=block
830 | X-Content-Type-Options: nosniff
831 | Content-Security-Policy: frame-ancestors
832 | GetRequest:
833 | HTTP/1.1 302 Found
834 | Location: https://:8010/
835 | Connection: close
836 | X-Frame-Options: SAMEORIGIN
837 | X-XSS-Protection: 1; mode=block
838 | X-Content-Type-Options: nosniff
839 |_ Content-Security-Policy: frame-ancestors
840 | http-methods:
841 |_ Supported Methods: GET HEAD POST OPTIONS
842 |_http-title: Did not follow redirect to https://201.131.38.37:8010/
843 |_https-redirect: ERROR: Script execution failed (use -d to debug)
844 Scanning ip 201.131.38.36 (ns.svs.gob.cl.):
845 53/tcp open domain syn-ack ttl 50 (unknown banner: Nameserver Linux)
846 | dns-nsid:
847 |_ bind.version: Nameserver Linux
848 | fingerprint-strings:
849 | DNSVersionBindReqTCP:
850 | version
851 | bind
852 |_ Nameserver Linux
853 Scanning ip 200.73.32.70 (ns2.svs.gob.cl.):
854 53/tcp open domain syn-ack ttl 55 (unknown banner: Nameserver Linux)
855 | dns-nsid:
856 |_ bind.version: Nameserver Linux
857 | fingerprint-strings:
858 | DNSVersionBindReqTCP:
859 | version
860 | bind
861 |_ Nameserver Linux
862 WebCrawling domain's web servers... up to 50 max links.
863
864 + URL to crawl: http://www.svs.gob.cl.
865 + Date: 2020-01-04
866
867 + Crawling URL: http://www.svs.gob.cl.:
868 + Links:
869 + Crawling http://www.svs.gob.cl.
870 + Crawling http://www.svs.gob.cl./ver-mas.html
871 + Crawling http://www.svs.gob.cl./CMF-assets/img/twitterF.svg (File! Not crawling it.)
872 + Searching for directories...
873 - Found: http://www.svs.gob.cl./CMF-assets/
874 - Found: http://www.svs.gob.cl./CMF-assets/css/
875 - Found: http://www.svs.gob.cl./CMF-assets/scripts/
876 - Found: http://www.svs.gob.cl./CMF-assets/favicon/
877 - Found: http://www.svs.gob.cl./CMF-assets/img/
878 - Found: http://www.svs.gob.cl./CMF-assets/img/Banners/
879 + Searching open folders...
880 - http://www.svs.gob.cl./CMF-assets/ (403 Forbidden)
881 - http://www.svs.gob.cl./CMF-assets/css/ (403 Forbidden)
882 - http://www.svs.gob.cl./CMF-assets/scripts/ (403 Forbidden)
883 - http://www.svs.gob.cl./CMF-assets/favicon/ (403 Forbidden)
884 - http://www.svs.gob.cl./CMF-assets/img/ (403 Forbidden)
885 - http://www.svs.gob.cl./CMF-assets/img/Banners/ (403 Forbidden)
886 + Crawl finished successfully.
887----------------------------------------------------------------------
888Summary of http://http://www.svs.gob.cl.
889----------------------------------------------------------------------
890+ Links crawled:
891 - http://www.svs.gob.cl.
892 - http://www.svs.gob.cl./ver-mas.html
893 Total links crawled: 2
894
895+ Links to files found:
896 - http://www.svs.gob.cl./CMF-assets/css/bootstrap-grid.min.css
897 - http://www.svs.gob.cl./CMF-assets/css/bootstrap-reboot.min.css
898 - http://www.svs.gob.cl./CMF-assets/css/bootstrap.min.css
899 - http://www.svs.gob.cl./CMF-assets/css/style-CMF.css
900 - http://www.svs.gob.cl./CMF-assets/favicon/favicon.ico
901 - http://www.svs.gob.cl./CMF-assets/img/Banners/Banner-Contrata-Personal.jpg
902 - http://www.svs.gob.cl./CMF-assets/img/Banners/Banner-Portal-Transparencia-g.jpg
903 - http://www.svs.gob.cl./CMF-assets/img/Banners/Banner-Solicitud-Ley-de-Transparencia-g.jpg
904 - http://www.svs.gob.cl./CMF-assets/img/f_sitio-web-cmf.jpg
905 - http://www.svs.gob.cl./CMF-assets/img/f_sitio-web-sbif.jpg
906 - http://www.svs.gob.cl./CMF-assets/img/logo-CMF-blanco-v.png
907 - http://www.svs.gob.cl./CMF-assets/img/logo-CMF-blanco.png
908 - http://www.svs.gob.cl./CMF-assets/img/principales-hitos-historia-CMF.jpg
909 - http://www.svs.gob.cl./CMF-assets/img/top-Contactenos.png
910 - http://www.svs.gob.cl./CMF-assets/img/top-Extranet-SBIF.png
911 - http://www.svs.gob.cl./CMF-assets/img/top-SEIL.png
912 - http://www.svs.gob.cl./CMF-assets/img/twitterF.svg
913 - http://www.svs.gob.cl./CMF-assets/scripts/bootstrap.min.js
914 - http://www.svs.gob.cl./CMF-assets/scripts/jquery-3.2.1.min.js
915 Total links to files: 19
916
917+ Externals links found:
918 - http://extranet.sbif.cl/extmanuals/edocs.do?_appl=extranet
919 - http://www.bcentral.cl/
920 - http://www.cmfchile.cl/
921 - http://www.cmfchile.cl/institucional/mercados/cmfsp_index.php
922 - http://www.cmfchile.cl/portal/principal/605/w3-article-1281.html
923 - http://www.cmfchile.cl/portal/principal/605/w3-article-16237.html
924 - http://www.cmfchile.cl/portal/principal/605/w3-article-1832.html
925 - http://www.cmfchile.cl/portal/principal/605/w3-article-1833.html
926 - http://www.cmfchile.cl/portal/principal/605/w3-article-26850.html
927 - http://www.cmfchile.cl/portal/principal/605/w3-channel.html
928 - http://www.cmfchile.cl/portal/principal/605/w3-propertyvalue-25539.html
929 - http://www.cmfchile.cl/sitio/siac2/ingresoWebCiudadano.php
930 - http://www.conocetuseguro.cl/603/w3-channel.html
931 - http://www.cronologiabancaria.cl/
932 - http://www.cssf.cl/
933 - http://www.gob.cl/
934 - http://www.hacienda.cl/
935 - http://www.spensiones.cl/
936 - http://www.svs.cl/portal/principal/605/w3-article-1281.html
937 - http://www.svs.cl/portal/principal/605/w3-article-1833.html
938 - http://www.svs.cl/portal/principal/605/w3-propertyvalue-25539.html
939 - http://www.svs.cl/sitio/siac2/ingresoWebCiudadano.php
940 - http://www.uaf.cl/
941 - https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.js
942 - https://fonts.googleapis.com/css?family=Muli:400,700
943 - https://ssl.google-analytics.com/urchin.js
944 - https://twitter.com/CMFChile_
945 - https://www.chileatiende.gob.cl/instituciones/AE009
946 - https://www.clientebancario.cl/
947 - https://www.cmfchile.cl/
948 - https://www.cmfeduca.cl/educa/600/w3-channel.html
949 - https://www.cmfmascerca.cl/mascerca/601/w3-channel.html
950 - https://www.leychile.cl/Navegar?idNorma=1124459
951 - https://www.leylobby.gob.cl/instituciones/AE009/cargos-pasivos
952 - https://www.portaltransparencia.cl/PortalPdT/pdtta?codOrganismo=AE009
953 - https://www.portaltransparencia.cl/PortalPdT/web/guest/directorio-de-organismos-regulados?p_p_id=pdtorganismos_WAR_pdtorganismosportlet&orgcode=b66b4f60efa5e25a62b0af6a514f4f88
954 - https://www.sbif.cl/sbifweb/servlet/ConozcaSBIF?indice=7.5.1.1&idContenido=1213
955 - https://www.sbif.cl/sbifweb/servlet/Portada?indice=0.0
956 - https://www.svs.cl/institucional/seil/conecta_seil.php
957 Total external links: 39
958
959+ Email addresses found:
960 Total email address found: 0
961
962+ Directories found:
963 - http://www.svs.gob.cl./CMF-assets/ (403 Forbidden)
964 - http://www.svs.gob.cl./CMF-assets/css/ (403 Forbidden)
965 - http://www.svs.gob.cl./CMF-assets/favicon/ (403 Forbidden)
966 - http://www.svs.gob.cl./CMF-assets/img/ (403 Forbidden)
967 - http://www.svs.gob.cl./CMF-assets/img/Banners/ (403 Forbidden)
968 - http://www.svs.gob.cl./CMF-assets/scripts/ (403 Forbidden)
969 Total directories: 6
970
971+ Directory indexing found:
972 Total directories with indexing: 0
973
974----------------------------------------------------------------------
975
976
977 + URL to crawl: https://www.svs.gob.cl.
978 + Date: 2020-01-04
979
980 + Crawling URL: https://www.svs.gob.cl.:
981 + Links:
982 + Crawling https://www.svs.gob.cl.
983 + Searching for directories...
984 + Searching open folders...
985
986
987 + URL to crawl: http://mail.svs.gob.cl.:8008
988 + Date: 2020-01-04
989
990 + Crawling URL: http://mail.svs.gob.cl.:8008:
991 + Links:
992 + Crawling http://mail.svs.gob.cl.:8008 (timed out)
993 + Searching for directories...
994 + Searching open folders...
995
996
997 + URL to crawl: http://ulmo.svs.cl:8008
998 + Date: 2020-01-04
999
1000 + Crawling URL: http://ulmo.svs.cl:8008:
1001 + Links:
1002 + Crawling http://ulmo.svs.cl:8008 (timed out)
1003 + Searching for directories...
1004 + Searching open folders...
1005
1006--Finished--
1007Summary information for domain svs.gob.cl.
1008-----------------------------------------
1009
1010 Domain Ips Information:
1011 IP: 201.131.38.40
1012 HostName: www.svs.gob.cl. Type: A
1013 Country: Chile
1014 Is Active: True (reset ttl 64)
1015 Port: 80/tcp open http syn-ack ttl 50 Apache httpd
1016 Script Info: |_http-server-header: Apache
1017 Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
1018 Script Info: |_http-favicon: Unknown favicon MD5: 3D8F6CCB8A9C643BD49ED1798A8A3E6A
1019 Script Info: | http-methods:
1020 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1021 Script Info: |_http-server-header: Apache
1022 Script Info: |_http-title: Comisi\xC3\xB3n para el Mercado Financiero de Chile (CMF Chile)
1023 Script Info: | ssl-cert: Subject: commonName=www.svs.cl/organizationName=Superintendencia de Valores y Seguros/countryName=CL
1024 Script Info: | Subject Alternative Name: DNS:www.svs.cl, DNS:svs.cl
1025 Script Info: | Issuer: commonName=DigiCert SHA2 Extended Validation Server CA/organizationName=DigiCert Inc/countryName=US
1026 Script Info: | Public Key type: rsa
1027 Script Info: | Public Key bits: 2048
1028 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1029 Script Info: | Not valid before: 2017-12-27T00:00:00
1030 Script Info: | Not valid after: 2020-02-25T12:00:00
1031 Script Info: | MD5: e388 a01d 9839 d054 957a 48f4 78d2 3573
1032 Script Info: |_SHA-1: 6961 e9af 4766 4a95 f822 c75f f4e2 1f0f cafe ceca
1033 Script Info: |_ssl-date: TLS randomness does not represent time
1034 Script Info: Device type: general purpose|WAP
1035 IP: 201.131.38.37
1036 HostName: ulmo.svs.cl Type: MX
1037 HostName: ulmo.svs.cl Type: PTR
1038 HostName: mail.svs.gob.cl. Type: A
1039 Country: Chile
1040 Is Active: True (reset ttl 64)
1041 Port: 8008/tcp open http syn-ack ttl 51
1042 Script Info: | fingerprint-strings:
1043 Script Info: | FourOhFourRequest:
1044 Script Info: | HTTP/1.1 302 Found
1045 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1046 Script Info: | Connection: close
1047 Script Info: | X-Frame-Options: SAMEORIGIN
1048 Script Info: | X-XSS-Protection: 1; mode=block
1049 Script Info: | X-Content-Type-Options: nosniff
1050 Script Info: | Content-Security-Policy: frame-ancestors
1051 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1052 Script Info: | HTTP/1.1 302 Found
1053 Script Info: | Location: https://:8010
1054 Script Info: | Connection: close
1055 Script Info: | X-Frame-Options: SAMEORIGIN
1056 Script Info: | X-XSS-Protection: 1; mode=block
1057 Script Info: | X-Content-Type-Options: nosniff
1058 Script Info: | Content-Security-Policy: frame-ancestors
1059 Script Info: | GetRequest:
1060 Script Info: | HTTP/1.1 302 Found
1061 Script Info: | Location: https://:8010/
1062 Script Info: | Connection: close
1063 Script Info: | X-Frame-Options: SAMEORIGIN
1064 Script Info: | X-XSS-Protection: 1; mode=block
1065 Script Info: | X-Content-Type-Options: nosniff
1066 Script Info: |_ Content-Security-Policy: frame-ancestors
1067 Script Info: | http-methods:
1068 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1069 Script Info: |_http-title: Did not follow redirect to https://201.131.38.37:8010/
1070 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
1071 IP: 201.131.38.36
1072 HostName: araucaria.svs.cl Type: NS
1073 HostName: ns.svs.gob.cl. Type: A
1074 Country: Chile
1075 Is Active: True (reset ttl 64)
1076 Port: 53/tcp open domain syn-ack ttl 50 (unknown banner: Nameserver Linux)
1077 Script Info: | dns-nsid:
1078 Script Info: |_ bind.version: Nameserver Linux
1079 Script Info: | fingerprint-strings:
1080 Script Info: | DNSVersionBindReqTCP:
1081 Script Info: | version
1082 Script Info: | bind
1083 Script Info: |_ Nameserver Linux
1084 IP: 200.73.32.70
1085 HostName: ns2.svs.cl Type: NS
1086 HostName: host70.200.73.32.static.adsl.ifxnw.cl Type: PTR
1087 HostName: ns2.svs.gob.cl. Type: A
1088 Country: Chile
1089 Is Active: True (reset ttl 64)
1090 Port: 53/tcp open domain syn-ack ttl 55 (unknown banner: Nameserver Linux)
1091 Script Info: | dns-nsid:
1092 Script Info: |_ bind.version: Nameserver Linux
1093 Script Info: | fingerprint-strings:
1094 Script Info: | DNSVersionBindReqTCP:
1095 Script Info: | version
1096 Script Info: | bind
1097 Script Info: |_ Nameserver Linux
1098
1099--------------End Summary --------------
1100-----------------------------------------
1101######################################################################################################################################
1102traceroute to www.svs.gob.cl (201.131.38.40), 30 hops max, 60 byte packets
1103 1 10.251.204.1 (10.251.204.1) 33.554 ms 75.445 ms 75.446 ms
1104 2 104.245.145.177 (104.245.145.177) 75.431 ms 75.415 ms 75.391 ms
1105 3 te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 75.371 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 75.402 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 75.323 ms
1106 4 be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 75.366 ms 97.239 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 75.287 ms
1107 5 te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169) 75.204 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254) 97.181 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169) 75.158 ms
1108 6 be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 127.123 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 38.198 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 64.563 ms
1109 7 be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50) 147.483 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254) 147.383 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50) 147.429 ms
1110 8 be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30) 147.476 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158) 147.330 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 147.278 ms
1111 9 38.142.154.146 (38.142.154.146) 147.338 ms 147.318 ms be3482.ccr21.mia01.atlas.cogentco.com (154.54.24.146) 147.236 ms
111210 scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135) 239.222 ms be3400.ccr21.mia03.atlas.cogentco.com (154.54.47.18) 147.160 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135) 239.181 ms
111311 cn2.4-1-1.ci2.gtdinternet.com (190.196.126.241) 207.945 ms 239.128 ms 38.142.154.146 (38.142.154.146) 92.534 ms
111412 scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135) 200.176 ms re2.et2-2-0.53.cn2.gtdinternet.com (190.196.126.85) 278.120 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225) 278.147 ms
111513 re1.et2-2-0.53.cn1.gtdinternet.com (190.196.126.77) 278.096 ms ci1.ae1.ci2.gtdinternet.com (190.196.126.222) 278.051 ms re1.ae3.100.re2.gtdinternet.com (190.196.63.202) 278.041 ms
111614 cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225) 277.988 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186) 277.908 ms 277.861 ms
111715 re1.ae3.100.re2.gtdinternet.com (190.196.63.202) 277.827 ms * *
1118######################################################################################################################################
1119----- svs.gob.cl -----
1120
1121
1122Host's addresses:
1123__________________
1124
1125
1126
1127Name Servers:
1128______________
1129
1130ns2.svs.cl. 2664 IN A 200.73.32.70
1131araucaria.svs.cl. 2664 IN A 201.131.38.36
1132
1133
1134Mail (MX) Servers:
1135___________________
1136
1137ulmo.svs.cl. 3320 IN A 201.131.38.37
1138
1139
1140
1141Google Results:
1142________________
1143
1144 perhaps Google is blocking our queries.
1145 Check manually.
1146
1147
1148Brute forcing with /usr/share/dnsenum/dns.txt:
1149_______________________________________________
1150
1151mail.svs.gob.cl. 6572 IN CNAME ulmo.svs.gob.cl.
1152ulmo.svs.gob.cl. 6572 IN A 201.131.38.37
1153ns.svs.gob.cl. 6839 IN CNAME araucaria.svs.gob.cl.
1154araucaria.svs.gob.cl. 6839 IN A 201.131.38.36
1155ns2.svs.gob.cl. 6553 IN A 200.73.32.70
1156www.svs.gob.cl. 6050 IN CNAME canelo.svs.gob.cl.
1157canelo.svs.gob.cl. 6050 IN A 201.131.38.40
1158
1159
1160Launching Whois Queries:
1161_________________________
1162
1163 c class default: 201.131.38.0 -> 201.131.38.0/24 (whois netrange operation failed)
1164 whois ip result: 200.73.32.0 -> 200.73.32.0/19
1165
1166
1167svs.gob.cl__________
1168
1169 201.131.38.0/24
1170 200.73.32.0/19
1171######################################################################################################################################
1172Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 14:53 EST
1173Nmap scan report for 201.131.38.40
1174Host is up (0.20s latency).
1175Not shown: 471 filtered ports, 3 closed ports
1176Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1177PORT STATE SERVICE VERSION
117880/tcp open http Apache httpd
1179|_http-server-header: Apache
1180443/tcp open ssl/http Apache httpd
1181|_http-server-header: Apache
1182|_http-title: Comisi\xC3\xB3n para el Mercado Financiero de Chile (CMF Chile)
1183| ssl-cert: Subject: commonName=www.svs.cl/organizationName=Superintendencia de Valores y Seguros/countryName=CL
1184| Subject Alternative Name: DNS:www.svs.cl, DNS:svs.cl
1185| Not valid before: 2017-12-27T00:00:00
1186|_Not valid after: 2020-02-25T12:00:00
1187|_ssl-date: TLS randomness does not represent time
1188Device type: general purpose|WAP
1189Running (JUST GUESSING): Linux 2.6.X (91%)
1190OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:2.6.22
1191Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (85%)
1192No exact OS matches for host (test conditions non-ideal).
1193Network Distance: 16 hops
1194
1195TRACEROUTE (using port 443/tcp)
1196HOP RTT ADDRESS
11971 39.18 ms 10.251.204.1
11982 70.39 ms 104.245.145.177
11993 70.44 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
12004 70.46 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
12015 70.49 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254)
12026 70.53 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
12037 70.50 ms be2891.ccr41.dca01.atlas.cogentco.com (154.54.82.250)
12048 70.56 ms be2112.ccr41.atl01.atlas.cogentco.com (154.54.7.158)
12059 102.93 ms be3482.ccr21.mia01.atlas.cogentco.com (154.54.24.146)
120610 208.76 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135)
120711 203.74 ms cn2.4-1-1.ci2.gtdinternet.com (190.196.126.241)
120812 213.32 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225)
120913 253.32 ms cn2.4-1-1.ci2.gtdinternet.com (190.196.126.241)
121014 213.29 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186)
121115 ...
121216 253.32 ms 201.131.38.40
1213######################################################################################################################################
1214Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 14:55 EST
1215Nmap scan report for 201.131.38.40
1216Host is up (0.064s latency).
1217Not shown: 15 filtered ports, 1 closed port
1218Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1219PORT STATE SERVICE VERSION
122053/udp open|filtered domain
122167/udp open|filtered dhcps
122268/udp open|filtered dhcpc
122369/udp open|filtered tftp
122488/udp open|filtered kerberos-sec
1225123/udp open|filtered ntp
1226139/udp open|filtered netbios-ssn
1227161/udp open|filtered snmp
1228162/udp open|filtered snmptrap
1229389/udp open|filtered ldap
1230520/udp open|filtered route
12312049/udp open|filtered nfs
1232Too many fingerprints match this host to give specific OS details
1233
1234TRACEROUTE (using port 138/udp)
1235HOP RTT ADDRESS
12361 29.98 ms 10.251.204.1
12372 ... 3
12384 29.57 ms 10.251.204.1
12395 102.47 ms 10.251.204.1
12406 102.47 ms 10.251.204.1
12417 102.46 ms 10.251.204.1
12428 102.43 ms 10.251.204.1
12439 67.83 ms 10.251.204.1
124410 33.99 ms 10.251.204.1
124511 ... 18
124619 30.45 ms 10.251.204.1
124720 30.62 ms 10.251.204.1
124821 ... 27
124928 31.82 ms 10.251.204.1
125029 ...
125130 29.38 ms 10.251.204.1
1252######################################################################################################################################
1253Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:00 EST
1254Nmap scan report for 201.131.38.40
1255Host is up.
1256
1257PORT STATE SERVICE VERSION
125867/tcp filtered dhcps
125967/udp open|filtered dhcps
1260|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
1261Too many fingerprints match this host to give specific OS details
1262
1263TRACEROUTE (using proto 1/icmp)
1264HOP RTT ADDRESS
12651 107.76 ms 10.251.204.1
12662 107.82 ms 104.245.145.177
12673 107.81 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
12684 107.86 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
12695 107.99 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254)
12706 108.05 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
12717 108.08 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
12728 108.11 ms be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30)
12739 108.11 ms 38.142.154.146
127410 233.90 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135)
127511 261.23 ms ci1.ae1.ci2.gtdinternet.com (190.196.126.222)
127612 261.21 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225)
127713 261.20 ms re1.et2-2-0.53.cn1.gtdinternet.com (190.196.126.77)
127814 216.93 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186)
127915 ... 30
1280######################################################################################################################################
1281Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:02 EST
1282Nmap scan report for 201.131.38.40
1283Host is up.
1284
1285PORT STATE SERVICE VERSION
128668/tcp filtered dhcpc
128768/udp open|filtered dhcpc
1288Too many fingerprints match this host to give specific OS details
1289
1290TRACEROUTE (using proto 1/icmp)
1291HOP RTT ADDRESS
12921 59.85 ms 10.251.204.1
12932 89.99 ms 104.245.145.177
12943 90.02 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
12954 90.03 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
12965 90.04 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254)
12976 121.90 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
12987 121.94 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
12998 121.96 ms be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30)
13009 121.99 ms 38.142.154.146
130110 202.28 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135)
130211 226.39 ms ci1.ae1.ci2.gtdinternet.com (190.196.126.222)
130312 258.26 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225)
130413 258.27 ms re1.et2-2-0.53.cn1.gtdinternet.com (190.196.126.77)
130514 227.43 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186)
130615 ... 30
1307######################################################################################################################################
1308Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:04 EST
1309Nmap scan report for 201.131.38.40
1310Host is up.
1311
1312PORT STATE SERVICE VERSION
131369/tcp filtered tftp
131469/udp open|filtered tftp
1315Too many fingerprints match this host to give specific OS details
1316
1317TRACEROUTE (using proto 1/icmp)
1318HOP RTT ADDRESS
13191 76.63 ms 10.251.204.1
13202 76.66 ms 104.245.145.177
13213 76.67 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
13224 76.69 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
13235 76.70 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254)
13246 107.67 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
13257 107.70 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
13268 107.71 ms be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30)
13279 107.72 ms 38.142.154.146
132810 225.70 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135)
132911 262.79 ms ci1.ae1.ci2.gtdinternet.com (190.196.126.222)
133012 262.79 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225)
133113 262.79 ms re1.et2-2-0.53.cn1.gtdinternet.com (190.196.126.77)
133214 224.23 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186)
133315 ... 30
1334######################################################################################################################################
1335http://201.131.38.40 [200 OK] Apache, Cookies[cookiesession1], HTTPServer[Apache], HttpOnly[cookiesession1], IP[201.131.38.40], JQuery[3.2.1], Meta-Author[CMF Chile, Comisión para el Mercado Financiero de Chile], Modernizr, Script[Javascript,text/javascript], Title[Comisión para el Mercado Financiero de Chile (CMF Chile)], UncommonHeaders[access-control-allow-origin], X-UA-Compatible[IE=edge]
1336######################################################################################################################################
1337
1338wig - WebApp Information Gatherer
1339
1340
1341Scanning http://201.131.38.40...
1342_________________ SITE INFO __________________
1343IP Title
1344201.131.38.40 Comisión para el Mercado Fin
1345
1346__________________ VERSION ___________________
1347Name Versions Type
1348Apache Platform
1349
1350______________________________________________
1351Time: 38.0 sec Urls: 618 Fingerprints: 40401
1352######################################################################################################################################
1353HTTP/1.1 200 OK
1354Date: Sat, 04 Jan 2020 20:07:16 GMT
1355Server: Apache
1356Last-Modified: Fri, 20 Dec 2019 17:49:17 GMT
1357Accept-Ranges: bytes
1358Content-Length: 14518
1359Access-Control-Allow-Origin: http://www.cmfchile.cl
1360Content-Type: text/html; charset=UTF-8
1361Set-Cookie: cookiesession1=0786DB2CHAPMV2UHKLVTSVN4CIEMB669;Path=/;HttpOnly
1362
1363HTTP/1.1 200 OK
1364Date: Sat, 04 Jan 2020 20:07:17 GMT
1365Server: Apache
1366Last-Modified: Fri, 20 Dec 2019 17:49:17 GMT
1367Accept-Ranges: bytes
1368Content-Length: 14518
1369Access-Control-Allow-Origin: http://www.cmfchile.cl
1370Content-Type: text/html; charset=UTF-8
1371Set-Cookie: cookiesession1=0786DB2CCAUDNS3BV38CDMDHFV2H2D8C;Path=/;HttpOnly
1372######################################################################################################################################
1373Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:07 EST
1374Nmap scan report for 201.131.38.40
1375Host is up.
1376
1377PORT STATE SERVICE VERSION
1378123/tcp filtered ntp
1379123/udp open|filtered ntp
1380Too many fingerprints match this host to give specific OS details
1381
1382TRACEROUTE (using proto 1/icmp)
1383HOP RTT ADDRESS
13841 60.06 ms 10.251.204.1
13852 90.52 ms 104.245.145.177
13863 90.57 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
13874 90.58 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
13885 90.60 ms be2892.ccr42.dca01.atlas.cogentco.com (154.54.82.254)
13896 119.60 ms be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222)
13907 119.64 ms be3483.ccr22.mia01.atlas.cogentco.com (154.54.28.50)
13918 119.64 ms be3401.ccr21.mia03.atlas.cogentco.com (154.54.47.30)
13929 119.66 ms 38.142.154.146
139310 363.19 ms scl2.ae2.100.mia2.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.135)
139411 302.54 ms ci1.ae1.ci2.gtdinternet.com (190.196.126.222)
139512 603.88 ms cn1.3-0-1.100.ci1In.gtdinternet.com (190.196.126.225)
139613 530.36 ms re1.et2-2-0.53.cn1.gtdinternet.com (190.196.126.77)
139714 500.58 ms reverso.186.243.153.190.static.operaciones.gtdinternet.com (190.153.243.186)
139815 ... 30
1399######################################################################################################################################
1400https://201.131.38.40/ [200 OK] Apache, HTTPServer[Apache], IP[201.131.38.40], JQuery[3.2.1], Meta-Author[CMF Chile, Comisión para el Mercado Financiero de Chile], Modernizr, Script[Javascript,text/javascript], Title[Comisión para el Mercado Financiero de Chile (CMF Chile)], UncommonHeaders[access-control-allow-origin], X-UA-Compatible[IE=edge]
1401######################################################################################################################################
1402Version: 1.11.13-static
1403OpenSSL 1.0.2-chacha (1.0.2g-dev)
1404
1405Connected to 201.131.38.40
1406
1407Testing SSL server 201.131.38.40 on port 443 using SNI name 201.131.38.40
1408
1409 TLS Fallback SCSV:
1410Server supports TLS Fallback SCSV
1411
1412 TLS renegotiation:
1413Secure session renegotiation supported
1414
1415 TLS Compression:
1416Compression disabled
1417
1418 Heartbleed:
1419TLS 1.2 not vulnerable to heartbleed
1420TLS 1.1 not vulnerable to heartbleed
1421TLS 1.0 not vulnerable to heartbleed
1422
1423 Supported Server Cipher(s):
1424Preferred TLSv1.2 256 bits AES256-GCM-SHA384
1425Accepted TLSv1.2 256 bits AES256-SHA256
1426Accepted TLSv1.2 256 bits AES256-SHA
1427Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1428Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1429Accepted TLSv1.2 128 bits AES128-SHA256
1430Accepted TLSv1.2 128 bits AES128-SHA
1431Accepted TLSv1.2 128 bits SEED-SHA
1432Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1433Accepted TLSv1.2 128 bits IDEA-CBC-SHA
1434Accepted TLSv1.2 112 bits DES-CBC3-SHA
1435Preferred TLSv1.1 256 bits AES256-SHA
1436Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1437Accepted TLSv1.1 128 bits AES128-SHA
1438Accepted TLSv1.1 128 bits SEED-SHA
1439Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1440Accepted TLSv1.1 128 bits IDEA-CBC-SHA
1441Accepted TLSv1.1 112 bits DES-CBC3-SHA
1442Preferred TLSv1.0 256 bits AES256-SHA
1443Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1444Accepted TLSv1.0 128 bits AES128-SHA
1445Accepted TLSv1.0 128 bits SEED-SHA
1446Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1447Accepted TLSv1.0 128 bits IDEA-CBC-SHA
1448Accepted TLSv1.0 112 bits DES-CBC3-SHA
1449
1450 SSL Certificate:
1451Signature Algorithm: sha256WithRSAEncryption
1452RSA Key Strength: 2048
1453
1454Subject: www.svs.cl
1455Altnames: DNS:www.svs.cl, DNS:svs.cl
1456Issuer: DigiCert SHA2 Extended Validation Server CA
1457
1458Not valid before: Dec 27 00:00:00 2017 GMT
1459Not valid after: Feb 25 12:00:00 2020 GMT
1460######################################################################################################################################
1461Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:11 EST
1462Nmap scan report for 201.131.38.40
1463Host is up (0.084s latency).
1464Not shown: 65530 filtered ports
1465PORT STATE SERVICE VERSION
146625/tcp closed smtp
146780/tcp open http Apache httpd
1468|_http-server-header: Apache
1469139/tcp closed netbios-ssn
1470443/tcp open ssl/http Apache httpd
1471|_http-server-header: Apache
1472|_http-title: Comisi\xC3\xB3n para el Mercado Financiero de Chile (CMF Chile)
1473| ssl-cert: Subject: commonName=www.svs.cl/organizationName=Superintendencia de Valores y Seguros/countryName=CL
1474| Subject Alternative Name: DNS:www.svs.cl, DNS:svs.cl
1475| Not valid before: 2017-12-27T00:00:00
1476|_Not valid after: 2020-02-25T12:00:00
1477|_ssl-date: TLS randomness does not represent time
1478445/tcp closed microsoft-ds
1479Device type: general purpose
1480Running (JUST GUESSING): Linux 2.6.X (91%)
1481OS CPE: cpe:/o:linux:linux_kernel:2.6
1482Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%)
1483No exact OS matches for host (test conditions non-ideal).
1484Network Distance: 2 hops
1485
1486TRACEROUTE (using port 139/tcp)
1487HOP RTT ADDRESS
14881 109.77 ms 10.251.204.1
14892 109.77 ms 201.131.38.40
1490#######################################################################################################################################
1491Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:14 EST
1492Nmap scan report for 201.131.38.40
1493Host is up (0.082s latency).
1494
1495PORT STATE SERVICE VERSION
149653/tcp filtered domain
149767/tcp filtered dhcps
149868/tcp filtered dhcpc
149969/tcp filtered tftp
150088/tcp filtered kerberos-sec
1501123/tcp filtered ntp
1502137/tcp filtered netbios-ns
1503138/tcp filtered netbios-dgm
1504139/tcp closed netbios-ssn
1505161/tcp filtered snmp
1506162/tcp filtered snmptrap
1507389/tcp filtered ldap
1508520/tcp filtered efs
15092049/tcp filtered nfs
151053/udp open|filtered domain
151167/udp open|filtered dhcps
151268/udp open|filtered dhcpc
151369/udp open|filtered tftp
151488/udp open|filtered kerberos-sec
1515123/udp open|filtered ntp
1516137/udp filtered netbios-ns
1517138/udp filtered netbios-dgm
1518139/udp open|filtered netbios-ssn
1519161/udp open|filtered snmp
1520162/udp open|filtered snmptrap
1521389/udp open|filtered ldap
1522520/udp open|filtered route
15232049/udp open|filtered nfs
1524Too many fingerprints match this host to give specific OS details
1525Network Distance: 2 hops
1526
1527TRACEROUTE (using port 139/tcp)
1528HOP RTT ADDRESS
15291 102.39 ms 10.251.204.1
15302 102.39 ms 201.131.38.40
1531#######################################################################################################################################
1532Hosts
1533=====
1534
1535address mac name os_name os_flavor os_sp purpose info comments
1536------- --- ---- ------- --------- ----- ------- ---- --------
153787.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
153893.174.93.84 Linux 3.X server
1539185.68.93.22 verbatim1981.example.com Unknown device
1540186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
1541194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
1542201.131.38.40 Linux 2.6.X server
1543
1544Services
1545========
1546
1547host port proto name state info
1548---- ---- ----- ---- ----- ----
154987.247.240.207 21 tcp ftp open ProFTPD
155087.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
155187.247.240.207 67 udp dhcps unknown
155287.247.240.207 68 udp dhcpc unknown
155387.247.240.207 69 udp tftp unknown
155487.247.240.207 80 tcp http open Apache httpd
155587.247.240.207 88 udp kerberos-sec unknown
155687.247.240.207 110 tcp pop3 open Dovecot pop3d
155787.247.240.207 123 udp ntp unknown
155887.247.240.207 139 udp netbios-ssn unknown
155987.247.240.207 143 tcp imap open Dovecot imapd
156087.247.240.207 161 udp snmp unknown
156187.247.240.207 162 udp snmptrap unknown
156287.247.240.207 389 udp ldap unknown
156387.247.240.207 443 tcp ssl/http open Apache httpd
156487.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
156587.247.240.207 520 udp route unknown
156687.247.240.207 587 tcp smtp open Exim smtpd 4.92
156787.247.240.207 993 tcp ssl/imaps open
156887.247.240.207 995 tcp ssl/pop3s open
156987.247.240.207 2049 udp nfs unknown
157093.174.93.84 21 tcp ftp open vsftpd 3.0.2
157193.174.93.84 25 tcp smtp closed
157293.174.93.84 53 tcp domain filtered
157393.174.93.84 53 udp domain filtered
157493.174.93.84 67 tcp dhcps filtered
157593.174.93.84 67 udp dhcps filtered
157693.174.93.84 68 tcp dhcpc filtered
157793.174.93.84 68 udp dhcpc unknown
157893.174.93.84 69 tcp tftp filtered
157993.174.93.84 69 udp tftp unknown
158093.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
158193.174.93.84 88 tcp kerberos-sec filtered
158293.174.93.84 88 udp kerberos-sec unknown
158393.174.93.84 123 tcp ntp filtered
158493.174.93.84 123 udp ntp filtered
158593.174.93.84 137 tcp netbios-ns filtered
158693.174.93.84 137 udp netbios-ns filtered
158793.174.93.84 138 tcp netbios-dgm filtered
158893.174.93.84 138 udp netbios-dgm filtered
158993.174.93.84 139 tcp netbios-ssn closed
159093.174.93.84 139 udp netbios-ssn unknown
159193.174.93.84 161 tcp snmp filtered
159293.174.93.84 161 udp snmp unknown
159393.174.93.84 162 tcp snmptrap filtered
159493.174.93.84 162 udp snmptrap unknown
159593.174.93.84 389 tcp ldap filtered
159693.174.93.84 389 udp ldap filtered
159793.174.93.84 445 tcp microsoft-ds closed
159893.174.93.84 520 tcp efs filtered
159993.174.93.84 520 udp route unknown
160093.174.93.84 2049 tcp nfs filtered
160193.174.93.84 2049 udp nfs unknown
1602185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
1603185.68.93.22 53 tcp domain closed
1604185.68.93.22 53 udp domain unknown
1605185.68.93.22 67 tcp dhcps closed
1606185.68.93.22 67 udp dhcps closed
1607185.68.93.22 68 tcp dhcpc closed
1608185.68.93.22 68 udp dhcpc closed
1609185.68.93.22 69 tcp tftp closed
1610185.68.93.22 69 udp tftp unknown
1611185.68.93.22 88 tcp kerberos-sec closed
1612185.68.93.22 88 udp kerberos-sec unknown
1613185.68.93.22 123 tcp ntp closed
1614185.68.93.22 123 udp ntp closed
1615185.68.93.22 137 tcp netbios-ns closed
1616185.68.93.22 137 udp netbios-ns filtered
1617185.68.93.22 138 tcp netbios-dgm closed
1618185.68.93.22 138 udp netbios-dgm filtered
1619185.68.93.22 139 tcp netbios-ssn closed
1620185.68.93.22 139 udp netbios-ssn closed
1621185.68.93.22 161 tcp snmp closed
1622185.68.93.22 161 udp snmp unknown
1623185.68.93.22 162 tcp snmptrap closed
1624185.68.93.22 162 udp snmptrap closed
1625185.68.93.22 389 tcp ldap closed
1626185.68.93.22 389 udp ldap unknown
1627185.68.93.22 520 tcp efs closed
1628185.68.93.22 520 udp route unknown
1629185.68.93.22 2049 tcp nfs closed
1630185.68.93.22 2049 udp nfs closed
1631186.67.91.110 25 tcp smtp closed
1632186.67.91.110 53 tcp domain filtered
1633186.67.91.110 53 udp domain unknown
1634186.67.91.110 67 tcp dhcps filtered
1635186.67.91.110 67 udp dhcps unknown
1636186.67.91.110 68 tcp dhcpc filtered
1637186.67.91.110 68 udp dhcpc unknown
1638186.67.91.110 69 tcp tftp filtered
1639186.67.91.110 69 udp tftp unknown
1640186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
1641186.67.91.110 88 tcp kerberos-sec filtered
1642186.67.91.110 88 udp kerberos-sec unknown
1643186.67.91.110 123 tcp ntp filtered
1644186.67.91.110 123 udp ntp unknown
1645186.67.91.110 137 tcp netbios-ns filtered
1646186.67.91.110 137 udp netbios-ns filtered
1647186.67.91.110 138 tcp netbios-dgm filtered
1648186.67.91.110 138 udp netbios-dgm filtered
1649186.67.91.110 139 tcp netbios-ssn closed
1650186.67.91.110 139 udp netbios-ssn unknown
1651186.67.91.110 161 tcp snmp filtered
1652186.67.91.110 161 udp snmp unknown
1653186.67.91.110 162 tcp snmptrap filtered
1654186.67.91.110 162 udp snmptrap unknown
1655186.67.91.110 389 tcp ldap filtered
1656186.67.91.110 389 udp ldap unknown
1657186.67.91.110 443 tcp ssl/https open
1658186.67.91.110 445 tcp microsoft-ds closed
1659186.67.91.110 520 tcp efs filtered
1660186.67.91.110 520 udp route unknown
1661186.67.91.110 2049 tcp nfs filtered
1662186.67.91.110 2049 udp nfs unknown
1663194.18.73.2 25 tcp smtp closed
1664194.18.73.2 53 tcp domain filtered
1665194.18.73.2 53 udp domain unknown
1666194.18.73.2 67 tcp dhcps filtered
1667194.18.73.2 67 udp dhcps unknown
1668194.18.73.2 68 tcp dhcpc filtered
1669194.18.73.2 68 udp dhcpc unknown
1670194.18.73.2 69 tcp tftp filtered
1671194.18.73.2 69 udp tftp unknown
1672194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
1673194.18.73.2 88 tcp kerberos-sec filtered
1674194.18.73.2 88 udp kerberos-sec unknown
1675194.18.73.2 113 tcp ident closed
1676194.18.73.2 123 tcp ntp filtered
1677194.18.73.2 123 udp ntp unknown
1678194.18.73.2 137 tcp netbios-ns filtered
1679194.18.73.2 137 udp netbios-ns filtered
1680194.18.73.2 138 tcp netbios-dgm filtered
1681194.18.73.2 138 udp netbios-dgm filtered
1682194.18.73.2 139 tcp netbios-ssn closed
1683194.18.73.2 139 udp netbios-ssn unknown
1684194.18.73.2 161 tcp snmp filtered
1685194.18.73.2 161 udp snmp unknown
1686194.18.73.2 162 tcp snmptrap filtered
1687194.18.73.2 162 udp snmptrap unknown
1688194.18.73.2 389 tcp ldap filtered
1689194.18.73.2 389 udp ldap unknown
1690194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
1691194.18.73.2 445 tcp microsoft-ds closed
1692194.18.73.2 520 tcp efs filtered
1693194.18.73.2 520 udp route closed
1694194.18.73.2 2049 tcp nfs filtered
1695194.18.73.2 2049 udp nfs unknown
1696201.131.38.40 25 tcp smtp closed
1697201.131.38.40 53 tcp domain filtered
1698201.131.38.40 53 udp domain unknown
1699201.131.38.40 67 tcp dhcps filtered
1700201.131.38.40 67 udp dhcps unknown
1701201.131.38.40 68 tcp dhcpc filtered
1702201.131.38.40 68 udp dhcpc unknown
1703201.131.38.40 69 tcp tftp filtered
1704201.131.38.40 69 udp tftp unknown
1705201.131.38.40 80 tcp http open Apache httpd
1706201.131.38.40 88 tcp kerberos-sec filtered
1707201.131.38.40 88 udp kerberos-sec unknown
1708201.131.38.40 123 tcp ntp filtered
1709201.131.38.40 123 udp ntp unknown
1710201.131.38.40 137 tcp netbios-ns filtered
1711201.131.38.40 137 udp netbios-ns filtered
1712201.131.38.40 138 tcp netbios-dgm filtered
1713201.131.38.40 138 udp netbios-dgm filtered
1714201.131.38.40 139 tcp netbios-ssn closed
1715201.131.38.40 139 udp netbios-ssn unknown
1716201.131.38.40 161 tcp snmp filtered
1717201.131.38.40 161 udp snmp unknown
1718201.131.38.40 162 tcp snmptrap filtered
1719201.131.38.40 162 udp snmptrap unknown
1720201.131.38.40 389 tcp ldap filtered
1721201.131.38.40 389 udp ldap unknown
1722201.131.38.40 443 tcp ssl/http open Apache httpd
1723201.131.38.40 445 tcp microsoft-ds closed
1724201.131.38.40 520 tcp efs filtered
1725201.131.38.40 520 udp route unknown
1726201.131.38.40 2049 tcp nfs filtered
1727201.131.38.40 2049 udp nfs unknown
1728######################################################################################################################################
1729Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 15:09 EST
1730Nmap scan report for 201.131.38.40
1731Host is up (0.079s latency).
1732Not shown: 995 filtered ports
1733PORT STATE SERVICE VERSION
173425/tcp closed smtp
173580/tcp open http Apache httpd
1736|_http-server-header: Apache
1737| vulscan: VulDB - https://vuldb.com:
1738| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1739| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1740| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1741| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1742| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1743| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1744| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1745| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1746| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1747| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1748| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1749| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1750| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1751| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1752| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1753| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1754| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1755| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1756| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1757| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1758| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1759| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1760| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1761| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1762| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1763| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1764| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1765| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1766| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1767| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1768| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1769| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1770| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1771| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1772| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1773| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1774| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1775| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1776| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1777| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1778| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1779| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1780| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1781| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1782| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1783| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1784| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1785| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1786| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1787| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1788| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1789| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1790| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1791| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1792| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1793| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1794| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1795| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1796| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1797| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1798| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1799| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1800| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1801| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1802| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1803| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1804| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1805| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1806| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1807| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1808| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1809| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1810| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1811| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1812| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1813| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1814| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1815| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1816| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1817| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1818| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1819| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1820| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1821| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1822| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1823| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1824| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1825| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1826| [136370] Apache Fineract up to 1.2.x sql injection
1827| [136369] Apache Fineract up to 1.2.x sql injection
1828| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1829| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1830| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1831| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1832| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1833| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1834| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1835| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1836| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1837| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1838| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1839| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1840| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1841| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1842| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1843| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1844| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1845| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1846| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1847| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1848| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1849| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1850| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1851| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1852| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1853| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1854| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1855| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1856| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1857| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1858| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1859| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1860| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1861| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1862| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1863| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1864| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1865| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1866| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1867| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1868| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1869| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1870| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1871| [130629] Apache Guacamole Cookie Flag weak encryption
1872| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1873| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1874| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1875| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1876| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1877| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1878| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1879| [130123] Apache Airflow up to 1.8.2 information disclosure
1880| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1881| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1882| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1883| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1884| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1885| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1886| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1887| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1888| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1889| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1890| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1891| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1892| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1893| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1894| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1895| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1896| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1897| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1898| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1899| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1900| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1901| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1902| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1903| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1904| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1905| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1906| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1907| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1908| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1909| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1910| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1911| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1912| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1913| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1914| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1915| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1916| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1917| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1918| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1919| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1920| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1921| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1922| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1923| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1924| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1925| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1926| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1927| [127007] Apache Spark Request Code Execution
1928| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1929| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1930| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1931| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1932| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1933| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1934| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1935| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1936| [126346] Apache Tomcat Path privilege escalation
1937| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1938| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1939| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1940| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1941| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1942| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1943| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1944| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1945| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1946| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1947| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1948| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1949| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1950| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1951| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1952| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1953| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1954| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1955| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1956| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1957| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1958| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1959| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1960| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1961| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1962| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1963| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1964| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1965| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1966| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1967| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1968| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1969| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1970| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1971| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1972| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1973| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1974| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1975| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1976| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1977| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1978| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1979| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1980| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1981| [123197] Apache Sentry up to 2.0.0 privilege escalation
1982| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1983| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1984| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1985| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1986| [122800] Apache Spark 1.3.0 REST API weak authentication
1987| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1988| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1989| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1990| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1991| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1992| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1993| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1994| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1995| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1996| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1997| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1998| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1999| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2000| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2001| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2002| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2003| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2004| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2005| [121354] Apache CouchDB HTTP API Code Execution
2006| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2007| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2008| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2009| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2010| [120168] Apache CXF weak authentication
2011| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2012| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2013| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2014| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2015| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2016| [119306] Apache MXNet Network Interface privilege escalation
2017| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2018| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2019| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2020| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2021| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2022| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2023| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2024| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2025| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2026| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2027| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2028| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2029| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2030| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2031| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2032| [117115] Apache Tika up to 1.17 tika-server command injection
2033| [116929] Apache Fineract getReportType Parameter privilege escalation
2034| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2035| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2036| [116926] Apache Fineract REST Parameter privilege escalation
2037| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2038| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2039| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2040| [115883] Apache Hive up to 2.3.2 privilege escalation
2041| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2042| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2043| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2044| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2045| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2046| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2047| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2048| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2049| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2050| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2051| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2052| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2053| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2054| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2055| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2056| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2057| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2058| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2059| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2060| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2061| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2062| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2063| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2064| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2065| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2066| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2067| [113895] Apache Geode up to 1.3.x Code Execution
2068| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2069| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2070| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2071| [113747] Apache Tomcat Servlets privilege escalation
2072| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2073| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2074| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2075| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2076| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2077| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2078| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2079| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2080| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2081| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2082| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2083| [112885] Apache Allura up to 1.8.0 File information disclosure
2084| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2085| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2086| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2087| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2088| [112625] Apache POI up to 3.16 Loop denial of service
2089| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2090| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2091| [112339] Apache NiFi 1.5.0 Header privilege escalation
2092| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2093| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2094| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2095| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2096| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2097| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2098| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2099| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2100| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2101| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2102| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2103| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2104| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2105| [112114] Oracle 9.1 Apache Log4j privilege escalation
2106| [112113] Oracle 9.1 Apache Log4j privilege escalation
2107| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2108| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2109| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2110| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2111| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2112| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2113| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2114| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2115| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2116| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2117| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2118| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2119| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2120| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2121| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2122| [110701] Apache Fineract Query Parameter sql injection
2123| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2124| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2125| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2126| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2127| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2128| [110106] Apache CXF Fediz Spring cross site request forgery
2129| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2130| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2131| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2132| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2133| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2134| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2135| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2136| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2137| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2138| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2139| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2140| [108938] Apple macOS up to 10.13.1 apache denial of service
2141| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2142| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2143| [108935] Apple macOS up to 10.13.1 apache denial of service
2144| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2145| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2146| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2147| [108931] Apple macOS up to 10.13.1 apache denial of service
2148| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2149| [108929] Apple macOS up to 10.13.1 apache denial of service
2150| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2151| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2152| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2153| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2154| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2155| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2156| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2157| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2158| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2159| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2160| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2161| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2162| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2163| [108782] Apache Xerces2 XML Service denial of service
2164| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2165| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2166| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2167| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2168| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2169| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2170| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2171| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2172| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2173| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2174| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2175| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2176| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2177| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2178| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2179| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2180| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2181| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2182| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2183| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2184| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2185| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2186| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2187| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2188| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2189| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2190| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2191| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2192| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2193| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2194| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2195| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2196| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2197| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2198| [107639] Apache NiFi 1.4.0 XML External Entity
2199| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2200| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2201| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2202| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2203| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2204| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2205| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2206| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2207| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2208| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2209| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2210| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2211| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2212| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2213| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2214| [107084] Apache Struts up to 2.3.19 cross site scripting
2215| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2216| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2217| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2218| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2219| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2220| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2221| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2222| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2223| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2224| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2225| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2226| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2227| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2228| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2229| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2230| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2231| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2232| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2233| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2234| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2235| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2236| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2237| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2238| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2239| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2240| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2241| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2242| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2243| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2244| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2245| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2246| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2247| [105643] Apache Pony Mail up to 0.8b weak authentication
2248| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2249| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2250| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2251| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2252| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2253| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2254| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2255| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2256| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2257| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2258| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2259| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2260| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2261| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2262| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2263| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2264| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2265| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2266| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2267| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2268| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2269| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2270| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2271| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2272| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2273| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2274| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2275| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2276| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2277| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2278| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2279| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2280| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2281| [103690] Apache OpenMeetings 1.0.0 sql injection
2282| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2283| [103688] Apache OpenMeetings 1.0.0 weak encryption
2284| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2285| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2286| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2287| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2288| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2289| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2290| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2291| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2292| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2293| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2294| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2295| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2296| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2297| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2298| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2299| [103352] Apache Solr Node weak authentication
2300| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2301| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2302| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2303| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2304| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2305| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2306| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2307| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2308| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2309| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2310| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2311| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2312| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2313| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2314| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2315| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2316| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2317| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2318| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2319| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2320| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2321| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2322| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2323| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2324| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2325| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2326| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2327| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2328| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2329| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2330| [99937] Apache Batik up to 1.8 privilege escalation
2331| [99936] Apache FOP up to 2.1 privilege escalation
2332| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2333| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2334| [99930] Apache Traffic Server up to 6.2.0 denial of service
2335| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2336| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2337| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2338| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2339| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2340| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2341| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2342| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2343| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2344| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2345| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2346| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2347| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2348| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2349| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2350| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2351| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2352| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2353| [98605] Apple macOS up to 10.12.3 Apache denial of service
2354| [98604] Apple macOS up to 10.12.3 Apache denial of service
2355| [98603] Apple macOS up to 10.12.3 Apache denial of service
2356| [98602] Apple macOS up to 10.12.3 Apache denial of service
2357| [98601] Apple macOS up to 10.12.3 Apache denial of service
2358| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2359| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2360| [98199] Apache Camel Validation XML External Entity
2361| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2362| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2363| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2364| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2365| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2366| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2367| [97081] Apache Tomcat HTTPS Request denial of service
2368| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2369| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2370| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2371| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2372| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2373| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2374| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2375| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2376| [95311] Apache Storm UI Daemon privilege escalation
2377| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2378| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2379| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2380| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2381| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2382| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2383| [94540] Apache Tika 1.9 tika-server File information disclosure
2384| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2385| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2386| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2387| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2388| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2389| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2390| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2391| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2392| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2393| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2394| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2395| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2396| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2397| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2398| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2399| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2400| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2401| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2402| [93532] Apache Commons Collections Library Java privilege escalation
2403| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2404| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2405| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2406| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2407| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2408| [93098] Apache Commons FileUpload privilege escalation
2409| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2410| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2411| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2412| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2413| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2414| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2415| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2416| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2417| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2418| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2419| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2420| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2421| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2422| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2423| [92549] Apache Tomcat on Red Hat privilege escalation
2424| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2425| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2426| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2427| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2428| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2429| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2430| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2431| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2432| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2433| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2434| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2435| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2436| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2437| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2438| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2439| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2440| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2441| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2442| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2443| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2444| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2445| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2446| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2447| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2448| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2449| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2450| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2451| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2452| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2453| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2454| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2455| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2456| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2457| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2458| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2459| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2460| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2461| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2462| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2463| [90263] Apache Archiva Header denial of service
2464| [90262] Apache Archiva Deserialize privilege escalation
2465| [90261] Apache Archiva XML DTD Connection privilege escalation
2466| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2467| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2468| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2469| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2470| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2471| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2472| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2473| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2474| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2475| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2476| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2477| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2478| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2479| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2480| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2481| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2482| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2483| [87765] Apache James Server 2.3.2 Command privilege escalation
2484| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2485| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2486| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2487| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2488| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2489| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2490| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2491| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2492| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2493| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2494| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2495| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2496| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2497| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2498| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2499| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2500| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2501| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2502| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2503| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2504| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2505| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2506| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2507| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2508| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2509| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2510| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2511| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2512| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2513| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2514| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2515| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2516| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2517| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2518| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2519| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2520| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2521| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2522| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2523| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2524| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2525| [82076] Apache Ranger up to 0.5.1 privilege escalation
2526| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2527| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2528| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2529| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2530| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2531| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2532| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2533| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2534| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2535| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2536| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2537| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2538| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2539| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2540| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2541| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2542| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2543| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2544| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2545| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2546| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2547| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2548| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2549| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2550| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2551| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2552| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2553| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2554| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2555| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2556| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2557| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2558| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2559| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2560| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2561| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2562| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2563| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2564| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2565| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2566| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2567| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2568| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2569| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2570| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2571| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2572| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2573| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2574| [78989] Apache Ambari up to 2.1.1 Open Redirect
2575| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2576| [78987] Apache Ambari up to 2.0.x cross site scripting
2577| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2578| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2579| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2580| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2581| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2582| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2583| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2584| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2585| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2586| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2587| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2588| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2589| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2590| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2591| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2592| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2593| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2594| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2595| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2596| [76567] Apache Struts 2.3.20 unknown vulnerability
2597| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2598| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2599| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2600| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2601| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2602| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2603| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2604| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2605| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2606| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2607| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2608| [74793] Apache Tomcat File Upload denial of service
2609| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2610| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2611| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2612| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2613| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2614| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2615| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2616| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2617| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2618| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2619| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2620| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2621| [74468] Apache Batik up to 1.6 denial of service
2622| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2623| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2624| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2625| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2626| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2627| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2628| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2629| [73731] Apache XML Security unknown vulnerability
2630| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2631| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2632| [73593] Apache Traffic Server up to 5.1.0 denial of service
2633| [73511] Apache POI up to 3.10 Deadlock denial of service
2634| [73510] Apache Solr up to 4.3.0 cross site scripting
2635| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2636| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2637| [73173] Apache CloudStack Stack-Based unknown vulnerability
2638| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2639| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2640| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2641| [72890] Apache Qpid 0.30 unknown vulnerability
2642| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2643| [72878] Apache Cordova 3.5.0 cross site request forgery
2644| [72877] Apache Cordova 3.5.0 cross site request forgery
2645| [72876] Apache Cordova 3.5.0 cross site request forgery
2646| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2647| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2648| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2649| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2650| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2651| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2652| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2653| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2654| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2655| [71629] Apache Axis2/C spoofing
2656| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2657| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2658| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2659| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2660| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2661| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2662| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2663| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2664| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2665| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2666| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2667| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2668| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2669| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2670| [70809] Apache POI up to 3.11 Crash denial of service
2671| [70808] Apache POI up to 3.10 unknown vulnerability
2672| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2673| [70749] Apache Axis up to 1.4 getCN spoofing
2674| [70701] Apache Traffic Server up to 3.3.5 denial of service
2675| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2676| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2677| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2678| [70661] Apache Subversion up to 1.6.17 denial of service
2679| [70660] Apache Subversion up to 1.6.17 spoofing
2680| [70659] Apache Subversion up to 1.6.17 spoofing
2681| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2682| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2683| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2684| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2685| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2686| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2687| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2688| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2689| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2690| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2691| [69846] Apache HBase up to 0.94.8 information disclosure
2692| [69783] Apache CouchDB up to 1.2.0 memory corruption
2693| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2694| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2695| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2696| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2697| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2698| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2699| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2700| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2701| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2702| [69431] Apache Archiva up to 1.3.6 cross site scripting
2703| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2704| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2705| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2706| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2707| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2708| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2709| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2710| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2711| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2712| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2713| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2714| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2715| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2716| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2717| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2718| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2719| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2720| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2721| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2722| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2723| [66356] Apache Wicket up to 6.8.0 information disclosure
2724| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2725| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2726| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2727| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2728| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2729| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2730| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2731| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2732| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2733| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2734| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2735| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2736| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2737| [65668] Apache Solr 4.0.0 Updater denial of service
2738| [65665] Apache Solr up to 4.3.0 denial of service
2739| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2740| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2741| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2742| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2743| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2744| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2745| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2746| [65410] Apache Struts 2.3.15.3 cross site scripting
2747| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2748| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2749| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2750| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2751| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2752| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2753| [65340] Apache Shindig 2.5.0 information disclosure
2754| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2755| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2756| [10826] Apache Struts 2 File privilege escalation
2757| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2758| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2759| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2760| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2761| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2762| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2763| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2764| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2765| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2766| [64722] Apache XML Security for C++ Heap-based memory corruption
2767| [64719] Apache XML Security for C++ Heap-based memory corruption
2768| [64718] Apache XML Security for C++ verify denial of service
2769| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2770| [64716] Apache XML Security for C++ spoofing
2771| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2772| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2773| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2774| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2775| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2776| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2777| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2778| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2779| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2780| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2781| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2782| [64467] Apache Geronimo 3.0 memory corruption
2783| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2784| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2785| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2786| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2787| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2788| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2789| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2790| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2791| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2792| [8873] Apache Struts 2.3.14 privilege escalation
2793| [8872] Apache Struts 2.3.14 privilege escalation
2794| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2795| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2796| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2797| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2798| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2799| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2800| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2801| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2802| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2803| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2804| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2805| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2806| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2807| [8427] Apache Tomcat Session Transaction weak authentication
2808| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2809| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2810| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2811| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2812| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2813| [63747] Apache Rave up to 0.20 User Account information disclosure
2814| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2815| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2816| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2817| [7687] Apache CXF up to 2.7.2 Token weak authentication
2818| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2819| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2820| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2821| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2822| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2823| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2824| [63090] Apache Tomcat up to 4.1.24 denial of service
2825| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2826| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2827| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2828| [62833] Apache CXF -/2.6.0 spoofing
2829| [62832] Apache Axis2 up to 1.6.2 spoofing
2830| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2831| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2832| [62826] Apache Libcloud up to 0.11.0 spoofing
2833| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2834| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2835| [62661] Apache Axis2 unknown vulnerability
2836| [62658] Apache Axis2 unknown vulnerability
2837| [62467] Apache Qpid up to 0.17 denial of service
2838| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2839| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2840| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2841| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2842| [62035] Apache Struts up to 2.3.4 denial of service
2843| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2844| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2845| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2846| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2847| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2848| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2849| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2850| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2851| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2852| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2853| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2854| [61229] Apache Sling up to 2.1.1 denial of service
2855| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2856| [61094] Apache Roller up to 5.0 cross site scripting
2857| [61093] Apache Roller up to 5.0 cross site request forgery
2858| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2859| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2860| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2861| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2862| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2863| [60708] Apache Qpid 0.12 unknown vulnerability
2864| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2865| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2866| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2867| [4882] Apache Wicket up to 1.5.4 directory traversal
2868| [4881] Apache Wicket up to 1.4.19 cross site scripting
2869| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2870| [60352] Apache Struts up to 2.2.3 memory corruption
2871| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2872| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2873| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2874| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2875| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2876| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2877| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2878| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2879| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2880| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2881| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2882| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2883| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2884| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2885| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2886| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2887| [59888] Apache Tomcat up to 6.0.6 denial of service
2888| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2889| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2890| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2891| [59850] Apache Geronimo up to 2.2.1 denial of service
2892| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2893| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2894| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2895| [58413] Apache Tomcat up to 6.0.10 spoofing
2896| [58381] Apache Wicket up to 1.4.17 cross site scripting
2897| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2898| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2899| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2900| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2901| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2902| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2903| [57568] Apache Archiva up to 1.3.4 cross site scripting
2904| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2905| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2906| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2907| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2908| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2909| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2910| [57025] Apache Tomcat up to 7.0.11 information disclosure
2911| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2912| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2913| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2914| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2915| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2916| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2917| [56512] Apache Continuum up to 1.4.0 cross site scripting
2918| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2919| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2920| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2921| [56441] Apache Tomcat up to 7.0.6 denial of service
2922| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2923| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2924| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2925| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2926| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2927| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2928| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2929| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2930| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2931| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2932| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2933| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2934| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2935| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2936| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2937| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2938| [54012] Apache Tomcat up to 6.0.10 denial of service
2939| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2940| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2941| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2942| [52894] Apache Tomcat up to 6.0.7 information disclosure
2943| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2944| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2945| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2946| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2947| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2948| [52584] Apache CouchDB up to 0.10.1 information disclosure
2949| [51757] Apache HTTP Server 2.0.44 cross site scripting
2950| [51756] Apache HTTP Server 2.0.44 spoofing
2951| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2952| [51690] Apache Tomcat up to 6.0 directory traversal
2953| [51689] Apache Tomcat up to 6.0 information disclosure
2954| [51688] Apache Tomcat up to 6.0 directory traversal
2955| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2956| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2957| [50626] Apache Solr 1.0.0 cross site scripting
2958| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2959| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2960| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2961| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2962| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2963| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2964| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2965| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2966| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2967| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2968| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2969| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2970| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2971| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2972| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2973| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2974| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2975| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2976| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2977| [47214] Apachefriends xampp 1.6.8 spoofing
2978| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2979| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2980| [47065] Apache Tomcat 4.1.23 cross site scripting
2981| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2982| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2983| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2984| [86625] Apache Struts directory traversal
2985| [44461] Apache Tomcat up to 5.5.0 information disclosure
2986| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2987| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2988| [43663] Apache Tomcat up to 6.0.16 directory traversal
2989| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2990| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2991| [43516] Apache Tomcat up to 4.1.20 directory traversal
2992| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2993| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2994| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2995| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2996| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2997| [40924] Apache Tomcat up to 6.0.15 information disclosure
2998| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2999| [40922] Apache Tomcat up to 6.0 information disclosure
3000| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3001| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3002| [40656] Apache Tomcat 5.5.20 information disclosure
3003| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3004| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3005| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3006| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3007| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3008| [40234] Apache Tomcat up to 6.0.15 directory traversal
3009| [40221] Apache HTTP Server 2.2.6 information disclosure
3010| [40027] David Castro Apache Authcas 0.4 sql injection
3011| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3012| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3013| [3414] Apache Tomcat WebDAV Stored privilege escalation
3014| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3015| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3016| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3017| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3018| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3019| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3020| [38524] Apache Geronimo 2.0 unknown vulnerability
3021| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3022| [38331] Apache Tomcat 4.1.24 information disclosure
3023| [38330] Apache Tomcat 4.1.24 information disclosure
3024| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3025| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3026| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3027| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3028| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3029| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3030| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3031| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3032| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3033| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3034| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3035| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3036| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3037| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3038| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3039| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3040| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3041| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3042| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3043| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3044| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3045| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3046| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3047| [34252] Apache HTTP Server denial of service
3048| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3049| [33877] Apache Opentaps 0.9.3 cross site scripting
3050| [33876] Apache Open For Business Project unknown vulnerability
3051| [33875] Apache Open For Business Project cross site scripting
3052| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3053| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3054|
3055| MITRE CVE - https://cve.mitre.org:
3056| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3057| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3058| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3059| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3060| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3061| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3062| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3063| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3064| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3065| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3066| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3067| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3068| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3069| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3070| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3071| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3072| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3073| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3074| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3075| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3076| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3077| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3078| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3079| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3080| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3081| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3082| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3083| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3084| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3085| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3086| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3087| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3088| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3089| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3090| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3091| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3092| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3093| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3094| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3095| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3096| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3097| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3098| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3099| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3100| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3101| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3102| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3103| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3104| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3105| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3106| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3107| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3108| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3109| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3110| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3111| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3112| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3113| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3114| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3115| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3116| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3117| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3118| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3119| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3120| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3121| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3122| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3123| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3124| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3125| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3126| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3127| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3128| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3129| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3130| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3131| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3132| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3133| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3134| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3135| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3136| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3137| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3138| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3139| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3140| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3141| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3142| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3143| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3144| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3145| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3146| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3147| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3148| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3149| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3150| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3151| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3152| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3153| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3154| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3155| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3156| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3157| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3158| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3159| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3160| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3161| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3162| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3163| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3164| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3165| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3166| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3167| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3168| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3169| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3170| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3171| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3172| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3173| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3174| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3175| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3176| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3177| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3178| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3179| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3180| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3181| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3182| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3183| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3184| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3185| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3186| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3187| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3188| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3189| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3190| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3191| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3192| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3193| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3194| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3195| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3196| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3197| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3198| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3199| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3200| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3201| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3202| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3203| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3204| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3205| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3206| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3207| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3208| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3209| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3210| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3211| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3212| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3213| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3214| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3215| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3216| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3217| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3218| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3219| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3220| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3221| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3222| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3223| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3224| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3225| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3226| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3227| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3228| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3229| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3230| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3231| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3232| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3233| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3234| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3235| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3236| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3237| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3238| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3239| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3240| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3241| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3242| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3243| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3244| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3245| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3246| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3247| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3248| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3249| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3250| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3251| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3252| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3253| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3254| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3255| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3256| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3257| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3258| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3259| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3260| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3261| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3262| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3263| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3264| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3265| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3266| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3267| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3268| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3269| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3270| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3271| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3272| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3273| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3274| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3275| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3276| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3277| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3278| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3279| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3280| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3281| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3282| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3283| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3284| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3285| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3286| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3287| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3288| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3289| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3290| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3291| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3292| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3293| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3294| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3295| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3296| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3297| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3298| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3299| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3300| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3301| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3302| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3303| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3304| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3305| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3306| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3307| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3308| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3309| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3310| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3311| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3312| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3313| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3314| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3315| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3316| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3317| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3318| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3319| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3320| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3321| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3322| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3323| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3324| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3325| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3326| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3327| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3328| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3329| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3330| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3331| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3332| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3333| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3334| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3335| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3336| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3337| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3338| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3339| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3340| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3341| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3342| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3343| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3344| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3345| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3346| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3347| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3348| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3349| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3350| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3351| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3352| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3353| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3354| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3355| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3356| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3357| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3358| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3359| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3360| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3361| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3362| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3363| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3364| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3365| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3366| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3367| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3368| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3369| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3370| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3371| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3372| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3373| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3374| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3375| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3376| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3377| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3378| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3379| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3380| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3381| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3382| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3383| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3384| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3385| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3386| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3387| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3388| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3389| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3390| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3391| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3392| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3393| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3394| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3395| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3396| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3397| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3398| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3399| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3400| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3401| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3402| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3403| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3404| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3405| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3406| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3407| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3408| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3409| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3410| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3411| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3412| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3413| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3414| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3415| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3416| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3417| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3418| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3419| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3420| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3421| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3422| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3423| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3424| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3425| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3426| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3427| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3428| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3429| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3430| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3431| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3432| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3433| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3434| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3435| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3436| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3437| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3438| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3439| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3440| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3441| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3442| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3443| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3444| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3445| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3446| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3447| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3448| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3449| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3450| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3451| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3452| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3453| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3454| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3455| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3456| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3457| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3458| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3459| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3460| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3461| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3462| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3463| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3464| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3465| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3466| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3467| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3468| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3469| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3470| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3471| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3472| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3473| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3474| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3475| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3476| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3477| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3478| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3479| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3480| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3481| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3482| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3483| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3484| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3485| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3486| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3487| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3488| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3489| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3490| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3491| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3492| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3493| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3494| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3495| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3496| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3497| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3498| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3499| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3500| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3501| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3502| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3503| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3504| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3505| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3506| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3507| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3508| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3509| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3510| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3511| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3512| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3513| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3514| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3515| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3516| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3517| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3518| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3519| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3520| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3521| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3522| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3523| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3524| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3525| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3526| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3527| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3528| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3529| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3530| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3531| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3532| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3533| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3534| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3535| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3536| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3537| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3538| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3539| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3540| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3541| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3542| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3543| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3544| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3545| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3546| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3547| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3548| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3549| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3550| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3551| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3552| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3553| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3554| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3555| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3556| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3557| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3558| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3559| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3560| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3561| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3562| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3563| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3564| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3565| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3566| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3567| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3568| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3569| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3570| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3571| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3572| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3573| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3574| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3575| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3576| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3577| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3578| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3579| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3580| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3581| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3582| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3583| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3584| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3585| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3586| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3587| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3588| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3589| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3590| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3591| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3592| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3593| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3594| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3595| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3596| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3597| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3598| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3599| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3600| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3601| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3602| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3603| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3604| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3605| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3606| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3607| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3608| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3609| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3610| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3611| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3612| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3613| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3614| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3615| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3616| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3617| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3618| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3619| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3620| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3621| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3622| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3623| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3624| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3625| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3626| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3627| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3628| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3629| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3630| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3631| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3632| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3633| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3634| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3635| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3636| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3637| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3638| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3639| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3640| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3641| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3642| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3643| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3644| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3645| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3646| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3647| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3648| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3649| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3650| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3651| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3652| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3653| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3654| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3655| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3656| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3657| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3658| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3659| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3660| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3661| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3662| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3663| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3664| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3665|
3666| SecurityFocus - https://www.securityfocus.com/bid/:
3667| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3668| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3669| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3670| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3671| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3672| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3673| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3674| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3675| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3676| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3677| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3678| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3679| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3680| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3681| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3682| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3683| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3684| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3685| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3686| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3687| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3688| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3689| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3690| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3691| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3692| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3693| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3694| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3695| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3696| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3697| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3698| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3699| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3700| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3701| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3702| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3703| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3704| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3705| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3706| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3707| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3708| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3709| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3710| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3711| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3712| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3713| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3714| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3715| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3716| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3717| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3718| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3719| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3720| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3721| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3722| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3723| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3724| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3725| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3726| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3727| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3728| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3729| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3730| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3731| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3732| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3733| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3734| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3735| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3736| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3737| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3738| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3739| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3740| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3741| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3742| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3743| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3744| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3745| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3746| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3747| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3748| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3749| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3750| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3751| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3752| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3753| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3754| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3755| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3756| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3757| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3758| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3759| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3760| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3761| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3762| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3763| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3764| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3765| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3766| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3767| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3768| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3769| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3770| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3771| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3772| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3773| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3774| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3775| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3776| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3777| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3778| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3779| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3780| [100447] Apache2Triad Multiple Security Vulnerabilities
3781| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3782| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3783| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3784| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3785| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3786| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3787| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3788| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3789| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3790| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3791| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3792| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3793| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3794| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3795| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3796| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3797| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3798| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3799| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3800| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3801| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3802| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3803| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3804| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3805| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3806| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3807| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3808| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3809| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3810| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3811| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3812| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3813| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3814| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3815| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3816| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3817| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3818| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3819| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3820| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3821| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3822| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3823| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3824| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3825| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3826| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3827| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3828| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3829| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3830| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3831| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3832| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3833| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3834| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3835| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3836| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3837| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3838| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3839| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3840| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3841| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3842| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3843| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3844| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3845| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3846| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3847| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3848| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3849| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3850| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3851| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3852| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3853| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3854| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3855| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3856| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3857| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3858| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3859| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3860| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3861| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3862| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3863| [95675] Apache Struts Remote Code Execution Vulnerability
3864| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3865| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3866| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3867| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3868| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3869| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3870| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3871| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3872| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3873| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3874| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3875| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3876| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3877| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3878| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3879| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3880| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3881| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3882| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3883| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3884| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3885| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3886| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3887| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3888| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3889| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3890| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3891| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3892| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3893| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3894| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3895| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3896| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3897| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3898| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3899| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3900| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3901| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3902| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3903| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3904| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3905| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3906| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3907| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3908| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3909| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3910| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3911| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3912| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3913| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3914| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3915| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3916| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3917| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3918| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3919| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3920| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3921| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3922| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3923| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3924| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3925| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3926| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3927| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3928| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3929| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3930| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3931| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3932| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3933| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3934| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3935| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3936| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3937| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3938| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3939| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3940| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3941| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3942| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3943| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3944| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3945| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3946| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3947| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3948| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3949| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3950| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3951| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3952| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3953| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3954| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3955| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3956| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3957| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3958| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3959| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3960| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3961| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3962| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3963| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3964| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3965| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3966| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3967| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3968| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3969| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3970| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3971| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3972| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3973| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3974| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3975| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3976| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3977| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3978| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3979| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3980| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3981| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3982| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3983| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3984| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3985| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3986| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3987| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3988| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3989| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3990| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3991| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3992| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3993| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3994| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3995| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3996| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3997| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3998| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3999| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4000| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4001| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4002| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4003| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4004| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4005| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4006| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4007| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4008| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4009| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4010| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4011| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4012| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4013| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4014| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4015| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4016| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4017| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4018| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4019| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4020| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4021| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4022| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4023| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4024| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4025| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4026| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4027| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4028| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4029| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4030| [76933] Apache James Server Unspecified Command Execution Vulnerability
4031| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4032| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4033| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4034| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4035| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4036| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4037| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4038| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4039| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4040| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4041| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4042| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4043| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4044| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4045| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4046| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4047| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4048| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4049| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4050| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4051| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4052| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4053| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4054| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4055| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4056| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4057| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4058| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4059| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4060| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4061| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4062| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4063| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4064| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4065| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4066| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4067| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4068| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4069| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4070| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4071| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4072| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4073| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4074| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4075| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4076| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4077| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4078| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4079| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4080| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4081| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4082| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4083| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4084| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4085| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4086| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4087| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4088| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4089| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4090| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4091| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4092| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4093| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4094| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4095| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4096| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4097| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4098| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4099| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4100| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4101| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4102| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4103| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4104| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4105| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4106| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4107| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4108| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4109| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4110| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4111| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4112| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4113| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4114| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4115| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4116| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4117| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4118| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4119| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4120| [68229] Apache Harmony PRNG Entropy Weakness
4121| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4122| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4123| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4124| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4125| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4126| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4127| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4128| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4129| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4130| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4131| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4132| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4133| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4134| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4135| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4136| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4137| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4138| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4139| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4140| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4141| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4142| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4143| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4144| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4145| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4146| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4147| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4148| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4149| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4150| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4151| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4152| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4153| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4154| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4155| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4156| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4157| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4158| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4159| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4160| [64780] Apache CloudStack Unauthorized Access Vulnerability
4161| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4162| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4163| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4164| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4165| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4166| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4167| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4168| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4169| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4170| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4171| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4172| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4173| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4174| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4175| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4176| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4177| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4178| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4179| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4180| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4181| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4182| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4183| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4184| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4185| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4186| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4187| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4188| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4189| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4190| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4191| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4192| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4193| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4194| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4195| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4196| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4197| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4198| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4199| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4200| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4201| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4202| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4203| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4204| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4205| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4206| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4207| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4208| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4209| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4210| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4211| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4212| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4213| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4214| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4215| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4216| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4217| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4218| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4219| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4220| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4221| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4222| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4223| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4224| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4225| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4226| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4227| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4228| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4229| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4230| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4231| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4232| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4233| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4234| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4235| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4236| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4237| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4238| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4239| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4240| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4241| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4242| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4243| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4244| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4245| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4246| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4247| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4248| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4249| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4250| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4251| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4252| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4253| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4254| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4255| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4256| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4257| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4258| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4259| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4260| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4261| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4262| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4263| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4264| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4265| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4266| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4267| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4268| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4269| [54798] Apache Libcloud Man In The Middle Vulnerability
4270| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4271| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4272| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4273| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4274| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4275| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4276| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4277| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4278| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4279| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4280| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4281| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4282| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4283| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4284| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4285| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4286| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4287| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4288| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4289| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4290| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4291| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4292| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4293| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4294| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4295| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4296| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4297| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4298| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4299| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4300| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4301| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4302| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4303| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4304| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4305| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4306| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4307| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4308| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4309| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4310| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4311| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4312| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4313| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4314| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4315| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4316| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4317| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4318| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4319| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4320| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4321| [49290] Apache Wicket Cross Site Scripting Vulnerability
4322| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4323| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4324| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4325| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4326| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4327| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4328| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4329| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4330| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4331| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4332| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4333| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4334| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4335| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4336| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4337| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4338| [46953] Apache MPM-ITK Module Security Weakness
4339| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4340| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4341| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4342| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4343| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4344| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4345| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4346| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4347| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4348| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4349| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4350| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4351| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4352| [44616] Apache Shiro Directory Traversal Vulnerability
4353| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4354| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4355| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4356| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4357| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4358| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4359| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4360| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4361| [42492] Apache CXF XML DTD Processing Security Vulnerability
4362| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4363| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4364| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4365| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4366| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4367| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4368| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4369| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4370| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4371| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4372| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4373| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4374| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4375| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4376| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4377| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4378| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4379| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4380| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4381| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4382| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4383| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4384| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4385| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4386| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4387| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4388| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4389| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4390| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4391| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4392| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4393| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4394| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4395| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4396| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4397| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4398| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4399| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4400| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4401| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4402| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4403| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4404| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4405| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4406| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4407| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4408| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4409| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4410| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4411| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4412| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4413| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4414| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4415| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4416| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4417| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4418| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4419| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4420| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4421| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4422| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4423| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4424| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4425| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4426| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4427| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4428| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4429| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4430| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4431| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4432| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4433| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4434| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4435| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4436| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4437| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4438| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4439| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4440| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4441| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4442| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4443| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4444| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4445| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4446| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4447| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4448| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4449| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4450| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4451| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4452| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4453| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4454| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4455| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4456| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4457| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4458| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4459| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4460| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4461| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4462| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4463| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4464| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4465| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4466| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4467| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4468| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4469| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4470| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4471| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4472| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4473| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4474| [20527] Apache Mod_TCL Remote Format String Vulnerability
4475| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4476| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4477| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4478| [19106] Apache Tomcat Information Disclosure Vulnerability
4479| [18138] Apache James SMTP Denial Of Service Vulnerability
4480| [17342] Apache Struts Multiple Remote Vulnerabilities
4481| [17095] Apache Log4Net Denial Of Service Vulnerability
4482| [16916] Apache mod_python FileSession Code Execution Vulnerability
4483| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4484| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4485| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4486| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4487| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4488| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4489| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4490| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4491| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4492| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4493| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4494| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4495| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4496| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4497| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4498| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4499| [14106] Apache HTTP Request Smuggling Vulnerability
4500| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4501| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4502| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4503| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4504| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4505| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4506| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4507| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4508| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4509| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4510| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4511| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4512| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4513| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4514| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4515| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4516| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4517| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4518| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4519| [11094] Apache mod_ssl Denial Of Service Vulnerability
4520| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4521| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4522| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4523| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4524| [10478] ClueCentral Apache Suexec Patch Security Weakness
4525| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4526| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4527| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4528| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4529| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4530| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4531| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4532| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4533| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4534| [9733] Apache Cygwin Directory Traversal Vulnerability
4535| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4536| [9590] Apache-SSL Client Certificate Forging Vulnerability
4537| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4538| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4539| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4540| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4541| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4542| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4543| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4544| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4545| [8898] Red Hat Apache Directory Index Default Configuration Error
4546| [8883] Apache Cocoon Directory Traversal Vulnerability
4547| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4548| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4549| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4550| [8707] Apache htpasswd Password Entropy Weakness
4551| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4552| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4553| [8226] Apache HTTP Server Multiple Vulnerabilities
4554| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4555| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4556| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4557| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4558| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4559| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4560| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4561| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4562| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4563| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4564| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4565| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4566| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4567| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4568| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4569| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4570| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4571| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4572| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4573| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4574| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4575| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4576| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4577| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4578| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4579| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4580| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4581| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4582| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4583| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4584| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4585| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4586| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4587| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4588| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4589| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4590| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4591| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4592| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4593| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4594| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4595| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4596| [5485] Apache 2.0 Path Disclosure Vulnerability
4597| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4598| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4599| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4600| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4601| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4602| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4603| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4604| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4605| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4606| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4607| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4608| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4609| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4610| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4611| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4612| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4613| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4614| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4615| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4616| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4617| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4618| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4619| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4620| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4621| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4622| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4623| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4624| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4625| [3596] Apache Split-Logfile File Append Vulnerability
4626| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4627| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4628| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4629| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4630| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4631| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4632| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4633| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4634| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4635| [3169] Apache Server Address Disclosure Vulnerability
4636| [3009] Apache Possible Directory Index Disclosure Vulnerability
4637| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4638| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4639| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4640| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4641| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4642| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4643| [2216] Apache Web Server DoS Vulnerability
4644| [2182] Apache /tmp File Race Vulnerability
4645| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4646| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4647| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4648| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4649| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4650| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4651| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4652| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4653| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4654| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4655| [1457] Apache::ASP source.asp Example Script Vulnerability
4656| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4657| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4658|
4659| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4660| [86258] Apache CloudStack text fields cross-site scripting
4661| [85983] Apache Subversion mod_dav_svn module denial of service
4662| [85875] Apache OFBiz UEL code execution
4663| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4664| [85871] Apache HTTP Server mod_session_dbd unspecified
4665| [85756] Apache Struts OGNL expression command execution
4666| [85755] Apache Struts DefaultActionMapper class open redirect
4667| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4668| [85574] Apache HTTP Server mod_dav denial of service
4669| [85573] Apache Struts Showcase App OGNL code execution
4670| [85496] Apache CXF denial of service
4671| [85423] Apache Geronimo RMI classloader code execution
4672| [85326] Apache Santuario XML Security for C++ buffer overflow
4673| [85323] Apache Santuario XML Security for Java spoofing
4674| [85319] Apache Qpid Python client SSL spoofing
4675| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4676| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4677| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4678| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4679| [84952] Apache Tomcat CVE-2012-3544 denial of service
4680| [84763] Apache Struts CVE-2013-2135 security bypass
4681| [84762] Apache Struts CVE-2013-2134 security bypass
4682| [84719] Apache Subversion CVE-2013-2088 command execution
4683| [84718] Apache Subversion CVE-2013-2112 denial of service
4684| [84717] Apache Subversion CVE-2013-1968 denial of service
4685| [84577] Apache Tomcat security bypass
4686| [84576] Apache Tomcat symlink
4687| [84543] Apache Struts CVE-2013-2115 security bypass
4688| [84542] Apache Struts CVE-2013-1966 security bypass
4689| [84154] Apache Tomcat session hijacking
4690| [84144] Apache Tomcat denial of service
4691| [84143] Apache Tomcat information disclosure
4692| [84111] Apache HTTP Server command execution
4693| [84043] Apache Virtual Computing Lab cross-site scripting
4694| [84042] Apache Virtual Computing Lab cross-site scripting
4695| [83782] Apache CloudStack information disclosure
4696| [83781] Apache CloudStack security bypass
4697| [83720] Apache ActiveMQ cross-site scripting
4698| [83719] Apache ActiveMQ denial of service
4699| [83718] Apache ActiveMQ denial of service
4700| [83263] Apache Subversion denial of service
4701| [83262] Apache Subversion denial of service
4702| [83261] Apache Subversion denial of service
4703| [83259] Apache Subversion denial of service
4704| [83035] Apache mod_ruid2 security bypass
4705| [82852] Apache Qpid federation_tag security bypass
4706| [82851] Apache Qpid qpid::framing::Buffer denial of service
4707| [82758] Apache Rave User RPC API information disclosure
4708| [82663] Apache Subversion svn_fs_file_length() denial of service
4709| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4710| [82641] Apache Qpid AMQP denial of service
4711| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4712| [82618] Apache Commons FileUpload symlink
4713| [82360] Apache HTTP Server manager interface cross-site scripting
4714| [82359] Apache HTTP Server hostnames cross-site scripting
4715| [82338] Apache Tomcat log/logdir information disclosure
4716| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4717| [82268] Apache OpenJPA deserialization command execution
4718| [81981] Apache CXF UsernameTokens security bypass
4719| [81980] Apache CXF WS-Security security bypass
4720| [81398] Apache OFBiz cross-site scripting
4721| [81240] Apache CouchDB directory traversal
4722| [81226] Apache CouchDB JSONP code execution
4723| [81225] Apache CouchDB Futon user interface cross-site scripting
4724| [81211] Apache Axis2/C SSL spoofing
4725| [81167] Apache CloudStack DeployVM information disclosure
4726| [81166] Apache CloudStack AddHost API information disclosure
4727| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4728| [80518] Apache Tomcat cross-site request forgery security bypass
4729| [80517] Apache Tomcat FormAuthenticator security bypass
4730| [80516] Apache Tomcat NIO denial of service
4731| [80408] Apache Tomcat replay-countermeasure security bypass
4732| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4733| [80317] Apache Tomcat slowloris denial of service
4734| [79984] Apache Commons HttpClient SSL spoofing
4735| [79983] Apache CXF SSL spoofing
4736| [79830] Apache Axis2/Java SSL spoofing
4737| [79829] Apache Axis SSL spoofing
4738| [79809] Apache Tomcat DIGEST security bypass
4739| [79806] Apache Tomcat parseHeaders() denial of service
4740| [79540] Apache OFBiz unspecified
4741| [79487] Apache Axis2 SAML security bypass
4742| [79212] Apache Cloudstack code execution
4743| [78734] Apache CXF SOAP Action security bypass
4744| [78730] Apache Qpid broker denial of service
4745| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4746| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4747| [78562] Apache mod_pagespeed module security bypass
4748| [78454] Apache Axis2 security bypass
4749| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4750| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4751| [78321] Apache Wicket unspecified cross-site scripting
4752| [78183] Apache Struts parameters denial of service
4753| [78182] Apache Struts cross-site request forgery
4754| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4755| [77987] mod_rpaf module for Apache denial of service
4756| [77958] Apache Struts skill name code execution
4757| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4758| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4759| [77568] Apache Qpid broker security bypass
4760| [77421] Apache Libcloud spoofing
4761| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4762| [77046] Oracle Solaris Apache HTTP Server information disclosure
4763| [76837] Apache Hadoop information disclosure
4764| [76802] Apache Sling CopyFrom denial of service
4765| [76692] Apache Hadoop symlink
4766| [76535] Apache Roller console cross-site request forgery
4767| [76534] Apache Roller weblog cross-site scripting
4768| [76152] Apache CXF elements security bypass
4769| [76151] Apache CXF child policies security bypass
4770| [75983] MapServer for Windows Apache file include
4771| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4772| [75558] Apache POI denial of service
4773| [75545] PHP apache_request_headers() buffer overflow
4774| [75302] Apache Qpid SASL security bypass
4775| [75211] Debian GNU/Linux apache 2 cross-site scripting
4776| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4777| [74871] Apache OFBiz FlexibleStringExpander code execution
4778| [74870] Apache OFBiz multiple cross-site scripting
4779| [74750] Apache Hadoop unspecified spoofing
4780| [74319] Apache Struts XSLTResult.java file upload
4781| [74313] Apache Traffic Server header buffer overflow
4782| [74276] Apache Wicket directory traversal
4783| [74273] Apache Wicket unspecified cross-site scripting
4784| [74181] Apache HTTP Server mod_fcgid module denial of service
4785| [73690] Apache Struts OGNL code execution
4786| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4787| [73100] Apache MyFaces in directory traversal
4788| [73096] Apache APR hash denial of service
4789| [73052] Apache Struts name cross-site scripting
4790| [73030] Apache CXF UsernameToken security bypass
4791| [72888] Apache Struts lastName cross-site scripting
4792| [72758] Apache HTTP Server httpOnly information disclosure
4793| [72757] Apache HTTP Server MPM denial of service
4794| [72585] Apache Struts ParameterInterceptor security bypass
4795| [72438] Apache Tomcat Digest security bypass
4796| [72437] Apache Tomcat Digest security bypass
4797| [72436] Apache Tomcat DIGEST security bypass
4798| [72425] Apache Tomcat parameter denial of service
4799| [72422] Apache Tomcat request object information disclosure
4800| [72377] Apache HTTP Server scoreboard security bypass
4801| [72345] Apache HTTP Server HTTP request denial of service
4802| [72229] Apache Struts ExceptionDelegator command execution
4803| [72089] Apache Struts ParameterInterceptor directory traversal
4804| [72088] Apache Struts CookieInterceptor command execution
4805| [72047] Apache Geronimo hash denial of service
4806| [72016] Apache Tomcat hash denial of service
4807| [71711] Apache Struts OGNL expression code execution
4808| [71654] Apache Struts interfaces security bypass
4809| [71620] Apache ActiveMQ failover denial of service
4810| [71617] Apache HTTP Server mod_proxy module information disclosure
4811| [71508] Apache MyFaces EL security bypass
4812| [71445] Apache HTTP Server mod_proxy security bypass
4813| [71203] Apache Tomcat servlets privilege escalation
4814| [71181] Apache HTTP Server ap_pregsub() denial of service
4815| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4816| [70336] Apache HTTP Server mod_proxy information disclosure
4817| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4818| [69472] Apache Tomcat AJP security bypass
4819| [69396] Apache HTTP Server ByteRange filter denial of service
4820| [69394] Apache Wicket multi window support cross-site scripting
4821| [69176] Apache Tomcat XML information disclosure
4822| [69161] Apache Tomcat jsvc information disclosure
4823| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4824| [68541] Apache Tomcat sendfile information disclosure
4825| [68420] Apache XML Security denial of service
4826| [68238] Apache Tomcat JMX information disclosure
4827| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4828| [67804] Apache Subversion control rules information disclosure
4829| [67803] Apache Subversion control rules denial of service
4830| [67802] Apache Subversion baselined denial of service
4831| [67672] Apache Archiva multiple cross-site scripting
4832| [67671] Apache Archiva multiple cross-site request forgery
4833| [67564] Apache APR apr_fnmatch() denial of service
4834| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4835| [67515] Apache Tomcat annotations security bypass
4836| [67480] Apache Struts s:submit information disclosure
4837| [67414] Apache APR apr_fnmatch() denial of service
4838| [67356] Apache Struts javatemplates cross-site scripting
4839| [67354] Apache Struts Xwork cross-site scripting
4840| [66676] Apache Tomcat HTTP BIO information disclosure
4841| [66675] Apache Tomcat web.xml security bypass
4842| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4843| [66241] Apache HttpComponents information disclosure
4844| [66154] Apache Tomcat ServletSecurity security bypass
4845| [65971] Apache Tomcat ServletSecurity security bypass
4846| [65876] Apache Subversion mod_dav_svn denial of service
4847| [65343] Apache Continuum unspecified cross-site scripting
4848| [65162] Apache Tomcat NIO connector denial of service
4849| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4850| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4851| [65159] Apache Tomcat ServletContect security bypass
4852| [65050] Apache CouchDB web-based administration UI cross-site scripting
4853| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4854| [64473] Apache Subversion blame -g denial of service
4855| [64472] Apache Subversion walk() denial of service
4856| [64407] Apache Axis2 CVE-2010-0219 code execution
4857| [63926] Apache Archiva password privilege escalation
4858| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4859| [63493] Apache Archiva credentials cross-site request forgery
4860| [63477] Apache Tomcat HttpOnly session hijacking
4861| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4862| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4863| [62959] Apache Shiro filters security bypass
4864| [62790] Apache Perl cgi module denial of service
4865| [62576] Apache Qpid exchange denial of service
4866| [62575] Apache Qpid AMQP denial of service
4867| [62354] Apache Qpid SSL denial of service
4868| [62235] Apache APR-util apr_brigade_split_line() denial of service
4869| [62181] Apache XML-RPC SAX Parser information disclosure
4870| [61721] Apache Traffic Server cache poisoning
4871| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4872| [61186] Apache CouchDB Futon cross-site request forgery
4873| [61169] Apache CXF DTD denial of service
4874| [61070] Apache Jackrabbit search.jsp SQL injection
4875| [61006] Apache SLMS Quoting cross-site request forgery
4876| [60962] Apache Tomcat time cross-site scripting
4877| [60883] Apache mod_proxy_http information disclosure
4878| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4879| [60264] Apache Tomcat Transfer-Encoding denial of service
4880| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4881| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4882| [59413] Apache mod_proxy_http timeout information disclosure
4883| [59058] Apache MyFaces unencrypted view state cross-site scripting
4884| [58827] Apache Axis2 xsd file include
4885| [58790] Apache Axis2 modules cross-site scripting
4886| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4887| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4888| [58056] Apache ActiveMQ .jsp source code disclosure
4889| [58055] Apache Tomcat realm name information disclosure
4890| [58046] Apache HTTP Server mod_auth_shadow security bypass
4891| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4892| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4893| [57429] Apache CouchDB algorithms information disclosure
4894| [57398] Apache ActiveMQ Web console cross-site request forgery
4895| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4896| [56653] Apache HTTP Server DNS spoofing
4897| [56652] Apache HTTP Server DNS cross-site scripting
4898| [56625] Apache HTTP Server request header information disclosure
4899| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4900| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4901| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4902| [55857] Apache Tomcat WAR files directory traversal
4903| [55856] Apache Tomcat autoDeploy attribute security bypass
4904| [55855] Apache Tomcat WAR directory traversal
4905| [55210] Intuit component for Joomla! Apache information disclosure
4906| [54533] Apache Tomcat 404 error page cross-site scripting
4907| [54182] Apache Tomcat admin default password
4908| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4909| [53666] Apache HTTP Server Solaris pollset support denial of service
4910| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4911| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4912| [53041] mod_proxy_ftp module for Apache denial of service
4913| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4914| [51953] Apache Tomcat Path Disclosure
4915| [51952] Apache Tomcat Path Traversal
4916| [51951] Apache stronghold-status Information Disclosure
4917| [51950] Apache stronghold-info Information Disclosure
4918| [51949] Apache PHP Source Code Disclosure
4919| [51948] Apache Multiviews Attack
4920| [51946] Apache JServ Environment Status Information Disclosure
4921| [51945] Apache error_log Information Disclosure
4922| [51944] Apache Default Installation Page Pattern Found
4923| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4924| [51942] Apache AXIS XML External Entity File Retrieval
4925| [51941] Apache AXIS Sample Servlet Information Leak
4926| [51940] Apache access_log Information Disclosure
4927| [51626] Apache mod_deflate denial of service
4928| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4929| [51365] Apache Tomcat RequestDispatcher security bypass
4930| [51273] Apache HTTP Server Incomplete Request denial of service
4931| [51195] Apache Tomcat XML information disclosure
4932| [50994] Apache APR-util xml/apr_xml.c denial of service
4933| [50993] Apache APR-util apr_brigade_vprintf denial of service
4934| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4935| [50930] Apache Tomcat j_security_check information disclosure
4936| [50928] Apache Tomcat AJP denial of service
4937| [50884] Apache HTTP Server XML ENTITY denial of service
4938| [50808] Apache HTTP Server AllowOverride privilege escalation
4939| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4940| [50059] Apache mod_proxy_ajp information disclosure
4941| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4942| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4943| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4944| [49921] Apache ActiveMQ Web interface cross-site scripting
4945| [49898] Apache Geronimo Services/Repository directory traversal
4946| [49725] Apache Tomcat mod_jk module information disclosure
4947| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4948| [49712] Apache Struts unspecified cross-site scripting
4949| [49213] Apache Tomcat cal2.jsp cross-site scripting
4950| [48934] Apache Tomcat POST doRead method information disclosure
4951| [48211] Apache Tomcat header HTTP request smuggling
4952| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4953| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4954| [47709] Apache Roller "
4955| [47104] Novell Netware ApacheAdmin console security bypass
4956| [47086] Apache HTTP Server OS fingerprinting unspecified
4957| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4958| [45791] Apache Tomcat RemoteFilterValve security bypass
4959| [44435] Oracle WebLogic Apache Connector buffer overflow
4960| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4961| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4962| [44156] Apache Tomcat RequestDispatcher directory traversal
4963| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4964| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4965| [42987] Apache HTTP Server mod_proxy module denial of service
4966| [42915] Apache Tomcat JSP files path disclosure
4967| [42914] Apache Tomcat MS-DOS path disclosure
4968| [42892] Apache Tomcat unspecified unauthorized access
4969| [42816] Apache Tomcat Host Manager cross-site scripting
4970| [42303] Apache 403 error cross-site scripting
4971| [41618] Apache-SSL ExpandCert() authentication bypass
4972| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4973| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4974| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4975| [40562] Apache Geronimo init information disclosure
4976| [40478] Novell Web Manager webadmin-apache.conf security bypass
4977| [40411] Apache Tomcat exception handling information disclosure
4978| [40409] Apache Tomcat native (APR based) connector weak security
4979| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4980| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4981| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4982| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4983| [39804] Apache Tomcat SingleSignOn information disclosure
4984| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4985| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4986| [39608] Apache HTTP Server balancer manager cross-site request forgery
4987| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4988| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4989| [39472] Apache HTTP Server mod_status cross-site scripting
4990| [39201] Apache Tomcat JULI logging weak security
4991| [39158] Apache HTTP Server Windows SMB shares information disclosure
4992| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4993| [38951] Apache::AuthCAS Perl module cookie SQL injection
4994| [38800] Apache HTTP Server 413 error page cross-site scripting
4995| [38211] Apache Geronimo SQLLoginModule authentication bypass
4996| [37243] Apache Tomcat WebDAV directory traversal
4997| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4998| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4999| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5000| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5001| [36782] Apache Geronimo MEJB unauthorized access
5002| [36586] Apache HTTP Server UTF-7 cross-site scripting
5003| [36468] Apache Geronimo LoginModule security bypass
5004| [36467] Apache Tomcat functions.jsp cross-site scripting
5005| [36402] Apache Tomcat calendar cross-site request forgery
5006| [36354] Apache HTTP Server mod_proxy module denial of service
5007| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5008| [36336] Apache Derby lock table privilege escalation
5009| [36335] Apache Derby schema privilege escalation
5010| [36006] Apache Tomcat "
5011| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5012| [35999] Apache Tomcat \"
5013| [35795] Apache Tomcat CookieExample cross-site scripting
5014| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5015| [35384] Apache HTTP Server mod_cache module denial of service
5016| [35097] Apache HTTP Server mod_status module cross-site scripting
5017| [35095] Apache HTTP Server Prefork MPM module denial of service
5018| [34984] Apache HTTP Server recall_headers information disclosure
5019| [34966] Apache HTTP Server MPM content spoofing
5020| [34965] Apache HTTP Server MPM information disclosure
5021| [34963] Apache HTTP Server MPM multiple denial of service
5022| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5023| [34869] Apache Tomcat JSP example Web application cross-site scripting
5024| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5025| [34496] Apache Tomcat JK Connector security bypass
5026| [34377] Apache Tomcat hello.jsp cross-site scripting
5027| [34212] Apache Tomcat SSL configuration security bypass
5028| [34210] Apache Tomcat Accept-Language cross-site scripting
5029| [34209] Apache Tomcat calendar application cross-site scripting
5030| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5031| [34167] Apache Axis WSDL file path disclosure
5032| [34068] Apache Tomcat AJP connector information disclosure
5033| [33584] Apache HTTP Server suEXEC privilege escalation
5034| [32988] Apache Tomcat proxy module directory traversal
5035| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5036| [32708] Debian Apache tty privilege escalation
5037| [32441] ApacheStats extract() PHP call unspecified
5038| [32128] Apache Tomcat default account
5039| [31680] Apache Tomcat RequestParamExample cross-site scripting
5040| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5041| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5042| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5043| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5044| [29550] Apache mod_tcl set_var() format string
5045| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5046| [28357] Apache HTTP Server mod_alias script source information disclosure
5047| [28063] Apache mod_rewrite off-by-one buffer overflow
5048| [27902] Apache Tomcat URL information disclosure
5049| [26786] Apache James SMTP server denial of service
5050| [25680] libapache2 /tmp/svn file upload
5051| [25614] Apache Struts lookupMap cross-site scripting
5052| [25613] Apache Struts ActionForm denial of service
5053| [25612] Apache Struts isCancelled() security bypass
5054| [24965] Apache mod_python FileSession command execution
5055| [24716] Apache James spooler memory leak denial of service
5056| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5057| [24158] Apache Geronimo jsp-examples cross-site scripting
5058| [24030] Apache auth_ldap module multiple format strings
5059| [24008] Apache mod_ssl custom error message denial of service
5060| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5061| [23612] Apache mod_imap referer field cross-site scripting
5062| [23173] Apache Struts error message cross-site scripting
5063| [22942] Apache Tomcat directory listing denial of service
5064| [22858] Apache Multi-Processing Module code allows denial of service
5065| [22602] RHSA-2005:582 updates for Apache httpd not installed
5066| [22520] Apache mod-auth-shadow "
5067| [22466] ApacheTop symlink
5068| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5069| [22006] Apache HTTP Server byte-range filter denial of service
5070| [21567] Apache mod_ssl off-by-one buffer overflow
5071| [21195] Apache HTTP Server header HTTP request smuggling
5072| [20383] Apache HTTP Server htdigest buffer overflow
5073| [19681] Apache Tomcat AJP12 request denial of service
5074| [18993] Apache HTTP server check_forensic symlink attack
5075| [18790] Apache Tomcat Manager cross-site scripting
5076| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5077| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5078| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5079| [17961] Apache Web server ServerTokens has not been set
5080| [17930] Apache HTTP Server HTTP GET request denial of service
5081| [17785] Apache mod_include module buffer overflow
5082| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5083| [17473] Apache HTTP Server Satisfy directive allows access to resources
5084| [17413] Apache htpasswd buffer overflow
5085| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5086| [17382] Apache HTTP Server IPv6 apr_util denial of service
5087| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5088| [17273] Apache HTTP Server speculative mode denial of service
5089| [17200] Apache HTTP Server mod_ssl denial of service
5090| [16890] Apache HTTP Server server-info request has been detected
5091| [16889] Apache HTTP Server server-status request has been detected
5092| [16705] Apache mod_ssl format string attack
5093| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5094| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5095| [16230] Apache HTTP Server PHP denial of service
5096| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5097| [15958] Apache HTTP Server authentication modules memory corruption
5098| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5099| [15540] Apache HTTP Server socket starvation denial of service
5100| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5101| [15422] Apache HTTP Server mod_access information disclosure
5102| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5103| [15293] Apache for Cygwin "
5104| [15065] Apache-SSL has a default password
5105| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5106| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5107| [14751] Apache Mod_python output filter information disclosure
5108| [14125] Apache HTTP Server mod_userdir module information disclosure
5109| [14075] Apache HTTP Server mod_php file descriptor leak
5110| [13703] Apache HTTP Server account
5111| [13689] Apache HTTP Server configuration allows symlinks
5112| [13688] Apache HTTP Server configuration allows SSI
5113| [13687] Apache HTTP Server Server: header value
5114| [13685] Apache HTTP Server ServerTokens value
5115| [13684] Apache HTTP Server ServerSignature value
5116| [13672] Apache HTTP Server config allows directory autoindexing
5117| [13671] Apache HTTP Server default content
5118| [13670] Apache HTTP Server config file directive references outside content root
5119| [13668] Apache HTTP Server httpd not running in chroot environment
5120| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5121| [13664] Apache HTTP Server config file contains ScriptAlias entry
5122| [13663] Apache HTTP Server CGI support modules loaded
5123| [13661] Apache HTTP Server config file contains AddHandler entry
5124| [13660] Apache HTTP Server 500 error page not CGI script
5125| [13659] Apache HTTP Server 413 error page not CGI script
5126| [13658] Apache HTTP Server 403 error page not CGI script
5127| [13657] Apache HTTP Server 401 error page not CGI script
5128| [13552] Apache HTTP Server mod_cgid module information disclosure
5129| [13550] Apache GET request directory traversal
5130| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5131| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5132| [13429] Apache Tomcat non-HTTP request denial of service
5133| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5134| [13295] Apache weak password encryption
5135| [13254] Apache Tomcat .jsp cross-site scripting
5136| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5137| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5138| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5139| [12662] Apache HTTP Server rotatelogs denial of service
5140| [12554] Apache Tomcat stores password in plain text
5141| [12553] Apache HTTP Server redirects and subrequests denial of service
5142| [12552] Apache HTTP Server FTP proxy server denial of service
5143| [12551] Apache HTTP Server prefork MPM denial of service
5144| [12550] Apache HTTP Server weaker than expected encryption
5145| [12549] Apache HTTP Server type-map file denial of service
5146| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5147| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5148| [12091] Apache HTTP Server apr_password_validate denial of service
5149| [12090] Apache HTTP Server apr_psprintf code execution
5150| [11804] Apache HTTP Server mod_access_referer denial of service
5151| [11750] Apache HTTP Server could leak sensitive file descriptors
5152| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5153| [11703] Apache long slash path allows directory listing
5154| [11695] Apache HTTP Server LF (Line Feed) denial of service
5155| [11694] Apache HTTP Server filestat.c denial of service
5156| [11438] Apache HTTP Server MIME message boundaries information disclosure
5157| [11412] Apache HTTP Server error log terminal escape sequence injection
5158| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5159| [11195] Apache Tomcat web.xml could be used to read files
5160| [11194] Apache Tomcat URL appended with a null character could list directories
5161| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5162| [11126] Apache HTTP Server illegal character file disclosure
5163| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5164| [11124] Apache HTTP Server DOS device name denial of service
5165| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5166| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5167| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5168| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5169| [10499] Apache HTTP Server WebDAV HTTP POST view source
5170| [10457] Apache HTTP Server mod_ssl "
5171| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5172| [10414] Apache HTTP Server htdigest multiple buffer overflows
5173| [10413] Apache HTTP Server htdigest temporary file race condition
5174| [10412] Apache HTTP Server htpasswd temporary file race condition
5175| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5176| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5177| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5178| [10280] Apache HTTP Server shared memory scorecard overwrite
5179| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5180| [10241] Apache HTTP Server Host: header cross-site scripting
5181| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5182| [10208] Apache HTTP Server mod_dav denial of service
5183| [10206] HP VVOS Apache mod_ssl denial of service
5184| [10200] Apache HTTP Server stderr denial of service
5185| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5186| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5187| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5188| [10098] Slapper worm targets OpenSSL/Apache systems
5189| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5190| [9875] Apache HTTP Server .var file request could disclose installation path
5191| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5192| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5193| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5194| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5195| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5196| [9396] Apache Tomcat null character to threads denial of service
5197| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5198| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5199| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5200| [8932] Apache Tomcat example class information disclosure
5201| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5202| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5203| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5204| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5205| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5206| [8400] Apache HTTP Server mod_frontpage buffer overflows
5207| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5208| [8308] Apache "
5209| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5210| [8119] Apache and PHP OPTIONS request reveals "
5211| [8054] Apache is running on the system
5212| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5213| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5214| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5215| [7836] Apache HTTP Server log directory denial of service
5216| [7815] Apache for Windows "
5217| [7810] Apache HTTP request could result in unexpected behavior
5218| [7599] Apache Tomcat reveals installation path
5219| [7494] Apache "
5220| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5221| [7363] Apache Web Server hidden HTTP requests
5222| [7249] Apache mod_proxy denial of service
5223| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5224| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5225| [7059] Apache "
5226| [7057] Apache "
5227| [7056] Apache "
5228| [7055] Apache "
5229| [7054] Apache "
5230| [6997] Apache Jakarta Tomcat error message may reveal information
5231| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5232| [6970] Apache crafted HTTP request could reveal the internal IP address
5233| [6921] Apache long slash path allows directory listing
5234| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5235| [6527] Apache Web Server for Windows and OS2 denial of service
5236| [6316] Apache Jakarta Tomcat may reveal JSP source code
5237| [6305] Apache Jakarta Tomcat directory traversal
5238| [5926] Linux Apache symbolic link
5239| [5659] Apache Web server discloses files when used with php script
5240| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5241| [5204] Apache WebDAV directory listings
5242| [5197] Apache Web server reveals CGI script source code
5243| [5160] Apache Jakarta Tomcat default installation
5244| [5099] Trustix Secure Linux installs Apache with world writable access
5245| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5246| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5247| [4931] Apache source.asp example file allows users to write to files
5248| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5249| [4205] Apache Jakarta Tomcat delivers file contents
5250| [2084] Apache on Debian by default serves the /usr/doc directory
5251| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5252| [697] Apache HTTP server beck exploit
5253| [331] Apache cookies buffer overflow
5254|
5255| Exploit-DB - https://www.exploit-db.com:
5256| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5257| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5258| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5259| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5260| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5261| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5262| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5263| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5264| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5265| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5266| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5267| [29859] Apache Roller OGNL Injection
5268| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5269| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5270| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5271| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5272| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5273| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5274| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5275| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5276| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5277| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5278| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5279| [27096] Apache Geronimo 1.0 Error Page XSS
5280| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5281| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5282| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5283| [25986] Plesk Apache Zeroday Remote Exploit
5284| [25980] Apache Struts includeParams Remote Code Execution
5285| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5286| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5287| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5288| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5289| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5290| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5291| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5292| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5293| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5294| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5295| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5296| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5297| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5298| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5299| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5300| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5301| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5302| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5303| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5304| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5305| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5306| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5307| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5308| [21719] Apache 2.0 Path Disclosure Vulnerability
5309| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5310| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5311| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5312| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5313| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5314| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5315| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5316| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5317| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5318| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5319| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5320| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5321| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5322| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5323| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5324| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5325| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5326| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5327| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5328| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5329| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5330| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5331| [20558] Apache 1.2 Web Server DoS Vulnerability
5332| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5333| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5334| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5335| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5336| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5337| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5338| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5339| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5340| [19231] PHP apache_request_headers Function Buffer Overflow
5341| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5342| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5343| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5344| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5345| [18442] Apache httpOnly Cookie Disclosure
5346| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5347| [18221] Apache HTTP Server Denial of Service
5348| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5349| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5350| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5351| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5352| [16782] Apache Win32 Chunked Encoding
5353| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5354| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5355| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5356| [15319] Apache 2.2 (Windows) Local Denial of Service
5357| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5358| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5359| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5360| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5361| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5362| [12330] Apache OFBiz - Multiple XSS
5363| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5364| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5365| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5366| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5367| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5368| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5369| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5370| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5371| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5372| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5373| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5374| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5375| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5376| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5377| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5378| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5379| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5380| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5381| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5382| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5383| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5384| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5385| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5386| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5387| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5388| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5389| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5390| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5391| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5392| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5393| [466] htpasswd Apache 1.3.31 - Local Exploit
5394| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5395| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5396| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5397| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5398| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5399| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5400| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5401| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5402| [9] Apache HTTP Server 2.x Memory Leak Exploit
5403|
5404| OpenVAS (Nessus) - http://www.openvas.org:
5405| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5406| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5407| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5408| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5409| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5410| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5411| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5412| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5413| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5414| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5415| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5416| [900571] Apache APR-Utils Version Detection
5417| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5418| [900496] Apache Tiles Multiple XSS Vulnerability
5419| [900493] Apache Tiles Version Detection
5420| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5421| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5422| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5423| [870175] RedHat Update for apache RHSA-2008:0004-01
5424| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5425| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5426| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5427| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5428| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5429| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5430| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5431| [855821] Solaris Update for Apache 1.3 122912-19
5432| [855812] Solaris Update for Apache 1.3 122911-19
5433| [855737] Solaris Update for Apache 1.3 122911-17
5434| [855731] Solaris Update for Apache 1.3 122912-17
5435| [855695] Solaris Update for Apache 1.3 122911-16
5436| [855645] Solaris Update for Apache 1.3 122912-16
5437| [855587] Solaris Update for kernel update and Apache 108529-29
5438| [855566] Solaris Update for Apache 116973-07
5439| [855531] Solaris Update for Apache 116974-07
5440| [855524] Solaris Update for Apache 2 120544-14
5441| [855494] Solaris Update for Apache 1.3 122911-15
5442| [855478] Solaris Update for Apache Security 114145-11
5443| [855472] Solaris Update for Apache Security 113146-12
5444| [855179] Solaris Update for Apache 1.3 122912-15
5445| [855147] Solaris Update for kernel update and Apache 108528-29
5446| [855077] Solaris Update for Apache 2 120543-14
5447| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5448| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5449| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5450| [841209] Ubuntu Update for apache2 USN-1627-1
5451| [840900] Ubuntu Update for apache2 USN-1368-1
5452| [840798] Ubuntu Update for apache2 USN-1259-1
5453| [840734] Ubuntu Update for apache2 USN-1199-1
5454| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5455| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5456| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5457| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5458| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5459| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5460| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5461| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5462| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5463| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5464| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5465| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5466| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5467| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5468| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5469| [835188] HP-UX Update for Apache HPSBUX02308
5470| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5471| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5472| [835172] HP-UX Update for Apache HPSBUX02365
5473| [835168] HP-UX Update for Apache HPSBUX02313
5474| [835148] HP-UX Update for Apache HPSBUX01064
5475| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5476| [835131] HP-UX Update for Apache HPSBUX00256
5477| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5478| [835104] HP-UX Update for Apache HPSBUX00224
5479| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5480| [835101] HP-UX Update for Apache HPSBUX01232
5481| [835080] HP-UX Update for Apache HPSBUX02273
5482| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5483| [835044] HP-UX Update for Apache HPSBUX01019
5484| [835040] HP-UX Update for Apache PHP HPSBUX00207
5485| [835025] HP-UX Update for Apache HPSBUX00197
5486| [835023] HP-UX Update for Apache HPSBUX01022
5487| [835022] HP-UX Update for Apache HPSBUX02292
5488| [835005] HP-UX Update for Apache HPSBUX02262
5489| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5490| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5491| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5492| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5493| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5494| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5495| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5496| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5497| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5498| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5499| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5500| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5501| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5502| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5503| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5504| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5505| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5506| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5507| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5508| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5509| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5510| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5511| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5512| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5513| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5514| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5515| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5516| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5517| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5518| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5519| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5520| [801942] Apache Archiva Multiple Vulnerabilities
5521| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5522| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5523| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5524| [801284] Apache Derby Information Disclosure Vulnerability
5525| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5526| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5527| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5528| [800680] Apache APR Version Detection
5529| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5530| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5531| [800677] Apache Roller Version Detection
5532| [800279] Apache mod_jk Module Version Detection
5533| [800278] Apache Struts Cross Site Scripting Vulnerability
5534| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5535| [800276] Apache Struts Version Detection
5536| [800271] Apache Struts Directory Traversal Vulnerability
5537| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5538| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5539| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5540| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5541| [103074] Apache Continuum Cross Site Scripting Vulnerability
5542| [103073] Apache Continuum Detection
5543| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5544| [101023] Apache Open For Business Weak Password security check
5545| [101020] Apache Open For Business HTML injection vulnerability
5546| [101019] Apache Open For Business service detection
5547| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5548| [100923] Apache Archiva Detection
5549| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5550| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5551| [100813] Apache Axis2 Detection
5552| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5553| [100795] Apache Derby Detection
5554| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5555| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5556| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5557| [100514] Apache Multiple Security Vulnerabilities
5558| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5559| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5560| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5561| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5562| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5563| [72612] FreeBSD Ports: apache22
5564| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5565| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5566| [71512] FreeBSD Ports: apache
5567| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5568| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5569| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5570| [70737] FreeBSD Ports: apache
5571| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5572| [70600] FreeBSD Ports: apache
5573| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5574| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5575| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5576| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5577| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5578| [67868] FreeBSD Ports: apache
5579| [66816] FreeBSD Ports: apache
5580| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5581| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5582| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5583| [66081] SLES11: Security update for Apache 2
5584| [66074] SLES10: Security update for Apache 2
5585| [66070] SLES9: Security update for Apache 2
5586| [65998] SLES10: Security update for apache2-mod_python
5587| [65893] SLES10: Security update for Apache 2
5588| [65888] SLES10: Security update for Apache 2
5589| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5590| [65510] SLES9: Security update for Apache 2
5591| [65472] SLES9: Security update for Apache
5592| [65467] SLES9: Security update for Apache
5593| [65450] SLES9: Security update for apache2
5594| [65390] SLES9: Security update for Apache2
5595| [65363] SLES9: Security update for Apache2
5596| [65309] SLES9: Security update for Apache and mod_ssl
5597| [65296] SLES9: Security update for webdav apache module
5598| [65283] SLES9: Security update for Apache2
5599| [65249] SLES9: Security update for Apache 2
5600| [65230] SLES9: Security update for Apache 2
5601| [65228] SLES9: Security update for Apache 2
5602| [65212] SLES9: Security update for apache2-mod_python
5603| [65209] SLES9: Security update for apache2-worker
5604| [65207] SLES9: Security update for Apache 2
5605| [65168] SLES9: Security update for apache2-mod_python
5606| [65142] SLES9: Security update for Apache2
5607| [65136] SLES9: Security update for Apache 2
5608| [65132] SLES9: Security update for apache
5609| [65131] SLES9: Security update for Apache 2 oes/CORE
5610| [65113] SLES9: Security update for apache2
5611| [65072] SLES9: Security update for apache and mod_ssl
5612| [65017] SLES9: Security update for Apache 2
5613| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5614| [64783] FreeBSD Ports: apache
5615| [64774] Ubuntu USN-802-2 (apache2)
5616| [64653] Ubuntu USN-813-2 (apache2)
5617| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5618| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5619| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5620| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5621| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5622| [64443] Ubuntu USN-802-1 (apache2)
5623| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5624| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5625| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5626| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5627| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5628| [64201] Ubuntu USN-787-1 (apache2)
5629| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5630| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5631| [63565] FreeBSD Ports: apache
5632| [63562] Ubuntu USN-731-1 (apache2)
5633| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5634| [61185] FreeBSD Ports: apache
5635| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5636| [60387] Slackware Advisory SSA:2008-045-02 apache
5637| [58826] FreeBSD Ports: apache-tomcat
5638| [58825] FreeBSD Ports: apache-tomcat
5639| [58804] FreeBSD Ports: apache
5640| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5641| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5642| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5643| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5644| [57335] Debian Security Advisory DSA 1167-1 (apache)
5645| [57201] Debian Security Advisory DSA 1131-1 (apache)
5646| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5647| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5648| [57145] FreeBSD Ports: apache
5649| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5650| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5651| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5652| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5653| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5654| [56067] FreeBSD Ports: apache
5655| [55803] Slackware Advisory SSA:2005-310-04 apache
5656| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5657| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5658| [55355] FreeBSD Ports: apache
5659| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5660| [55261] Debian Security Advisory DSA 805-1 (apache2)
5661| [55259] Debian Security Advisory DSA 803-1 (apache)
5662| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5663| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5664| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5665| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5666| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5667| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5668| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5669| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5670| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5671| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5672| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5673| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5674| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5675| [54439] FreeBSD Ports: apache
5676| [53931] Slackware Advisory SSA:2004-133-01 apache
5677| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5678| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5679| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5680| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5681| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5682| [53848] Debian Security Advisory DSA 131-1 (apache)
5683| [53784] Debian Security Advisory DSA 021-1 (apache)
5684| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5685| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5686| [53735] Debian Security Advisory DSA 187-1 (apache)
5687| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5688| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5689| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5690| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5691| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5692| [53282] Debian Security Advisory DSA 594-1 (apache)
5693| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5694| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5695| [53215] Debian Security Advisory DSA 525-1 (apache)
5696| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5697| [52529] FreeBSD Ports: apache+ssl
5698| [52501] FreeBSD Ports: apache
5699| [52461] FreeBSD Ports: apache
5700| [52390] FreeBSD Ports: apache
5701| [52389] FreeBSD Ports: apache
5702| [52388] FreeBSD Ports: apache
5703| [52383] FreeBSD Ports: apache
5704| [52339] FreeBSD Ports: apache+mod_ssl
5705| [52331] FreeBSD Ports: apache
5706| [52329] FreeBSD Ports: ru-apache+mod_ssl
5707| [52314] FreeBSD Ports: apache
5708| [52310] FreeBSD Ports: apache
5709| [15588] Detect Apache HTTPS
5710| [15555] Apache mod_proxy content-length buffer overflow
5711| [15554] Apache mod_include priviledge escalation
5712| [14771] Apache <= 1.3.33 htpasswd local overflow
5713| [14177] Apache mod_access rule bypass
5714| [13644] Apache mod_rootme Backdoor
5715| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5716| [12280] Apache Connection Blocking Denial of Service
5717| [12239] Apache Error Log Escape Sequence Injection
5718| [12123] Apache Tomcat source.jsp malformed request information disclosure
5719| [12085] Apache Tomcat servlet/JSP container default files
5720| [11438] Apache Tomcat Directory Listing and File disclosure
5721| [11204] Apache Tomcat Default Accounts
5722| [11092] Apache 2.0.39 Win32 directory traversal
5723| [11046] Apache Tomcat TroubleShooter Servlet Installed
5724| [11042] Apache Tomcat DOS Device Name XSS
5725| [11041] Apache Tomcat /servlet Cross Site Scripting
5726| [10938] Apache Remote Command Execution via .bat files
5727| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5728| [10773] MacOS X Finder reveals contents of Apache Web files
5729| [10766] Apache UserDir Sensitive Information Disclosure
5730| [10756] MacOS X Finder reveals contents of Apache Web directories
5731| [10752] Apache Auth Module SQL Insertion Attack
5732| [10704] Apache Directory Listing
5733| [10678] Apache /server-info accessible
5734| [10677] Apache /server-status accessible
5735| [10440] Check for Apache Multiple / vulnerability
5736|
5737| SecurityTracker - https://www.securitytracker.com:
5738| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5739| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5740| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5741| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5742| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5743| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5744| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5745| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5746| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5747| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5748| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5749| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5750| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5751| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5752| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5753| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5754| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5755| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5756| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5757| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5758| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5759| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5760| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5761| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5762| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5763| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5764| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5765| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5766| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5767| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5768| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5769| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5770| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5771| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5772| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5773| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5774| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5775| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5776| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5777| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5778| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5779| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5780| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5781| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5782| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5783| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5784| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5785| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5786| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5787| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5788| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5789| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5790| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5791| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5792| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5793| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5794| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5795| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5796| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5797| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5798| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5799| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5800| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5801| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5802| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5803| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5804| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5805| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5806| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5807| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5808| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5809| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5810| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5811| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5812| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5813| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5814| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5815| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5816| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5817| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5818| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5819| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5820| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5821| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5822| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5823| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5824| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5825| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5826| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5827| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5828| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5829| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5830| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5831| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5832| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5833| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5834| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5835| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5836| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5837| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5838| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5839| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5840| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5841| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5842| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5843| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5844| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5845| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5846| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5847| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5848| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5849| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5850| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5851| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5852| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5853| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5854| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5855| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5856| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5857| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5858| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5859| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5860| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5861| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5862| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5863| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5864| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5865| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5866| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5867| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5868| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5869| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5870| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5871| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5872| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5873| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5874| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5875| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5876| [1008920] Apache mod_digest May Validate Replayed Client Responses
5877| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5878| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5879| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5880| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5881| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5882| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5883| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5884| [1008029] Apache mod_alias Contains a Buffer Overflow
5885| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5886| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5887| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5888| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5889| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5890| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5891| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5892| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5893| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5894| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5895| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5896| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5897| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5898| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5899| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5900| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5901| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5902| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5903| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5904| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5905| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5906| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5907| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5908| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5909| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5910| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5911| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5912| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5913| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5914| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5915| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5916| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5917| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5918| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5919| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5920| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5921| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5922| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5923| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5924| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5925| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5926| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5927| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5928| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5929| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5930| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5931| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5932| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5933| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5934| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5935| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5936| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5937| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5938| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5939| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5940| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5941|
5942| OSVDB - http://www.osvdb.org:
5943| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5944| [96077] Apache CloudStack Global Settings Multiple Field XSS
5945| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5946| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5947| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5948| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5949| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5950| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5951| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5952| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5953| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5954| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5955| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5956| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5957| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5958| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5959| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5960| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5961| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5962| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5963| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5964| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5965| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5966| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5967| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5968| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5969| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5970| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5971| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5972| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5973| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5974| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5975| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5976| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5977| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5978| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5979| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5980| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5981| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5982| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5983| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5984| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5985| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5986| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5987| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5988| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5989| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5990| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5991| [94279] Apache Qpid CA Certificate Validation Bypass
5992| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5993| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5994| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5995| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5996| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5997| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5998| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5999| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6000| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6001| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6002| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6003| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6004| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6005| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6006| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6007| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6008| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6009| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6010| [93541] Apache Solr json.wrf Callback XSS
6011| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6012| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6013| [93520] Apache CloudStack Default SSL Key Weakness
6014| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6015| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6016| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6017| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6018| [93515] Apache HBase table.jsp name Parameter XSS
6019| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6020| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6021| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6022| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6023| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6024| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6025| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6026| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6027| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6028| [93252] Apache Tomcat FORM Authenticator Session Fixation
6029| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6030| [93171] Apache Sling HtmlResponse Error Message XSS
6031| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6032| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6033| [93168] Apache Click ErrorReport.java id Parameter XSS
6034| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6035| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6036| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6037| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6038| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6039| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6040| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6041| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6042| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6043| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6044| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6045| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6046| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6047| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6048| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6049| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6050| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6051| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6052| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6053| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6054| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6055| [93144] Apache Solr Admin Command Execution CSRF
6056| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6057| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6058| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6059| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6060| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6061| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6062| [92748] Apache CloudStack VM Console Access Restriction Bypass
6063| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6064| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6065| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6066| [92706] Apache ActiveMQ Debug Log Rendering XSS
6067| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6068| [92270] Apache Tomcat Unspecified CSRF
6069| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6070| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6071| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6072| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6073| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6074| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6075| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6076| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6077| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6078| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6079| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6080| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6081| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6082| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6083| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6084| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6085| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6086| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6087| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6088| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6089| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6090| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6091| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6092| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6093| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6094| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6095| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6096| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6097| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6098| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6099| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6100| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6101| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6102| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6103| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6104| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6105| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6106| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6107| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6108| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6109| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6110| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6111| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6112| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6113| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6114| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6115| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6116| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6117| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6118| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6119| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6120| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6121| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6122| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6123| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6124| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6125| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6126| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6127| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6128| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6129| [86901] Apache Tomcat Error Message Path Disclosure
6130| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6131| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6132| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6133| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6134| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6135| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6136| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6137| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6138| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6139| [85430] Apache mod_pagespeed Module Unspecified XSS
6140| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6141| [85249] Apache Wicket Unspecified XSS
6142| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6143| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6144| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6145| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6146| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6147| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6148| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6149| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6150| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6151| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6152| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6153| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6154| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6155| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6156| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6157| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6158| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6159| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6160| [83339] Apache Roller Blogger Roll Unspecified XSS
6161| [83270] Apache Roller Unspecified Admin Action CSRF
6162| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6163| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6164| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6165| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6166| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6167| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6168| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6169| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6170| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6171| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6172| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6173| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6174| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6175| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6176| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6177| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6178| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6179| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6180| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6181| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6182| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6183| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6184| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6185| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6186| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6187| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6188| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6189| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6190| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6191| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6192| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6193| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6194| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6195| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6196| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6197| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6198| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6199| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6200| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6201| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6202| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6203| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6204| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6205| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6206| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6207| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6208| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6209| [77593] Apache Struts Conversion Error OGNL Expression Injection
6210| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6211| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6212| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6213| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6214| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6215| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6216| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6217| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6218| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6219| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6220| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6221| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6222| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6223| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6224| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6225| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6226| [74725] Apache Wicket Multi Window Support Unspecified XSS
6227| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6228| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6229| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6230| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6231| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6232| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6233| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6234| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6235| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6236| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6237| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6238| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6239| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6240| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6241| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6242| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6243| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6244| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6245| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6246| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6247| [73154] Apache Archiva Multiple Unspecified CSRF
6248| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6249| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6250| [72238] Apache Struts Action / Method Names <
6251| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6252| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6253| [71557] Apache Tomcat HTML Manager Multiple XSS
6254| [71075] Apache Archiva User Management Page XSS
6255| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6256| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6257| [70924] Apache Continuum Multiple Admin Function CSRF
6258| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6259| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6260| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6261| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6262| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6263| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6264| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6265| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6266| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6267| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6268| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6269| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6270| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6271| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6272| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6273| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6274| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6275| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6276| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6277| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6278| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6279| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6280| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6281| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6282| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6283| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6284| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6285| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6286| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6287| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6288| [65054] Apache ActiveMQ Jetty Error Handler XSS
6289| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6290| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6291| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6292| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6293| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6294| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6295| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6296| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6297| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6298| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6299| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6300| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6301| [63895] Apache HTTP Server mod_headers Unspecified Issue
6302| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6303| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6304| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6305| [63140] Apache Thrift Service Malformed Data Remote DoS
6306| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6307| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6308| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6309| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6310| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6311| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6312| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6313| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6314| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6315| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6316| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6317| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6318| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6319| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6320| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6321| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6322| [60678] Apache Roller Comment Email Notification Manipulation DoS
6323| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6324| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6325| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6326| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6327| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6328| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6329| [60232] PHP on Apache php.exe Direct Request Remote DoS
6330| [60176] Apache Tomcat Windows Installer Admin Default Password
6331| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6332| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6333| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6334| [59944] Apache Hadoop jobhistory.jsp XSS
6335| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6336| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6337| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6338| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6339| [59019] Apache mod_python Cookie Salting Weakness
6340| [59018] Apache Harmony Error Message Handling Overflow
6341| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6342| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6343| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6344| [59010] Apache Solr get-file.jsp XSS
6345| [59009] Apache Solr action.jsp XSS
6346| [59008] Apache Solr analysis.jsp XSS
6347| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6348| [59006] Apache Beehive select / checkbox Tag XSS
6349| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6350| [59004] Apache Beehive Error Message XSS
6351| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6352| [59002] Apache Jetspeed default-page.psml URI XSS
6353| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6354| [59000] Apache CXF Unsigned Message Policy Bypass
6355| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6356| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6357| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6358| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6359| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6360| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6361| [58993] Apache Hadoop browseBlock.jsp XSS
6362| [58991] Apache Hadoop browseDirectory.jsp XSS
6363| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6364| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6365| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6366| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6367| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6368| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6369| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6370| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6371| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6372| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6373| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6374| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6375| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6376| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6377| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6378| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6379| [58974] Apache Sling /apps Script User Session Management Access Weakness
6380| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6381| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6382| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6383| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6384| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6385| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6386| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6387| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6388| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6389| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6390| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6391| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6392| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6393| [58805] Apache Derby Unauthenticated Database / Admin Access
6394| [58804] Apache Wicket Header Contribution Unspecified Issue
6395| [58803] Apache Wicket Session Fixation
6396| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6397| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6398| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6399| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6400| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6401| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6402| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6403| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6404| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6405| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6406| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6407| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6408| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6409| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6410| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6411| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6412| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6413| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6414| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6415| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6416| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6417| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6418| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6419| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6420| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6421| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6422| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6423| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6424| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6425| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6426| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6427| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6428| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6429| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6430| [58755] Apache Harmony DRLVM Non-public Class Member Access
6431| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6432| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6433| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6434| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6435| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6436| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6437| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6438| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6439| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6440| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6441| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6442| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6443| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6444| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6445| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6446| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6447| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6448| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6449| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6450| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6451| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6452| [58724] Apache Roller Logout Functionality Failure Session Persistence
6453| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6454| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6455| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6456| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6457| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6458| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6459| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6460| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6461| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6462| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6463| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6464| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6465| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6466| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6467| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6468| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6469| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6470| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6471| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6472| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6473| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6474| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6475| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6476| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6477| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6478| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6479| [58687] Apache Axis Invalid wsdl Request XSS
6480| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6481| [58685] Apache Velocity Template Designer Privileged Code Execution
6482| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6483| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6484| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6485| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6486| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6487| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6488| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6489| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6490| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6491| [58667] Apache Roller Database Cleartext Passwords Disclosure
6492| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6493| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6494| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6495| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6496| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6497| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6498| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6499| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6500| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6501| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6502| [56984] Apache Xerces2 Java Malformed XML Input DoS
6503| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6504| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6505| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6506| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6507| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6508| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6509| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6510| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6511| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6512| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6513| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6514| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6515| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6516| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6517| [55056] Apache Tomcat Cross-application TLD File Manipulation
6518| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6519| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6520| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6521| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6522| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6523| [54589] Apache Jserv Nonexistent JSP Request XSS
6524| [54122] Apache Struts s:a / s:url Tag href Element XSS
6525| [54093] Apache ActiveMQ Web Console JMS Message XSS
6526| [53932] Apache Geronimo Multiple Admin Function CSRF
6527| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6528| [53930] Apache Geronimo /console/portal/ URI XSS
6529| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6530| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6531| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6532| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6533| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6534| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6535| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6536| [53380] Apache Struts Unspecified XSS
6537| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6538| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6539| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6540| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6541| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6542| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6543| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6544| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6545| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6546| [51151] Apache Roller Search Function q Parameter XSS
6547| [50482] PHP with Apache php_value Order Unspecified Issue
6548| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6549| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6550| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6551| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6552| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6553| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6554| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6555| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6556| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6557| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6558| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6559| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6560| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6561| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6562| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6563| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6564| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6565| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6566| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6567| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6568| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6569| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6570| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6571| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6572| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6573| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6574| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6575| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6576| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6577| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6578| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6579| [43452] Apache Tomcat HTTP Request Smuggling
6580| [43309] Apache Geronimo LoginModule Login Method Bypass
6581| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6582| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6583| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6584| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6585| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6586| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6587| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6588| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6589| [42091] Apache Maven Site Plugin Installation Permission Weakness
6590| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6591| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6592| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6593| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6594| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6595| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6596| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6597| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6598| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6599| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6600| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6601| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6602| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6603| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6604| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6605| [40262] Apache HTTP Server mod_status refresh XSS
6606| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6607| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6608| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6609| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6610| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6611| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6612| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6613| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6614| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6615| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6616| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6617| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6618| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6619| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6620| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6621| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6622| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6623| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6624| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6625| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6626| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6627| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6628| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6629| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6630| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6631| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6632| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6633| [36079] Apache Tomcat Manager Uploaded Filename XSS
6634| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6635| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6636| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6637| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6638| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6639| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6640| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6641| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6642| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6643| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6644| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6645| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6646| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6647| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6648| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6649| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6650| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6651| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6652| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6653| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6654| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6655| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6656| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6657| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6658| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6659| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6660| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6661| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6662| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6663| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6664| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6665| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6666| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6667| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6668| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6669| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6670| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6671| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6672| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6673| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6674| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6675| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6676| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6677| [24365] Apache Struts Multiple Function Error Message XSS
6678| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6679| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6680| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6681| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6682| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6683| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6684| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6685| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6686| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6687| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6688| [22459] Apache Geronimo Error Page XSS
6689| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6690| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6691| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6692| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6693| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6694| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6695| [21021] Apache Struts Error Message XSS
6696| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6697| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6698| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6699| [20439] Apache Tomcat Directory Listing Saturation DoS
6700| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6701| [20285] Apache HTTP Server Log File Control Character Injection
6702| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6703| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6704| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6705| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6706| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6707| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6708| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6709| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6710| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6711| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6712| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6713| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6714| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6715| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6716| [18233] Apache HTTP Server htdigest user Variable Overfow
6717| [17738] Apache HTTP Server HTTP Request Smuggling
6718| [16586] Apache HTTP Server Win32 GET Overflow DoS
6719| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6720| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6721| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6722| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6723| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6724| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6725| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6726| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6727| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6728| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6729| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6730| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6731| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6732| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6733| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6734| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6735| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6736| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6737| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6738| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6739| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6740| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6741| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6742| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6743| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6744| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6745| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6746| [13304] Apache Tomcat realPath.jsp Path Disclosure
6747| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6748| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6749| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6750| [12848] Apache HTTP Server htdigest realm Variable Overflow
6751| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6752| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6753| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6754| [12557] Apache HTTP Server prefork MPM accept Error DoS
6755| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6756| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6757| [12231] Apache Tomcat web.xml Arbitrary File Access
6758| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6759| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6760| [12178] Apache Jakarta Lucene results.jsp XSS
6761| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6762| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6763| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6764| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6765| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6766| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6767| [10471] Apache Xerces-C++ XML Parser DoS
6768| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6769| [10068] Apache HTTP Server htpasswd Local Overflow
6770| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6771| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6772| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6773| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6774| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6775| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6776| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6777| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6778| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6779| [9714] Apache Authentication Module Threaded MPM DoS
6780| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6781| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6782| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6783| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6784| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6785| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6786| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6787| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6788| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6789| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6790| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6791| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6792| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6793| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6794| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6795| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6796| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6797| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6798| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6799| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6800| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6801| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6802| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6803| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6804| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6805| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6806| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6807| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6808| [9208] Apache Tomcat .jsp Encoded Newline XSS
6809| [9204] Apache Tomcat ROOT Application XSS
6810| [9203] Apache Tomcat examples Application XSS
6811| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6812| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6813| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6814| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6815| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6816| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6817| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6818| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6819| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6820| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6821| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6822| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6823| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6824| [7611] Apache HTTP Server mod_alias Local Overflow
6825| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6826| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6827| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6828| [6882] Apache mod_python Malformed Query String Variant DoS
6829| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6830| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6831| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6832| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6833| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6834| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6835| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6836| [5278] Apache Tomcat web.xml Restriction Bypass
6837| [5051] Apache Tomcat Null Character DoS
6838| [4973] Apache Tomcat servlet Mapping XSS
6839| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6840| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6841| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6842| [4568] mod_survey For Apache ENV Tags SQL Injection
6843| [4553] Apache HTTP Server ApacheBench Overflow DoS
6844| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6845| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6846| [4383] Apache HTTP Server Socket Race Condition DoS
6847| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6848| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6849| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6850| [4231] Apache Cocoon Error Page Server Path Disclosure
6851| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6852| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6853| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6854| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6855| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6856| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6857| [3322] mod_php for Apache HTTP Server Process Hijack
6858| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6859| [2885] Apache mod_python Malformed Query String DoS
6860| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6861| [2733] Apache HTTP Server mod_rewrite Local Overflow
6862| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6863| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6864| [2149] Apache::Gallery Privilege Escalation
6865| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6866| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6867| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6868| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6869| [872] Apache Tomcat Multiple Default Accounts
6870| [862] Apache HTTP Server SSI Error Page XSS
6871| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6872| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6873| [845] Apache Tomcat MSDOS Device XSS
6874| [844] Apache Tomcat Java Servlet Error Page XSS
6875| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6876| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6877| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6878| [775] Apache mod_python Module Importing Privilege Function Execution
6879| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6880| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6881| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6882| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6883| [637] Apache HTTP Server UserDir Directive Username Enumeration
6884| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6885| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6886| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6887| [561] Apache Web Servers mod_status /server-status Information Disclosure
6888| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6889| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6890| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6891| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6892| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6893| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6894| [376] Apache Tomcat contextAdmin Arbitrary File Access
6895| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6896| [222] Apache HTTP Server test-cgi Arbitrary File Access
6897| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6898| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6899|_
6900139/tcp closed netbios-ssn
6901443/tcp open ssl/http Apache httpd
6902|_http-server-header: Apache
6903| vulscan: VulDB - https://vuldb.com:
6904| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
6905| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
6906| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
6907| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
6908| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
6909| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
6910| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
6911| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
6912| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
6913| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
6914| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
6915| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
6916| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
6917| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
6918| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
6919| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
6920| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
6921| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
6922| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
6923| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
6924| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
6925| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
6926| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
6927| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
6928| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
6929| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
6930| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
6931| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
6932| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
6933| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
6934| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
6935| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
6936| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6937| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6938| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
6939| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
6940| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
6941| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
6942| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
6943| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
6944| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6945| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6946| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
6947| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
6948| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
6949| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6950| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6951| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
6952| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
6953| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6954| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6955| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
6956| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
6957| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
6958| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
6959| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
6960| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
6961| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
6962| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
6963| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
6964| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
6965| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6966| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6967| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
6968| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
6969| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6970| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
6971| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
6972| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
6973| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
6974| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
6975| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
6976| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
6977| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
6978| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
6979| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
6980| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
6981| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
6982| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
6983| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
6984| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
6985| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
6986| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
6987| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
6988| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
6989| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
6990| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
6991| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
6992| [136370] Apache Fineract up to 1.2.x sql injection
6993| [136369] Apache Fineract up to 1.2.x sql injection
6994| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
6995| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
6996| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
6997| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
6998| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
6999| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7000| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7001| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7002| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7003| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7004| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7005| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7006| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7007| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7008| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7009| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7010| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7011| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7012| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7013| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7014| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7015| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7016| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7017| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7018| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7019| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7020| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7021| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7022| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7023| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7024| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7025| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7026| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7027| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7028| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7029| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7030| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7031| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7032| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7033| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7034| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7035| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7036| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7037| [130629] Apache Guacamole Cookie Flag weak encryption
7038| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7039| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7040| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7041| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7042| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7043| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7044| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7045| [130123] Apache Airflow up to 1.8.2 information disclosure
7046| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7047| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7048| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7049| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7050| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7051| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7052| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7053| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7054| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7055| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7056| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7057| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7058| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7059| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7060| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7061| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7062| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7063| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7064| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7065| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7066| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7067| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7068| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7069| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7070| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7071| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7072| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7073| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7074| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7075| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7076| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7077| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7078| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7079| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7080| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7081| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7082| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7083| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7084| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7085| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7086| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7087| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7088| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7089| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7090| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7091| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7092| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7093| [127007] Apache Spark Request Code Execution
7094| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7095| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7096| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7097| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7098| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7099| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7100| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7101| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7102| [126346] Apache Tomcat Path privilege escalation
7103| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7104| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7105| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7106| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7107| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7108| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7109| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7110| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7111| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7112| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7113| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7114| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7115| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7116| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7117| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7118| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7119| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7120| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7121| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7122| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7123| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7124| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7125| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7126| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7127| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7128| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7129| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7130| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7131| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7132| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7133| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7134| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7135| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7136| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7137| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7138| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7139| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7140| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7141| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7142| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7143| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7144| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7145| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7146| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7147| [123197] Apache Sentry up to 2.0.0 privilege escalation
7148| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7149| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7150| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7151| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7152| [122800] Apache Spark 1.3.0 REST API weak authentication
7153| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7154| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7155| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7156| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7157| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7158| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7159| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7160| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7161| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7162| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7163| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7164| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7165| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7166| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7167| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7168| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7169| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7170| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7171| [121354] Apache CouchDB HTTP API Code Execution
7172| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7173| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7174| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7175| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7176| [120168] Apache CXF weak authentication
7177| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7178| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7179| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7180| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7181| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7182| [119306] Apache MXNet Network Interface privilege escalation
7183| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7184| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7185| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7186| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7187| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7188| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7189| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7190| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7191| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7192| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7193| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7194| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7195| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7196| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7197| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7198| [117115] Apache Tika up to 1.17 tika-server command injection
7199| [116929] Apache Fineract getReportType Parameter privilege escalation
7200| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7201| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7202| [116926] Apache Fineract REST Parameter privilege escalation
7203| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7204| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7205| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7206| [115883] Apache Hive up to 2.3.2 privilege escalation
7207| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7208| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7209| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7210| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7211| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7212| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7213| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7214| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7215| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7216| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7217| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7218| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7219| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7220| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7221| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7222| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7223| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7224| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7225| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7226| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7227| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7228| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7229| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7230| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7231| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7232| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7233| [113895] Apache Geode up to 1.3.x Code Execution
7234| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7235| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7236| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7237| [113747] Apache Tomcat Servlets privilege escalation
7238| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7239| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7240| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7241| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7242| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7243| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7244| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7245| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7246| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7247| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7248| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7249| [112885] Apache Allura up to 1.8.0 File information disclosure
7250| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7251| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7252| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7253| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7254| [112625] Apache POI up to 3.16 Loop denial of service
7255| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7256| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7257| [112339] Apache NiFi 1.5.0 Header privilege escalation
7258| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7259| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7260| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7261| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7262| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7263| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7264| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7265| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7266| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7267| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7268| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7269| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7270| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7271| [112114] Oracle 9.1 Apache Log4j privilege escalation
7272| [112113] Oracle 9.1 Apache Log4j privilege escalation
7273| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7274| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7275| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7276| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7277| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7278| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7279| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7280| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7281| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7282| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7283| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7284| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7285| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7286| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7287| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7288| [110701] Apache Fineract Query Parameter sql injection
7289| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7290| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7291| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7292| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7293| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7294| [110106] Apache CXF Fediz Spring cross site request forgery
7295| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7296| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7297| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7298| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7299| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7300| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7301| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7302| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7303| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7304| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7305| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7306| [108938] Apple macOS up to 10.13.1 apache denial of service
7307| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7308| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7309| [108935] Apple macOS up to 10.13.1 apache denial of service
7310| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7311| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7312| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7313| [108931] Apple macOS up to 10.13.1 apache denial of service
7314| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7315| [108929] Apple macOS up to 10.13.1 apache denial of service
7316| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7317| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7318| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7319| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7320| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7321| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7322| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7323| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7324| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7325| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7326| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7327| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7328| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7329| [108782] Apache Xerces2 XML Service denial of service
7330| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7331| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7332| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7333| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7334| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7335| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7336| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7337| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7338| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7339| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7340| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7341| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7342| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7343| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7344| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7345| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7346| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7347| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7348| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7349| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7350| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7351| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7352| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7353| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7354| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7355| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7356| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7357| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7358| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7359| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7360| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7361| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7362| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7363| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7364| [107639] Apache NiFi 1.4.0 XML External Entity
7365| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7366| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7367| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7368| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7369| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7370| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7371| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7372| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7373| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7374| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7375| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7376| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7377| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7378| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7379| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7380| [107084] Apache Struts up to 2.3.19 cross site scripting
7381| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7382| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7383| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7384| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7385| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7386| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7387| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7388| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7389| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7390| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7391| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7392| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7393| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7394| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7395| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7396| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7397| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7398| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7399| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7400| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7401| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7402| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7403| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7404| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7405| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7406| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7407| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7408| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7409| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7410| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7411| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7412| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7413| [105643] Apache Pony Mail up to 0.8b weak authentication
7414| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7415| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7416| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7417| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7418| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7419| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7420| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7421| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7422| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7423| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7424| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7425| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7426| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7427| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7428| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7429| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7430| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7431| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7432| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7433| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7434| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7435| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7436| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7437| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7438| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7439| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7440| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7441| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7442| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7443| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7444| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7445| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7446| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7447| [103690] Apache OpenMeetings 1.0.0 sql injection
7448| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7449| [103688] Apache OpenMeetings 1.0.0 weak encryption
7450| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7451| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7452| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7453| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7454| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7455| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7456| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7457| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7458| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7459| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7460| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7461| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7462| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7463| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7464| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7465| [103352] Apache Solr Node weak authentication
7466| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7467| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7468| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7469| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7470| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7471| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7472| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7473| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7474| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7475| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7476| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7477| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7478| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7479| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7480| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7481| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7482| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7483| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7484| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7485| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7486| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7487| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7488| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7489| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7490| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7491| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7492| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7493| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7494| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7495| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7496| [99937] Apache Batik up to 1.8 privilege escalation
7497| [99936] Apache FOP up to 2.1 privilege escalation
7498| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7499| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7500| [99930] Apache Traffic Server up to 6.2.0 denial of service
7501| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7502| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7503| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7504| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7505| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7506| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7507| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7508| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7509| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7510| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7511| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7512| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7513| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7514| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7515| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7516| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7517| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7518| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7519| [98605] Apple macOS up to 10.12.3 Apache denial of service
7520| [98604] Apple macOS up to 10.12.3 Apache denial of service
7521| [98603] Apple macOS up to 10.12.3 Apache denial of service
7522| [98602] Apple macOS up to 10.12.3 Apache denial of service
7523| [98601] Apple macOS up to 10.12.3 Apache denial of service
7524| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7525| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7526| [98199] Apache Camel Validation XML External Entity
7527| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7528| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7529| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7530| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7531| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7532| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7533| [97081] Apache Tomcat HTTPS Request denial of service
7534| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7535| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7536| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7537| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7538| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7539| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7540| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7541| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7542| [95311] Apache Storm UI Daemon privilege escalation
7543| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7544| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7545| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7546| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7547| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7548| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7549| [94540] Apache Tika 1.9 tika-server File information disclosure
7550| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7551| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7552| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7553| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7554| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7555| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7556| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7557| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7558| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7559| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7560| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7561| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7562| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7563| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7564| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7565| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7566| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7567| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7568| [93532] Apache Commons Collections Library Java privilege escalation
7569| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7570| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7571| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7572| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7573| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7574| [93098] Apache Commons FileUpload privilege escalation
7575| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7576| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7577| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7578| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7579| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7580| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7581| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7582| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7583| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7584| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7585| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7586| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7587| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7588| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7589| [92549] Apache Tomcat on Red Hat privilege escalation
7590| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7591| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7592| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7593| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7594| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7595| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7596| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7597| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7598| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7599| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7600| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7601| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7602| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7603| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7604| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7605| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7606| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7607| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7608| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7609| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7610| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7611| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7612| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7613| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7614| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7615| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7616| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7617| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7618| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7619| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7620| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7621| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7622| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7623| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7624| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7625| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7626| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7627| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7628| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7629| [90263] Apache Archiva Header denial of service
7630| [90262] Apache Archiva Deserialize privilege escalation
7631| [90261] Apache Archiva XML DTD Connection privilege escalation
7632| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7633| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7634| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7635| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7636| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7637| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7638| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7639| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7640| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7641| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7642| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7643| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7644| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7645| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7646| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7647| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7648| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7649| [87765] Apache James Server 2.3.2 Command privilege escalation
7650| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7651| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7652| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7653| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7654| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7655| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7656| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7657| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7658| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7659| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7660| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7661| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7662| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7663| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7664| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7665| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7666| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7667| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7668| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7669| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7670| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7671| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7672| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7673| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7674| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7675| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7676| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7677| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7678| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7679| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7680| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7681| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7682| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7683| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7684| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7685| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7686| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7687| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7688| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7689| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7690| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7691| [82076] Apache Ranger up to 0.5.1 privilege escalation
7692| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7693| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7694| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7695| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7696| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7697| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7698| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7699| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7700| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7701| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7702| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7703| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7704| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7705| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7706| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7707| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7708| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7709| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7710| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7711| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7712| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7713| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7714| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7715| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7716| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7717| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7718| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7719| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7720| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7721| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7722| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7723| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7724| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7725| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7726| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7727| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7728| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7729| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7730| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7731| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7732| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7733| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7734| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7735| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7736| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7737| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7738| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7739| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7740| [78989] Apache Ambari up to 2.1.1 Open Redirect
7741| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7742| [78987] Apache Ambari up to 2.0.x cross site scripting
7743| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7744| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7745| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7746| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7747| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7748| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7749| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7750| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7751| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7752| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7753| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7754| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7755| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7756| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7757| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7758| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7759| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7760| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7761| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7762| [76567] Apache Struts 2.3.20 unknown vulnerability
7763| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7764| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7765| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7766| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7767| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7768| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7769| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7770| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7771| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7772| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7773| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7774| [74793] Apache Tomcat File Upload denial of service
7775| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7776| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7777| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7778| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7779| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
7780| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
7781| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
7782| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
7783| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
7784| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
7785| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
7786| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
7787| [74468] Apache Batik up to 1.6 denial of service
7788| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
7789| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
7790| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
7791| [74174] Apache WSS4J up to 2.0.0 privilege escalation
7792| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
7793| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
7794| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
7795| [73731] Apache XML Security unknown vulnerability
7796| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
7797| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
7798| [73593] Apache Traffic Server up to 5.1.0 denial of service
7799| [73511] Apache POI up to 3.10 Deadlock denial of service
7800| [73510] Apache Solr up to 4.3.0 cross site scripting
7801| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7802| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
7803| [73173] Apache CloudStack Stack-Based unknown vulnerability
7804| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
7805| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
7806| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
7807| [72890] Apache Qpid 0.30 unknown vulnerability
7808| [72887] Apache Hive 0.13.0 File Permission privilege escalation
7809| [72878] Apache Cordova 3.5.0 cross site request forgery
7810| [72877] Apache Cordova 3.5.0 cross site request forgery
7811| [72876] Apache Cordova 3.5.0 cross site request forgery
7812| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
7813| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
7814| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
7815| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
7816| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7817| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7818| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
7819| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
7820| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
7821| [71629] Apache Axis2/C spoofing
7822| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
7823| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
7824| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
7825| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
7826| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
7827| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
7828| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
7829| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
7830| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
7831| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
7832| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
7833| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
7834| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
7835| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
7836| [70809] Apache POI up to 3.11 Crash denial of service
7837| [70808] Apache POI up to 3.10 unknown vulnerability
7838| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
7839| [70749] Apache Axis up to 1.4 getCN spoofing
7840| [70701] Apache Traffic Server up to 3.3.5 denial of service
7841| [70700] Apache OFBiz up to 12.04.03 cross site scripting
7842| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
7843| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
7844| [70661] Apache Subversion up to 1.6.17 denial of service
7845| [70660] Apache Subversion up to 1.6.17 spoofing
7846| [70659] Apache Subversion up to 1.6.17 spoofing
7847| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
7848| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
7849| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
7850| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
7851| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
7852| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
7853| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
7854| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
7855| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
7856| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
7857| [69846] Apache HBase up to 0.94.8 information disclosure
7858| [69783] Apache CouchDB up to 1.2.0 memory corruption
7859| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
7860| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
7861| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
7862| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
7863| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
7864| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
7865| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
7866| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
7867| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
7868| [69431] Apache Archiva up to 1.3.6 cross site scripting
7869| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
7870| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
7871| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
7872| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
7873| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
7874| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
7875| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
7876| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
7877| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
7878| [66739] Apache Camel up to 2.12.2 unknown vulnerability
7879| [66738] Apache Camel up to 2.12.2 unknown vulnerability
7880| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
7881| [66695] Apache CouchDB up to 1.2.0 cross site scripting
7882| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
7883| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
7884| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
7885| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
7886| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
7887| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
7888| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
7889| [66356] Apache Wicket up to 6.8.0 information disclosure
7890| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
7891| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
7892| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7893| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
7894| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
7895| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7896| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7897| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
7898| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
7899| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
7900| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
7901| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
7902| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
7903| [65668] Apache Solr 4.0.0 Updater denial of service
7904| [65665] Apache Solr up to 4.3.0 denial of service
7905| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
7906| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
7907| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
7908| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
7909| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
7910| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
7911| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
7912| [65410] Apache Struts 2.3.15.3 cross site scripting
7913| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
7914| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
7915| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
7916| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
7917| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
7918| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
7919| [65340] Apache Shindig 2.5.0 information disclosure
7920| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
7921| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
7922| [10826] Apache Struts 2 File privilege escalation
7923| [65204] Apache Camel up to 2.10.1 unknown vulnerability
7924| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
7925| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
7926| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
7927| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
7928| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
7929| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
7930| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
7931| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
7932| [64722] Apache XML Security for C++ Heap-based memory corruption
7933| [64719] Apache XML Security for C++ Heap-based memory corruption
7934| [64718] Apache XML Security for C++ verify denial of service
7935| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
7936| [64716] Apache XML Security for C++ spoofing
7937| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
7938| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
7939| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
7940| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
7941| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
7942| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
7943| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
7944| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
7945| [64485] Apache Struts up to 2.2.3.0 privilege escalation
7946| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
7947| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
7948| [64467] Apache Geronimo 3.0 memory corruption
7949| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
7950| [64457] Apache Struts up to 2.2.3.0 cross site scripting
7951| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
7952| [9184] Apache Qpid up to 0.20 SSL misconfiguration
7953| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
7954| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
7955| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
7956| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
7957| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
7958| [8873] Apache Struts 2.3.14 privilege escalation
7959| [8872] Apache Struts 2.3.14 privilege escalation
7960| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
7961| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
7962| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
7963| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
7964| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
7965| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7966| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7967| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
7968| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
7969| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
7970| [64006] Apache ActiveMQ up to 5.7.0 denial of service
7971| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
7972| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
7973| [8427] Apache Tomcat Session Transaction weak authentication
7974| [63960] Apache Maven 3.0.4 Default Configuration spoofing
7975| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
7976| [63750] Apache qpid up to 0.20 checkAvailable denial of service
7977| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
7978| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
7979| [63747] Apache Rave up to 0.20 User Account information disclosure
7980| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
7981| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
7982| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
7983| [7687] Apache CXF up to 2.7.2 Token weak authentication
7984| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7985| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
7986| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
7987| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
7988| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
7989| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
7990| [63090] Apache Tomcat up to 4.1.24 denial of service
7991| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
7992| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
7993| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
7994| [62833] Apache CXF -/2.6.0 spoofing
7995| [62832] Apache Axis2 up to 1.6.2 spoofing
7996| [62831] Apache Axis up to 1.4 Java Message Service spoofing
7997| [62830] Apache Commons-httpclient 3.0 Payments spoofing
7998| [62826] Apache Libcloud up to 0.11.0 spoofing
7999| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8000| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8001| [62661] Apache Axis2 unknown vulnerability
8002| [62658] Apache Axis2 unknown vulnerability
8003| [62467] Apache Qpid up to 0.17 denial of service
8004| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8005| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8006| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8007| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8008| [62035] Apache Struts up to 2.3.4 denial of service
8009| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8010| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8011| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8012| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8013| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8014| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8015| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8016| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8017| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8018| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8019| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8020| [61229] Apache Sling up to 2.1.1 denial of service
8021| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8022| [61094] Apache Roller up to 5.0 cross site scripting
8023| [61093] Apache Roller up to 5.0 cross site request forgery
8024| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8025| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8026| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8027| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8028| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8029| [60708] Apache Qpid 0.12 unknown vulnerability
8030| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8031| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8032| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8033| [4882] Apache Wicket up to 1.5.4 directory traversal
8034| [4881] Apache Wicket up to 1.4.19 cross site scripting
8035| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8036| [60352] Apache Struts up to 2.2.3 memory corruption
8037| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8038| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8039| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8040| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8041| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8042| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8043| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8044| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8045| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8046| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8047| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8048| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8049| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8050| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8051| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8052| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8053| [59888] Apache Tomcat up to 6.0.6 denial of service
8054| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8055| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8056| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8057| [59850] Apache Geronimo up to 2.2.1 denial of service
8058| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8059| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8060| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8061| [58413] Apache Tomcat up to 6.0.10 spoofing
8062| [58381] Apache Wicket up to 1.4.17 cross site scripting
8063| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8064| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8065| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8066| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8067| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8068| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8069| [57568] Apache Archiva up to 1.3.4 cross site scripting
8070| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8071| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8072| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8073| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8074| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8075| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8076| [57025] Apache Tomcat up to 7.0.11 information disclosure
8077| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8078| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8079| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8080| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8081| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8082| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8083| [56512] Apache Continuum up to 1.4.0 cross site scripting
8084| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8085| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8086| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8087| [56441] Apache Tomcat up to 7.0.6 denial of service
8088| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8089| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8090| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8091| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8092| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8093| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8094| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8095| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8096| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8097| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8098| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8099| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8100| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8101| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8102| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8103| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8104| [54012] Apache Tomcat up to 6.0.10 denial of service
8105| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8106| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8107| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8108| [52894] Apache Tomcat up to 6.0.7 information disclosure
8109| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8110| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8111| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8112| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8113| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8114| [52584] Apache CouchDB up to 0.10.1 information disclosure
8115| [51757] Apache HTTP Server 2.0.44 cross site scripting
8116| [51756] Apache HTTP Server 2.0.44 spoofing
8117| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8118| [51690] Apache Tomcat up to 6.0 directory traversal
8119| [51689] Apache Tomcat up to 6.0 information disclosure
8120| [51688] Apache Tomcat up to 6.0 directory traversal
8121| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8122| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8123| [50626] Apache Solr 1.0.0 cross site scripting
8124| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8125| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8126| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8127| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8128| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8129| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8130| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8131| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8132| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8133| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8134| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8135| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8136| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8137| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8138| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8139| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8140| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8141| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8142| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8143| [47214] Apachefriends xampp 1.6.8 spoofing
8144| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8145| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8146| [47065] Apache Tomcat 4.1.23 cross site scripting
8147| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8148| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8149| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8150| [86625] Apache Struts directory traversal
8151| [44461] Apache Tomcat up to 5.5.0 information disclosure
8152| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8153| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8154| [43663] Apache Tomcat up to 6.0.16 directory traversal
8155| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8156| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8157| [43516] Apache Tomcat up to 4.1.20 directory traversal
8158| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8159| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8160| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8161| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8162| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8163| [40924] Apache Tomcat up to 6.0.15 information disclosure
8164| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8165| [40922] Apache Tomcat up to 6.0 information disclosure
8166| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8167| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8168| [40656] Apache Tomcat 5.5.20 information disclosure
8169| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8170| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8171| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8172| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8173| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8174| [40234] Apache Tomcat up to 6.0.15 directory traversal
8175| [40221] Apache HTTP Server 2.2.6 information disclosure
8176| [40027] David Castro Apache Authcas 0.4 sql injection
8177| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8178| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8179| [3414] Apache Tomcat WebDAV Stored privilege escalation
8180| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8181| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8182| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8183| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8184| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8185| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8186| [38524] Apache Geronimo 2.0 unknown vulnerability
8187| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8188| [38331] Apache Tomcat 4.1.24 information disclosure
8189| [38330] Apache Tomcat 4.1.24 information disclosure
8190| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8191| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8192| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8193| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8194| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8195| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8196| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8197| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8198| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8199| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8200| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8201| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8202| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8203| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8204| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8205| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8206| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8207| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8208| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8209| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8210| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8211| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8212| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8213| [34252] Apache HTTP Server denial of service
8214| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8215| [33877] Apache Opentaps 0.9.3 cross site scripting
8216| [33876] Apache Open For Business Project unknown vulnerability
8217| [33875] Apache Open For Business Project cross site scripting
8218| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8219| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8220|
8221| MITRE CVE - https://cve.mitre.org:
8222| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8223| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8224| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8225| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8226| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8227| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8228| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8229| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8230| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8231| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8232| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8233| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8234| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8235| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8236| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8237| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8238| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8239| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8240| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8241| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8242| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8243| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8244| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8245| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8246| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8247| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8248| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8249| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8250| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8251| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8252| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8253| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8254| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8255| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8256| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8257| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8258| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8259| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8260| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8261| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8262| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8263| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8264| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8265| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8266| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8267| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8268| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8269| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8270| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8271| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8272| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8273| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8274| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8275| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8276| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8277| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8278| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8279| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8280| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8281| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8282| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8283| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8284| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8285| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8286| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8287| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8288| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8289| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8290| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8291| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8292| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8293| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8294| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8295| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8296| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8297| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8298| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8299| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8300| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8301| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8302| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8303| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8304| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8305| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8306| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8307| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8308| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8309| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8310| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8311| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8312| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8313| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8314| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8315| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8316| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8317| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8318| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8319| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8320| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8321| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8322| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8323| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8324| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8325| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8326| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8327| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8328| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8329| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8330| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8331| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8332| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8333| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8334| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8335| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8336| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8337| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8338| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8339| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8340| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8341| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8342| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8343| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8344| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8345| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8346| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8347| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8348| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8349| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8350| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8351| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8352| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8353| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8354| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8355| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8356| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8357| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8358| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8359| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8360| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8361| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8362| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8363| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8364| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8365| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8366| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8367| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8368| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8369| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8370| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8371| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8372| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8373| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8374| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8375| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8376| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8377| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8378| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8379| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8380| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8381| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8382| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8383| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8384| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8385| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8386| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8387| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8388| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8389| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8390| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8391| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8392| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8393| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8394| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8395| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8396| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8397| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8398| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8399| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8400| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8401| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8402| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8403| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8404| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8405| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8406| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8407| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8408| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8409| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8410| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8411| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8412| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8413| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8414| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8415| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8416| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8417| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8418| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8419| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8420| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8421| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8422| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8423| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8424| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8425| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8426| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8427| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8428| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8429| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8430| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8431| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8432| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8433| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8434| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8435| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8436| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8437| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8438| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8439| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8440| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8441| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8442| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8443| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8444| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8445| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8446| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8447| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8448| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8449| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8450| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8451| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8452| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8453| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8454| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8455| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8456| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8457| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8458| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8459| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8460| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8461| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8462| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8463| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8464| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8465| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8466| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8467| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8468| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8469| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8470| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8471| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8472| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8473| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8474| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8475| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8476| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8477| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8478| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8479| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8480| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8481| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8482| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8483| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8484| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8485| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8486| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8487| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8488| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8489| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8490| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8491| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8492| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8493| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8494| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8495| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8496| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8497| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8498| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8499| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8500| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8501| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8502| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8503| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8504| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8505| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8506| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8507| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8508| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8509| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8510| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8511| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8512| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8513| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8514| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8515| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8516| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8517| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8518| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8519| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8520| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8521| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8522| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8523| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8524| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8525| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8526| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8527| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8528| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8529| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8530| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8531| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8532| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8533| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8534| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8535| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8536| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8537| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8538| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8539| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8540| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8541| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8542| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8543| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8544| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8545| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8546| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8547| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8548| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8549| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8550| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8551| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8552| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8553| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8554| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8555| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8556| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8557| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8558| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8559| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8560| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8561| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8562| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8563| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8564| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8565| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8566| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8567| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8568| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8569| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8570| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8571| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8572| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8573| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8574| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8575| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8576| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8577| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8578| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8579| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8580| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8581| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8582| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8583| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8584| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8585| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8586| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8587| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8588| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8589| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8590| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8591| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8592| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8593| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8594| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8595| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8596| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8597| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8598| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8599| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8600| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8601| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8602| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8603| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8604| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8605| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8606| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8607| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8608| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8609| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8610| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8611| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8612| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8613| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8614| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8615| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8616| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8617| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8618| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8619| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8620| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8621| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8622| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8623| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8624| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8625| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8626| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8627| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8628| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8629| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8630| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8631| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8632| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8633| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8634| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8635| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8636| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8637| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8638| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8639| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8640| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8641| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8642| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8643| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8644| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8645| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8646| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8647| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8648| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8649| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8650| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8651| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8652| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8653| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8654| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8655| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8656| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8657| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8658| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8659| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8660| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8661| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8662| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8663| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8664| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8665| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8666| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8667| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8668| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8669| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8670| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8671| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8672| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8673| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8674| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8675| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8676| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8677| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8678| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8679| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8680| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8681| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8682| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8683| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8684| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8685| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8686| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8687| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8688| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8689| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8690| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8691| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8692| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8693| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8694| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8695| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8696| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8697| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8698| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8699| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8700| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8701| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8702| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8703| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8704| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8705| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8706| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8707| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8708| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8709| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8710| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8711| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8712| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8713| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8714| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8715| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8716| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8717| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8718| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8719| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8720| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8721| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8722| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8723| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8724| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8725| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8726| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8727| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8728| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8729| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8730| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8731| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8732| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8733| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8734| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8735| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8736| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8737| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8738| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8739| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8740| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8741| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8742| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8743| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8744| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8745| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8746| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8747| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8748| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8749| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8750| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8751| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8752| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8753| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8754| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8755| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8756| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8757| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8758| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8759| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8760| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8761| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8762| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8763| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8764| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8765| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8766| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8767| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8768| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8769| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8770| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8771| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8772| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8773| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8774| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8775| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8776| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8777| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8778| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8779| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
8780| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
8781| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
8782| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
8783| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
8784| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
8785| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
8786| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
8787| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
8788| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8789| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
8790| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
8791| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
8792| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
8793| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
8794| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
8795| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
8796| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
8797| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
8798| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
8799| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
8800| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
8801| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
8802| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
8803| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
8804| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
8805| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
8806| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
8807| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
8808| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
8809| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
8810| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
8811| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
8812| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
8813| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
8814| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
8815| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
8816| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
8817| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
8818| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
8819| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
8820| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
8821| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
8822| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
8823| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
8824| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
8825| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
8826| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
8827| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
8828| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
8829| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
8830| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
8831|
8832| SecurityFocus - https://www.securityfocus.com/bid/:
8833| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
8834| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
8835| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
8836| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
8837| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
8838| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
8839| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
8840| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
8841| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
8842| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
8843| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
8844| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
8845| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
8846| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
8847| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
8848| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
8849| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
8850| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
8851| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
8852| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
8853| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
8854| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
8855| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
8856| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
8857| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
8858| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
8859| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
8860| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
8861| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
8862| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
8863| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
8864| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
8865| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
8866| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
8867| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
8868| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
8869| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
8870| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
8871| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
8872| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
8873| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
8874| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
8875| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
8876| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
8877| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
8878| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
8879| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
8880| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
8881| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
8882| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
8883| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
8884| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
8885| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
8886| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
8887| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
8888| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
8889| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
8890| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
8891| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
8892| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
8893| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
8894| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
8895| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
8896| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
8897| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
8898| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
8899| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
8900| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
8901| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
8902| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
8903| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
8904| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
8905| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
8906| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
8907| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
8908| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
8909| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
8910| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
8911| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
8912| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
8913| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
8914| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
8915| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
8916| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
8917| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
8918| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
8919| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
8920| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
8921| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
8922| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
8923| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
8924| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
8925| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
8926| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
8927| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
8928| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
8929| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
8930| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
8931| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
8932| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
8933| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
8934| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
8935| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
8936| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
8937| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
8938| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
8939| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
8940| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
8941| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
8942| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
8943| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
8944| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
8945| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
8946| [100447] Apache2Triad Multiple Security Vulnerabilities
8947| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
8948| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
8949| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
8950| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
8951| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
8952| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
8953| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
8954| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
8955| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
8956| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
8957| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
8958| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
8959| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
8960| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
8961| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
8962| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
8963| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
8964| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
8965| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
8966| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
8967| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
8968| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
8969| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
8970| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
8971| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
8972| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
8973| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
8974| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
8975| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
8976| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
8977| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
8978| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
8979| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
8980| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
8981| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
8982| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
8983| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
8984| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
8985| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
8986| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
8987| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
8988| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
8989| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
8990| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
8991| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
8992| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
8993| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
8994| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
8995| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
8996| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
8997| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
8998| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
8999| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9000| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9001| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9002| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9003| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9004| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9005| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9006| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9007| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9008| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9009| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9010| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9011| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9012| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9013| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9014| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9015| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9016| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9017| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9018| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9019| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9020| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9021| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9022| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9023| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9024| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9025| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9026| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9027| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9028| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9029| [95675] Apache Struts Remote Code Execution Vulnerability
9030| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9031| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9032| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9033| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9034| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9035| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9036| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9037| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9038| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9039| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9040| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9041| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9042| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9043| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9044| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9045| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9046| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9047| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9048| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9049| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9050| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9051| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9052| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9053| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9054| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9055| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9056| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9057| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9058| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9059| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9060| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9061| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9062| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9063| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9064| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9065| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9066| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9067| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9068| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9069| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9070| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9071| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9072| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9073| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9074| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9075| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9076| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9077| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9078| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9079| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9080| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9081| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9082| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9083| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9084| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9085| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9086| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9087| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9088| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9089| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9090| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9091| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9092| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9093| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9094| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9095| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9096| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9097| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9098| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9099| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9100| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9101| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9102| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9103| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9104| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9105| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9106| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9107| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9108| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9109| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9110| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9111| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9112| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9113| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9114| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9115| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9116| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9117| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9118| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9119| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9120| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9121| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9122| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9123| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9124| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9125| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9126| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9127| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9128| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9129| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9130| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9131| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9132| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9133| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9134| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9135| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9136| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9137| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9138| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9139| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9140| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9141| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9142| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9143| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9144| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9145| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9146| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9147| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9148| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9149| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9150| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9151| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9152| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9153| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9154| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9155| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9156| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9157| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9158| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9159| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9160| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9161| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9162| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9163| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9164| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9165| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9166| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9167| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9168| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9169| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9170| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9171| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9172| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9173| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9174| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9175| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9176| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9177| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9178| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9179| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9180| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9181| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9182| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9183| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9184| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9185| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9186| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9187| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9188| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9189| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9190| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9191| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9192| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9193| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9194| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9195| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9196| [76933] Apache James Server Unspecified Command Execution Vulnerability
9197| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9198| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9199| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9200| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9201| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9202| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9203| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9204| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9205| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9206| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9207| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9208| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9209| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9210| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9211| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9212| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9213| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9214| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9215| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9216| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9217| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9218| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9219| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9220| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9221| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9222| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9223| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9224| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9225| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9226| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9227| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9228| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9229| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9230| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9231| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9232| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9233| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9234| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9235| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9236| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9237| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9238| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9239| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9240| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9241| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9242| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9243| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9244| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9245| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9246| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9247| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9248| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9249| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9250| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9251| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9252| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9253| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9254| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9255| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9256| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9257| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9258| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9259| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9260| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9261| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9262| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9263| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9264| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9265| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9266| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9267| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9268| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9269| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9270| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9271| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9272| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9273| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9274| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9275| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9276| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9277| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9278| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9279| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9280| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9281| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9282| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9283| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9284| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9285| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9286| [68229] Apache Harmony PRNG Entropy Weakness
9287| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9288| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9289| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9290| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9291| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9292| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9293| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9294| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9295| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9296| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9297| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9298| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9299| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9300| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9301| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9302| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9303| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9304| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9305| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9306| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9307| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9308| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9309| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9310| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9311| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9312| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9313| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9314| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9315| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9316| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9317| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9318| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9319| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9320| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9321| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9322| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9323| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9324| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9325| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9326| [64780] Apache CloudStack Unauthorized Access Vulnerability
9327| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9328| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9329| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9330| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9331| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9332| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9333| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9334| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9335| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9336| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9337| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9338| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9339| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9340| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9341| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9342| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9343| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9344| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9345| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9346| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9347| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9348| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9349| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9350| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9351| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9352| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9353| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9354| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9355| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9356| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9357| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9358| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9359| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9360| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9361| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9362| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9363| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9364| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9365| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9366| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9367| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9368| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9369| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9370| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9371| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9372| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9373| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9374| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9375| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9376| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9377| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9378| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9379| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9380| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9381| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9382| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9383| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9384| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9385| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9386| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9387| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9388| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9389| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9390| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9391| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9392| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9393| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9394| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9395| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9396| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9397| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9398| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9399| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9400| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9401| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9402| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9403| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9404| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9405| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9406| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9407| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9408| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9409| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9410| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9411| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9412| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9413| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9414| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9415| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9416| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9417| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9418| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9419| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9420| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9421| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9422| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9423| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9424| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9425| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9426| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9427| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9428| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9429| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9430| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9431| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9432| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9433| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9434| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9435| [54798] Apache Libcloud Man In The Middle Vulnerability
9436| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9437| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9438| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9439| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9440| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9441| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9442| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9443| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9444| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9445| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9446| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9447| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9448| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9449| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9450| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9451| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9452| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9453| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9454| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9455| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9456| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9457| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9458| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9459| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9460| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9461| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9462| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9463| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9464| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9465| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9466| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9467| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9468| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9469| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9470| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9471| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9472| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9473| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9474| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9475| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9476| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9477| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9478| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9479| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9480| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9481| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9482| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9483| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9484| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9485| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9486| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9487| [49290] Apache Wicket Cross Site Scripting Vulnerability
9488| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9489| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9490| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9491| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9492| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9493| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9494| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9495| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9496| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9497| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9498| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9499| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9500| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9501| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9502| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9503| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9504| [46953] Apache MPM-ITK Module Security Weakness
9505| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9506| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9507| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9508| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9509| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9510| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9511| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9512| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9513| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9514| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9515| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9516| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9517| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9518| [44616] Apache Shiro Directory Traversal Vulnerability
9519| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9520| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9521| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9522| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9523| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9524| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9525| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9526| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9527| [42492] Apache CXF XML DTD Processing Security Vulnerability
9528| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9529| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9530| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9531| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9532| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9533| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9534| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9535| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9536| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9537| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9538| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9539| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9540| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9541| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9542| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9543| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9544| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9545| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9546| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9547| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9548| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9549| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9550| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9551| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9552| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9553| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9554| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9555| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9556| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9557| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9558| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9559| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9560| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9561| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9562| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9563| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9564| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9565| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9566| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9567| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9568| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9569| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9570| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9571| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9572| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9573| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9574| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9575| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9576| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9577| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9578| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9579| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9580| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9581| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9582| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9583| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9584| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9585| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9586| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9587| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9588| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9589| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9590| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9591| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9592| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9593| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9594| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9595| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9596| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9597| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9598| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9599| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9600| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9601| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9602| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9603| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9604| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9605| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9606| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9607| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9608| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9609| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9610| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9611| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9612| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9613| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9614| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9615| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9616| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9617| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9618| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9619| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9620| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9621| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9622| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9623| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9624| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9625| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9626| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9627| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9628| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9629| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9630| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9631| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9632| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9633| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9634| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9635| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9636| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9637| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9638| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9639| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9640| [20527] Apache Mod_TCL Remote Format String Vulnerability
9641| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9642| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9643| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9644| [19106] Apache Tomcat Information Disclosure Vulnerability
9645| [18138] Apache James SMTP Denial Of Service Vulnerability
9646| [17342] Apache Struts Multiple Remote Vulnerabilities
9647| [17095] Apache Log4Net Denial Of Service Vulnerability
9648| [16916] Apache mod_python FileSession Code Execution Vulnerability
9649| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9650| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9651| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9652| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9653| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9654| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9655| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9656| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9657| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9658| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9659| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9660| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9661| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9662| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9663| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9664| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9665| [14106] Apache HTTP Request Smuggling Vulnerability
9666| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9667| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9668| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9669| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9670| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9671| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9672| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9673| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9674| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9675| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9676| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9677| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9678| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9679| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9680| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9681| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9682| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9683| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9684| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9685| [11094] Apache mod_ssl Denial Of Service Vulnerability
9686| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9687| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9688| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9689| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9690| [10478] ClueCentral Apache Suexec Patch Security Weakness
9691| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9692| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9693| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9694| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9695| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9696| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9697| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9698| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9699| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9700| [9733] Apache Cygwin Directory Traversal Vulnerability
9701| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9702| [9590] Apache-SSL Client Certificate Forging Vulnerability
9703| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9704| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9705| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9706| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9707| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9708| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9709| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9710| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9711| [8898] Red Hat Apache Directory Index Default Configuration Error
9712| [8883] Apache Cocoon Directory Traversal Vulnerability
9713| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9714| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9715| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9716| [8707] Apache htpasswd Password Entropy Weakness
9717| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9718| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9719| [8226] Apache HTTP Server Multiple Vulnerabilities
9720| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9721| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9722| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9723| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9724| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9725| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9726| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9727| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9728| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9729| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9730| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9731| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9732| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9733| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9734| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9735| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9736| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9737| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9738| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9739| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9740| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9741| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9742| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9743| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9744| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9745| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9746| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9747| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9748| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9749| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9750| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9751| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9752| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9753| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9754| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9755| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9756| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9757| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9758| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9759| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9760| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9761| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9762| [5485] Apache 2.0 Path Disclosure Vulnerability
9763| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9764| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9765| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9766| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9767| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9768| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9769| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9770| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9771| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9772| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9773| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9774| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9775| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9776| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9777| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9778| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9779| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
9780| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
9781| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
9782| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9783| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9784| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
9785| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
9786| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
9787| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
9788| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
9789| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
9790| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
9791| [3596] Apache Split-Logfile File Append Vulnerability
9792| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
9793| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
9794| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
9795| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
9796| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
9797| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
9798| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
9799| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
9800| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
9801| [3169] Apache Server Address Disclosure Vulnerability
9802| [3009] Apache Possible Directory Index Disclosure Vulnerability
9803| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
9804| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
9805| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
9806| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
9807| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
9808| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
9809| [2216] Apache Web Server DoS Vulnerability
9810| [2182] Apache /tmp File Race Vulnerability
9811| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
9812| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
9813| [1821] Apache mod_cookies Buffer Overflow Vulnerability
9814| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
9815| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
9816| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
9817| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
9818| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
9819| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
9820| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
9821| [1457] Apache::ASP source.asp Example Script Vulnerability
9822| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
9823| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
9824|
9825| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9826| [86258] Apache CloudStack text fields cross-site scripting
9827| [85983] Apache Subversion mod_dav_svn module denial of service
9828| [85875] Apache OFBiz UEL code execution
9829| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
9830| [85871] Apache HTTP Server mod_session_dbd unspecified
9831| [85756] Apache Struts OGNL expression command execution
9832| [85755] Apache Struts DefaultActionMapper class open redirect
9833| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
9834| [85574] Apache HTTP Server mod_dav denial of service
9835| [85573] Apache Struts Showcase App OGNL code execution
9836| [85496] Apache CXF denial of service
9837| [85423] Apache Geronimo RMI classloader code execution
9838| [85326] Apache Santuario XML Security for C++ buffer overflow
9839| [85323] Apache Santuario XML Security for Java spoofing
9840| [85319] Apache Qpid Python client SSL spoofing
9841| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
9842| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
9843| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
9844| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
9845| [84952] Apache Tomcat CVE-2012-3544 denial of service
9846| [84763] Apache Struts CVE-2013-2135 security bypass
9847| [84762] Apache Struts CVE-2013-2134 security bypass
9848| [84719] Apache Subversion CVE-2013-2088 command execution
9849| [84718] Apache Subversion CVE-2013-2112 denial of service
9850| [84717] Apache Subversion CVE-2013-1968 denial of service
9851| [84577] Apache Tomcat security bypass
9852| [84576] Apache Tomcat symlink
9853| [84543] Apache Struts CVE-2013-2115 security bypass
9854| [84542] Apache Struts CVE-2013-1966 security bypass
9855| [84154] Apache Tomcat session hijacking
9856| [84144] Apache Tomcat denial of service
9857| [84143] Apache Tomcat information disclosure
9858| [84111] Apache HTTP Server command execution
9859| [84043] Apache Virtual Computing Lab cross-site scripting
9860| [84042] Apache Virtual Computing Lab cross-site scripting
9861| [83782] Apache CloudStack information disclosure
9862| [83781] Apache CloudStack security bypass
9863| [83720] Apache ActiveMQ cross-site scripting
9864| [83719] Apache ActiveMQ denial of service
9865| [83718] Apache ActiveMQ denial of service
9866| [83263] Apache Subversion denial of service
9867| [83262] Apache Subversion denial of service
9868| [83261] Apache Subversion denial of service
9869| [83259] Apache Subversion denial of service
9870| [83035] Apache mod_ruid2 security bypass
9871| [82852] Apache Qpid federation_tag security bypass
9872| [82851] Apache Qpid qpid::framing::Buffer denial of service
9873| [82758] Apache Rave User RPC API information disclosure
9874| [82663] Apache Subversion svn_fs_file_length() denial of service
9875| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
9876| [82641] Apache Qpid AMQP denial of service
9877| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
9878| [82618] Apache Commons FileUpload symlink
9879| [82360] Apache HTTP Server manager interface cross-site scripting
9880| [82359] Apache HTTP Server hostnames cross-site scripting
9881| [82338] Apache Tomcat log/logdir information disclosure
9882| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
9883| [82268] Apache OpenJPA deserialization command execution
9884| [81981] Apache CXF UsernameTokens security bypass
9885| [81980] Apache CXF WS-Security security bypass
9886| [81398] Apache OFBiz cross-site scripting
9887| [81240] Apache CouchDB directory traversal
9888| [81226] Apache CouchDB JSONP code execution
9889| [81225] Apache CouchDB Futon user interface cross-site scripting
9890| [81211] Apache Axis2/C SSL spoofing
9891| [81167] Apache CloudStack DeployVM information disclosure
9892| [81166] Apache CloudStack AddHost API information disclosure
9893| [81165] Apache CloudStack createSSHKeyPair API information disclosure
9894| [80518] Apache Tomcat cross-site request forgery security bypass
9895| [80517] Apache Tomcat FormAuthenticator security bypass
9896| [80516] Apache Tomcat NIO denial of service
9897| [80408] Apache Tomcat replay-countermeasure security bypass
9898| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
9899| [80317] Apache Tomcat slowloris denial of service
9900| [79984] Apache Commons HttpClient SSL spoofing
9901| [79983] Apache CXF SSL spoofing
9902| [79830] Apache Axis2/Java SSL spoofing
9903| [79829] Apache Axis SSL spoofing
9904| [79809] Apache Tomcat DIGEST security bypass
9905| [79806] Apache Tomcat parseHeaders() denial of service
9906| [79540] Apache OFBiz unspecified
9907| [79487] Apache Axis2 SAML security bypass
9908| [79212] Apache Cloudstack code execution
9909| [78734] Apache CXF SOAP Action security bypass
9910| [78730] Apache Qpid broker denial of service
9911| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
9912| [78563] Apache mod_pagespeed module unspecified cross-site scripting
9913| [78562] Apache mod_pagespeed module security bypass
9914| [78454] Apache Axis2 security bypass
9915| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
9916| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
9917| [78321] Apache Wicket unspecified cross-site scripting
9918| [78183] Apache Struts parameters denial of service
9919| [78182] Apache Struts cross-site request forgery
9920| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
9921| [77987] mod_rpaf module for Apache denial of service
9922| [77958] Apache Struts skill name code execution
9923| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
9924| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
9925| [77568] Apache Qpid broker security bypass
9926| [77421] Apache Libcloud spoofing
9927| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
9928| [77046] Oracle Solaris Apache HTTP Server information disclosure
9929| [76837] Apache Hadoop information disclosure
9930| [76802] Apache Sling CopyFrom denial of service
9931| [76692] Apache Hadoop symlink
9932| [76535] Apache Roller console cross-site request forgery
9933| [76534] Apache Roller weblog cross-site scripting
9934| [76152] Apache CXF elements security bypass
9935| [76151] Apache CXF child policies security bypass
9936| [75983] MapServer for Windows Apache file include
9937| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
9938| [75558] Apache POI denial of service
9939| [75545] PHP apache_request_headers() buffer overflow
9940| [75302] Apache Qpid SASL security bypass
9941| [75211] Debian GNU/Linux apache 2 cross-site scripting
9942| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
9943| [74871] Apache OFBiz FlexibleStringExpander code execution
9944| [74870] Apache OFBiz multiple cross-site scripting
9945| [74750] Apache Hadoop unspecified spoofing
9946| [74319] Apache Struts XSLTResult.java file upload
9947| [74313] Apache Traffic Server header buffer overflow
9948| [74276] Apache Wicket directory traversal
9949| [74273] Apache Wicket unspecified cross-site scripting
9950| [74181] Apache HTTP Server mod_fcgid module denial of service
9951| [73690] Apache Struts OGNL code execution
9952| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
9953| [73100] Apache MyFaces in directory traversal
9954| [73096] Apache APR hash denial of service
9955| [73052] Apache Struts name cross-site scripting
9956| [73030] Apache CXF UsernameToken security bypass
9957| [72888] Apache Struts lastName cross-site scripting
9958| [72758] Apache HTTP Server httpOnly information disclosure
9959| [72757] Apache HTTP Server MPM denial of service
9960| [72585] Apache Struts ParameterInterceptor security bypass
9961| [72438] Apache Tomcat Digest security bypass
9962| [72437] Apache Tomcat Digest security bypass
9963| [72436] Apache Tomcat DIGEST security bypass
9964| [72425] Apache Tomcat parameter denial of service
9965| [72422] Apache Tomcat request object information disclosure
9966| [72377] Apache HTTP Server scoreboard security bypass
9967| [72345] Apache HTTP Server HTTP request denial of service
9968| [72229] Apache Struts ExceptionDelegator command execution
9969| [72089] Apache Struts ParameterInterceptor directory traversal
9970| [72088] Apache Struts CookieInterceptor command execution
9971| [72047] Apache Geronimo hash denial of service
9972| [72016] Apache Tomcat hash denial of service
9973| [71711] Apache Struts OGNL expression code execution
9974| [71654] Apache Struts interfaces security bypass
9975| [71620] Apache ActiveMQ failover denial of service
9976| [71617] Apache HTTP Server mod_proxy module information disclosure
9977| [71508] Apache MyFaces EL security bypass
9978| [71445] Apache HTTP Server mod_proxy security bypass
9979| [71203] Apache Tomcat servlets privilege escalation
9980| [71181] Apache HTTP Server ap_pregsub() denial of service
9981| [71093] Apache HTTP Server ap_pregsub() buffer overflow
9982| [70336] Apache HTTP Server mod_proxy information disclosure
9983| [69804] Apache HTTP Server mod_proxy_ajp denial of service
9984| [69472] Apache Tomcat AJP security bypass
9985| [69396] Apache HTTP Server ByteRange filter denial of service
9986| [69394] Apache Wicket multi window support cross-site scripting
9987| [69176] Apache Tomcat XML information disclosure
9988| [69161] Apache Tomcat jsvc information disclosure
9989| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
9990| [68541] Apache Tomcat sendfile information disclosure
9991| [68420] Apache XML Security denial of service
9992| [68238] Apache Tomcat JMX information disclosure
9993| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
9994| [67804] Apache Subversion control rules information disclosure
9995| [67803] Apache Subversion control rules denial of service
9996| [67802] Apache Subversion baselined denial of service
9997| [67672] Apache Archiva multiple cross-site scripting
9998| [67671] Apache Archiva multiple cross-site request forgery
9999| [67564] Apache APR apr_fnmatch() denial of service
10000| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10001| [67515] Apache Tomcat annotations security bypass
10002| [67480] Apache Struts s:submit information disclosure
10003| [67414] Apache APR apr_fnmatch() denial of service
10004| [67356] Apache Struts javatemplates cross-site scripting
10005| [67354] Apache Struts Xwork cross-site scripting
10006| [66676] Apache Tomcat HTTP BIO information disclosure
10007| [66675] Apache Tomcat web.xml security bypass
10008| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10009| [66241] Apache HttpComponents information disclosure
10010| [66154] Apache Tomcat ServletSecurity security bypass
10011| [65971] Apache Tomcat ServletSecurity security bypass
10012| [65876] Apache Subversion mod_dav_svn denial of service
10013| [65343] Apache Continuum unspecified cross-site scripting
10014| [65162] Apache Tomcat NIO connector denial of service
10015| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10016| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10017| [65159] Apache Tomcat ServletContect security bypass
10018| [65050] Apache CouchDB web-based administration UI cross-site scripting
10019| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10020| [64473] Apache Subversion blame -g denial of service
10021| [64472] Apache Subversion walk() denial of service
10022| [64407] Apache Axis2 CVE-2010-0219 code execution
10023| [63926] Apache Archiva password privilege escalation
10024| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10025| [63493] Apache Archiva credentials cross-site request forgery
10026| [63477] Apache Tomcat HttpOnly session hijacking
10027| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10028| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10029| [62959] Apache Shiro filters security bypass
10030| [62790] Apache Perl cgi module denial of service
10031| [62576] Apache Qpid exchange denial of service
10032| [62575] Apache Qpid AMQP denial of service
10033| [62354] Apache Qpid SSL denial of service
10034| [62235] Apache APR-util apr_brigade_split_line() denial of service
10035| [62181] Apache XML-RPC SAX Parser information disclosure
10036| [61721] Apache Traffic Server cache poisoning
10037| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10038| [61186] Apache CouchDB Futon cross-site request forgery
10039| [61169] Apache CXF DTD denial of service
10040| [61070] Apache Jackrabbit search.jsp SQL injection
10041| [61006] Apache SLMS Quoting cross-site request forgery
10042| [60962] Apache Tomcat time cross-site scripting
10043| [60883] Apache mod_proxy_http information disclosure
10044| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10045| [60264] Apache Tomcat Transfer-Encoding denial of service
10046| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10047| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10048| [59413] Apache mod_proxy_http timeout information disclosure
10049| [59058] Apache MyFaces unencrypted view state cross-site scripting
10050| [58827] Apache Axis2 xsd file include
10051| [58790] Apache Axis2 modules cross-site scripting
10052| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10053| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10054| [58056] Apache ActiveMQ .jsp source code disclosure
10055| [58055] Apache Tomcat realm name information disclosure
10056| [58046] Apache HTTP Server mod_auth_shadow security bypass
10057| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10058| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10059| [57429] Apache CouchDB algorithms information disclosure
10060| [57398] Apache ActiveMQ Web console cross-site request forgery
10061| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10062| [56653] Apache HTTP Server DNS spoofing
10063| [56652] Apache HTTP Server DNS cross-site scripting
10064| [56625] Apache HTTP Server request header information disclosure
10065| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10066| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10067| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10068| [55857] Apache Tomcat WAR files directory traversal
10069| [55856] Apache Tomcat autoDeploy attribute security bypass
10070| [55855] Apache Tomcat WAR directory traversal
10071| [55210] Intuit component for Joomla! Apache information disclosure
10072| [54533] Apache Tomcat 404 error page cross-site scripting
10073| [54182] Apache Tomcat admin default password
10074| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10075| [53666] Apache HTTP Server Solaris pollset support denial of service
10076| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10077| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10078| [53041] mod_proxy_ftp module for Apache denial of service
10079| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10080| [51953] Apache Tomcat Path Disclosure
10081| [51952] Apache Tomcat Path Traversal
10082| [51951] Apache stronghold-status Information Disclosure
10083| [51950] Apache stronghold-info Information Disclosure
10084| [51949] Apache PHP Source Code Disclosure
10085| [51948] Apache Multiviews Attack
10086| [51946] Apache JServ Environment Status Information Disclosure
10087| [51945] Apache error_log Information Disclosure
10088| [51944] Apache Default Installation Page Pattern Found
10089| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10090| [51942] Apache AXIS XML External Entity File Retrieval
10091| [51941] Apache AXIS Sample Servlet Information Leak
10092| [51940] Apache access_log Information Disclosure
10093| [51626] Apache mod_deflate denial of service
10094| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10095| [51365] Apache Tomcat RequestDispatcher security bypass
10096| [51273] Apache HTTP Server Incomplete Request denial of service
10097| [51195] Apache Tomcat XML information disclosure
10098| [50994] Apache APR-util xml/apr_xml.c denial of service
10099| [50993] Apache APR-util apr_brigade_vprintf denial of service
10100| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10101| [50930] Apache Tomcat j_security_check information disclosure
10102| [50928] Apache Tomcat AJP denial of service
10103| [50884] Apache HTTP Server XML ENTITY denial of service
10104| [50808] Apache HTTP Server AllowOverride privilege escalation
10105| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10106| [50059] Apache mod_proxy_ajp information disclosure
10107| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10108| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10109| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10110| [49921] Apache ActiveMQ Web interface cross-site scripting
10111| [49898] Apache Geronimo Services/Repository directory traversal
10112| [49725] Apache Tomcat mod_jk module information disclosure
10113| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10114| [49712] Apache Struts unspecified cross-site scripting
10115| [49213] Apache Tomcat cal2.jsp cross-site scripting
10116| [48934] Apache Tomcat POST doRead method information disclosure
10117| [48211] Apache Tomcat header HTTP request smuggling
10118| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10119| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10120| [47709] Apache Roller "
10121| [47104] Novell Netware ApacheAdmin console security bypass
10122| [47086] Apache HTTP Server OS fingerprinting unspecified
10123| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10124| [45791] Apache Tomcat RemoteFilterValve security bypass
10125| [44435] Oracle WebLogic Apache Connector buffer overflow
10126| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10127| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10128| [44156] Apache Tomcat RequestDispatcher directory traversal
10129| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10130| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10131| [42987] Apache HTTP Server mod_proxy module denial of service
10132| [42915] Apache Tomcat JSP files path disclosure
10133| [42914] Apache Tomcat MS-DOS path disclosure
10134| [42892] Apache Tomcat unspecified unauthorized access
10135| [42816] Apache Tomcat Host Manager cross-site scripting
10136| [42303] Apache 403 error cross-site scripting
10137| [41618] Apache-SSL ExpandCert() authentication bypass
10138| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10139| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10140| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10141| [40562] Apache Geronimo init information disclosure
10142| [40478] Novell Web Manager webadmin-apache.conf security bypass
10143| [40411] Apache Tomcat exception handling information disclosure
10144| [40409] Apache Tomcat native (APR based) connector weak security
10145| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10146| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10147| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10148| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10149| [39804] Apache Tomcat SingleSignOn information disclosure
10150| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10151| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10152| [39608] Apache HTTP Server balancer manager cross-site request forgery
10153| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10154| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10155| [39472] Apache HTTP Server mod_status cross-site scripting
10156| [39201] Apache Tomcat JULI logging weak security
10157| [39158] Apache HTTP Server Windows SMB shares information disclosure
10158| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10159| [38951] Apache::AuthCAS Perl module cookie SQL injection
10160| [38800] Apache HTTP Server 413 error page cross-site scripting
10161| [38211] Apache Geronimo SQLLoginModule authentication bypass
10162| [37243] Apache Tomcat WebDAV directory traversal
10163| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10164| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10165| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10166| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10167| [36782] Apache Geronimo MEJB unauthorized access
10168| [36586] Apache HTTP Server UTF-7 cross-site scripting
10169| [36468] Apache Geronimo LoginModule security bypass
10170| [36467] Apache Tomcat functions.jsp cross-site scripting
10171| [36402] Apache Tomcat calendar cross-site request forgery
10172| [36354] Apache HTTP Server mod_proxy module denial of service
10173| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10174| [36336] Apache Derby lock table privilege escalation
10175| [36335] Apache Derby schema privilege escalation
10176| [36006] Apache Tomcat "
10177| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10178| [35999] Apache Tomcat \"
10179| [35795] Apache Tomcat CookieExample cross-site scripting
10180| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10181| [35384] Apache HTTP Server mod_cache module denial of service
10182| [35097] Apache HTTP Server mod_status module cross-site scripting
10183| [35095] Apache HTTP Server Prefork MPM module denial of service
10184| [34984] Apache HTTP Server recall_headers information disclosure
10185| [34966] Apache HTTP Server MPM content spoofing
10186| [34965] Apache HTTP Server MPM information disclosure
10187| [34963] Apache HTTP Server MPM multiple denial of service
10188| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10189| [34869] Apache Tomcat JSP example Web application cross-site scripting
10190| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10191| [34496] Apache Tomcat JK Connector security bypass
10192| [34377] Apache Tomcat hello.jsp cross-site scripting
10193| [34212] Apache Tomcat SSL configuration security bypass
10194| [34210] Apache Tomcat Accept-Language cross-site scripting
10195| [34209] Apache Tomcat calendar application cross-site scripting
10196| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10197| [34167] Apache Axis WSDL file path disclosure
10198| [34068] Apache Tomcat AJP connector information disclosure
10199| [33584] Apache HTTP Server suEXEC privilege escalation
10200| [32988] Apache Tomcat proxy module directory traversal
10201| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10202| [32708] Debian Apache tty privilege escalation
10203| [32441] ApacheStats extract() PHP call unspecified
10204| [32128] Apache Tomcat default account
10205| [31680] Apache Tomcat RequestParamExample cross-site scripting
10206| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10207| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10208| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10209| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10210| [29550] Apache mod_tcl set_var() format string
10211| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10212| [28357] Apache HTTP Server mod_alias script source information disclosure
10213| [28063] Apache mod_rewrite off-by-one buffer overflow
10214| [27902] Apache Tomcat URL information disclosure
10215| [26786] Apache James SMTP server denial of service
10216| [25680] libapache2 /tmp/svn file upload
10217| [25614] Apache Struts lookupMap cross-site scripting
10218| [25613] Apache Struts ActionForm denial of service
10219| [25612] Apache Struts isCancelled() security bypass
10220| [24965] Apache mod_python FileSession command execution
10221| [24716] Apache James spooler memory leak denial of service
10222| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10223| [24158] Apache Geronimo jsp-examples cross-site scripting
10224| [24030] Apache auth_ldap module multiple format strings
10225| [24008] Apache mod_ssl custom error message denial of service
10226| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10227| [23612] Apache mod_imap referer field cross-site scripting
10228| [23173] Apache Struts error message cross-site scripting
10229| [22942] Apache Tomcat directory listing denial of service
10230| [22858] Apache Multi-Processing Module code allows denial of service
10231| [22602] RHSA-2005:582 updates for Apache httpd not installed
10232| [22520] Apache mod-auth-shadow "
10233| [22466] ApacheTop symlink
10234| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10235| [22006] Apache HTTP Server byte-range filter denial of service
10236| [21567] Apache mod_ssl off-by-one buffer overflow
10237| [21195] Apache HTTP Server header HTTP request smuggling
10238| [20383] Apache HTTP Server htdigest buffer overflow
10239| [19681] Apache Tomcat AJP12 request denial of service
10240| [18993] Apache HTTP server check_forensic symlink attack
10241| [18790] Apache Tomcat Manager cross-site scripting
10242| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10243| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10244| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10245| [17961] Apache Web server ServerTokens has not been set
10246| [17930] Apache HTTP Server HTTP GET request denial of service
10247| [17785] Apache mod_include module buffer overflow
10248| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10249| [17473] Apache HTTP Server Satisfy directive allows access to resources
10250| [17413] Apache htpasswd buffer overflow
10251| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10252| [17382] Apache HTTP Server IPv6 apr_util denial of service
10253| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10254| [17273] Apache HTTP Server speculative mode denial of service
10255| [17200] Apache HTTP Server mod_ssl denial of service
10256| [16890] Apache HTTP Server server-info request has been detected
10257| [16889] Apache HTTP Server server-status request has been detected
10258| [16705] Apache mod_ssl format string attack
10259| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10260| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10261| [16230] Apache HTTP Server PHP denial of service
10262| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10263| [15958] Apache HTTP Server authentication modules memory corruption
10264| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10265| [15540] Apache HTTP Server socket starvation denial of service
10266| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10267| [15422] Apache HTTP Server mod_access information disclosure
10268| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10269| [15293] Apache for Cygwin "
10270| [15065] Apache-SSL has a default password
10271| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10272| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10273| [14751] Apache Mod_python output filter information disclosure
10274| [14125] Apache HTTP Server mod_userdir module information disclosure
10275| [14075] Apache HTTP Server mod_php file descriptor leak
10276| [13703] Apache HTTP Server account
10277| [13689] Apache HTTP Server configuration allows symlinks
10278| [13688] Apache HTTP Server configuration allows SSI
10279| [13687] Apache HTTP Server Server: header value
10280| [13685] Apache HTTP Server ServerTokens value
10281| [13684] Apache HTTP Server ServerSignature value
10282| [13672] Apache HTTP Server config allows directory autoindexing
10283| [13671] Apache HTTP Server default content
10284| [13670] Apache HTTP Server config file directive references outside content root
10285| [13668] Apache HTTP Server httpd not running in chroot environment
10286| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10287| [13664] Apache HTTP Server config file contains ScriptAlias entry
10288| [13663] Apache HTTP Server CGI support modules loaded
10289| [13661] Apache HTTP Server config file contains AddHandler entry
10290| [13660] Apache HTTP Server 500 error page not CGI script
10291| [13659] Apache HTTP Server 413 error page not CGI script
10292| [13658] Apache HTTP Server 403 error page not CGI script
10293| [13657] Apache HTTP Server 401 error page not CGI script
10294| [13552] Apache HTTP Server mod_cgid module information disclosure
10295| [13550] Apache GET request directory traversal
10296| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10297| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10298| [13429] Apache Tomcat non-HTTP request denial of service
10299| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10300| [13295] Apache weak password encryption
10301| [13254] Apache Tomcat .jsp cross-site scripting
10302| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10303| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10304| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10305| [12662] Apache HTTP Server rotatelogs denial of service
10306| [12554] Apache Tomcat stores password in plain text
10307| [12553] Apache HTTP Server redirects and subrequests denial of service
10308| [12552] Apache HTTP Server FTP proxy server denial of service
10309| [12551] Apache HTTP Server prefork MPM denial of service
10310| [12550] Apache HTTP Server weaker than expected encryption
10311| [12549] Apache HTTP Server type-map file denial of service
10312| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10313| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10314| [12091] Apache HTTP Server apr_password_validate denial of service
10315| [12090] Apache HTTP Server apr_psprintf code execution
10316| [11804] Apache HTTP Server mod_access_referer denial of service
10317| [11750] Apache HTTP Server could leak sensitive file descriptors
10318| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10319| [11703] Apache long slash path allows directory listing
10320| [11695] Apache HTTP Server LF (Line Feed) denial of service
10321| [11694] Apache HTTP Server filestat.c denial of service
10322| [11438] Apache HTTP Server MIME message boundaries information disclosure
10323| [11412] Apache HTTP Server error log terminal escape sequence injection
10324| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10325| [11195] Apache Tomcat web.xml could be used to read files
10326| [11194] Apache Tomcat URL appended with a null character could list directories
10327| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10328| [11126] Apache HTTP Server illegal character file disclosure
10329| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10330| [11124] Apache HTTP Server DOS device name denial of service
10331| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10332| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10333| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10334| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10335| [10499] Apache HTTP Server WebDAV HTTP POST view source
10336| [10457] Apache HTTP Server mod_ssl "
10337| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10338| [10414] Apache HTTP Server htdigest multiple buffer overflows
10339| [10413] Apache HTTP Server htdigest temporary file race condition
10340| [10412] Apache HTTP Server htpasswd temporary file race condition
10341| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10342| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10343| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10344| [10280] Apache HTTP Server shared memory scorecard overwrite
10345| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10346| [10241] Apache HTTP Server Host: header cross-site scripting
10347| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10348| [10208] Apache HTTP Server mod_dav denial of service
10349| [10206] HP VVOS Apache mod_ssl denial of service
10350| [10200] Apache HTTP Server stderr denial of service
10351| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10352| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10353| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10354| [10098] Slapper worm targets OpenSSL/Apache systems
10355| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10356| [9875] Apache HTTP Server .var file request could disclose installation path
10357| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10358| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10359| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10360| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10361| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10362| [9396] Apache Tomcat null character to threads denial of service
10363| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10364| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10365| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10366| [8932] Apache Tomcat example class information disclosure
10367| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10368| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10369| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10370| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10371| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10372| [8400] Apache HTTP Server mod_frontpage buffer overflows
10373| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10374| [8308] Apache "
10375| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10376| [8119] Apache and PHP OPTIONS request reveals "
10377| [8054] Apache is running on the system
10378| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10379| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10380| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10381| [7836] Apache HTTP Server log directory denial of service
10382| [7815] Apache for Windows "
10383| [7810] Apache HTTP request could result in unexpected behavior
10384| [7599] Apache Tomcat reveals installation path
10385| [7494] Apache "
10386| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10387| [7363] Apache Web Server hidden HTTP requests
10388| [7249] Apache mod_proxy denial of service
10389| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10390| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10391| [7059] Apache "
10392| [7057] Apache "
10393| [7056] Apache "
10394| [7055] Apache "
10395| [7054] Apache "
10396| [6997] Apache Jakarta Tomcat error message may reveal information
10397| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10398| [6970] Apache crafted HTTP request could reveal the internal IP address
10399| [6921] Apache long slash path allows directory listing
10400| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10401| [6527] Apache Web Server for Windows and OS2 denial of service
10402| [6316] Apache Jakarta Tomcat may reveal JSP source code
10403| [6305] Apache Jakarta Tomcat directory traversal
10404| [5926] Linux Apache symbolic link
10405| [5659] Apache Web server discloses files when used with php script
10406| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10407| [5204] Apache WebDAV directory listings
10408| [5197] Apache Web server reveals CGI script source code
10409| [5160] Apache Jakarta Tomcat default installation
10410| [5099] Trustix Secure Linux installs Apache with world writable access
10411| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10412| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10413| [4931] Apache source.asp example file allows users to write to files
10414| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10415| [4205] Apache Jakarta Tomcat delivers file contents
10416| [2084] Apache on Debian by default serves the /usr/doc directory
10417| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10418| [697] Apache HTTP server beck exploit
10419| [331] Apache cookies buffer overflow
10420|
10421| Exploit-DB - https://www.exploit-db.com:
10422| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10423| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10424| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10425| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10426| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10427| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10428| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10429| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10430| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10431| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10432| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10433| [29859] Apache Roller OGNL Injection
10434| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10435| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10436| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10437| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10438| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10439| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10440| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10441| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10442| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10443| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10444| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10445| [27096] Apache Geronimo 1.0 Error Page XSS
10446| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10447| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10448| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10449| [25986] Plesk Apache Zeroday Remote Exploit
10450| [25980] Apache Struts includeParams Remote Code Execution
10451| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10452| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10453| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10454| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10455| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10456| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10457| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10458| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10459| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10460| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10461| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10462| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10463| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10464| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10465| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10466| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10467| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10468| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10469| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10470| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10471| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10472| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10473| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10474| [21719] Apache 2.0 Path Disclosure Vulnerability
10475| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10476| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10477| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10478| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10479| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10480| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10481| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10482| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10483| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10484| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10485| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10486| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10487| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10488| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10489| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10490| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10491| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10492| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10493| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10494| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10495| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10496| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10497| [20558] Apache 1.2 Web Server DoS Vulnerability
10498| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10499| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10500| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10501| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10502| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10503| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10504| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10505| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10506| [19231] PHP apache_request_headers Function Buffer Overflow
10507| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10508| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10509| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10510| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10511| [18442] Apache httpOnly Cookie Disclosure
10512| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10513| [18221] Apache HTTP Server Denial of Service
10514| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10515| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10516| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10517| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10518| [16782] Apache Win32 Chunked Encoding
10519| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10520| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10521| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10522| [15319] Apache 2.2 (Windows) Local Denial of Service
10523| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10524| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10525| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10526| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10527| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10528| [12330] Apache OFBiz - Multiple XSS
10529| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10530| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10531| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10532| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10533| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10534| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10535| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10536| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10537| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10538| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10539| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10540| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10541| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10542| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10543| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10544| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10545| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10546| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10547| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10548| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10549| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10550| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10551| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10552| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10553| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10554| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10555| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10556| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10557| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10558| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10559| [466] htpasswd Apache 1.3.31 - Local Exploit
10560| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10561| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10562| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10563| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10564| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10565| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10566| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10567| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10568| [9] Apache HTTP Server 2.x Memory Leak Exploit
10569|
10570| OpenVAS (Nessus) - http://www.openvas.org:
10571| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10572| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10573| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10574| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10575| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10576| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10577| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10578| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10579| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10580| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10581| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10582| [900571] Apache APR-Utils Version Detection
10583| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10584| [900496] Apache Tiles Multiple XSS Vulnerability
10585| [900493] Apache Tiles Version Detection
10586| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10587| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10588| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10589| [870175] RedHat Update for apache RHSA-2008:0004-01
10590| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10591| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10592| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10593| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10594| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10595| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10596| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10597| [855821] Solaris Update for Apache 1.3 122912-19
10598| [855812] Solaris Update for Apache 1.3 122911-19
10599| [855737] Solaris Update for Apache 1.3 122911-17
10600| [855731] Solaris Update for Apache 1.3 122912-17
10601| [855695] Solaris Update for Apache 1.3 122911-16
10602| [855645] Solaris Update for Apache 1.3 122912-16
10603| [855587] Solaris Update for kernel update and Apache 108529-29
10604| [855566] Solaris Update for Apache 116973-07
10605| [855531] Solaris Update for Apache 116974-07
10606| [855524] Solaris Update for Apache 2 120544-14
10607| [855494] Solaris Update for Apache 1.3 122911-15
10608| [855478] Solaris Update for Apache Security 114145-11
10609| [855472] Solaris Update for Apache Security 113146-12
10610| [855179] Solaris Update for Apache 1.3 122912-15
10611| [855147] Solaris Update for kernel update and Apache 108528-29
10612| [855077] Solaris Update for Apache 2 120543-14
10613| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10614| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10615| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10616| [841209] Ubuntu Update for apache2 USN-1627-1
10617| [840900] Ubuntu Update for apache2 USN-1368-1
10618| [840798] Ubuntu Update for apache2 USN-1259-1
10619| [840734] Ubuntu Update for apache2 USN-1199-1
10620| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10621| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10622| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10623| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10624| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10625| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10626| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10627| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10628| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10629| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10630| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10631| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10632| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10633| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10634| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10635| [835188] HP-UX Update for Apache HPSBUX02308
10636| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10637| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10638| [835172] HP-UX Update for Apache HPSBUX02365
10639| [835168] HP-UX Update for Apache HPSBUX02313
10640| [835148] HP-UX Update for Apache HPSBUX01064
10641| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10642| [835131] HP-UX Update for Apache HPSBUX00256
10643| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10644| [835104] HP-UX Update for Apache HPSBUX00224
10645| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10646| [835101] HP-UX Update for Apache HPSBUX01232
10647| [835080] HP-UX Update for Apache HPSBUX02273
10648| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10649| [835044] HP-UX Update for Apache HPSBUX01019
10650| [835040] HP-UX Update for Apache PHP HPSBUX00207
10651| [835025] HP-UX Update for Apache HPSBUX00197
10652| [835023] HP-UX Update for Apache HPSBUX01022
10653| [835022] HP-UX Update for Apache HPSBUX02292
10654| [835005] HP-UX Update for Apache HPSBUX02262
10655| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10656| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10657| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10658| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10659| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10660| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10661| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10662| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10663| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10664| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10665| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10666| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10667| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10668| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10669| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10670| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10671| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10672| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10673| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10674| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10675| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10676| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10677| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10678| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10679| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10680| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10681| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10682| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10683| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10684| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10685| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10686| [801942] Apache Archiva Multiple Vulnerabilities
10687| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10688| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10689| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10690| [801284] Apache Derby Information Disclosure Vulnerability
10691| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10692| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10693| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10694| [800680] Apache APR Version Detection
10695| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10696| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10697| [800677] Apache Roller Version Detection
10698| [800279] Apache mod_jk Module Version Detection
10699| [800278] Apache Struts Cross Site Scripting Vulnerability
10700| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10701| [800276] Apache Struts Version Detection
10702| [800271] Apache Struts Directory Traversal Vulnerability
10703| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10704| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10705| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10706| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10707| [103074] Apache Continuum Cross Site Scripting Vulnerability
10708| [103073] Apache Continuum Detection
10709| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10710| [101023] Apache Open For Business Weak Password security check
10711| [101020] Apache Open For Business HTML injection vulnerability
10712| [101019] Apache Open For Business service detection
10713| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10714| [100923] Apache Archiva Detection
10715| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10716| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10717| [100813] Apache Axis2 Detection
10718| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10719| [100795] Apache Derby Detection
10720| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10721| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10722| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10723| [100514] Apache Multiple Security Vulnerabilities
10724| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10725| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10726| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10727| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10728| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10729| [72612] FreeBSD Ports: apache22
10730| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10731| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10732| [71512] FreeBSD Ports: apache
10733| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10734| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10735| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10736| [70737] FreeBSD Ports: apache
10737| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10738| [70600] FreeBSD Ports: apache
10739| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10740| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10741| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10742| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10743| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10744| [67868] FreeBSD Ports: apache
10745| [66816] FreeBSD Ports: apache
10746| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10747| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10748| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10749| [66081] SLES11: Security update for Apache 2
10750| [66074] SLES10: Security update for Apache 2
10751| [66070] SLES9: Security update for Apache 2
10752| [65998] SLES10: Security update for apache2-mod_python
10753| [65893] SLES10: Security update for Apache 2
10754| [65888] SLES10: Security update for Apache 2
10755| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10756| [65510] SLES9: Security update for Apache 2
10757| [65472] SLES9: Security update for Apache
10758| [65467] SLES9: Security update for Apache
10759| [65450] SLES9: Security update for apache2
10760| [65390] SLES9: Security update for Apache2
10761| [65363] SLES9: Security update for Apache2
10762| [65309] SLES9: Security update for Apache and mod_ssl
10763| [65296] SLES9: Security update for webdav apache module
10764| [65283] SLES9: Security update for Apache2
10765| [65249] SLES9: Security update for Apache 2
10766| [65230] SLES9: Security update for Apache 2
10767| [65228] SLES9: Security update for Apache 2
10768| [65212] SLES9: Security update for apache2-mod_python
10769| [65209] SLES9: Security update for apache2-worker
10770| [65207] SLES9: Security update for Apache 2
10771| [65168] SLES9: Security update for apache2-mod_python
10772| [65142] SLES9: Security update for Apache2
10773| [65136] SLES9: Security update for Apache 2
10774| [65132] SLES9: Security update for apache
10775| [65131] SLES9: Security update for Apache 2 oes/CORE
10776| [65113] SLES9: Security update for apache2
10777| [65072] SLES9: Security update for apache and mod_ssl
10778| [65017] SLES9: Security update for Apache 2
10779| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
10780| [64783] FreeBSD Ports: apache
10781| [64774] Ubuntu USN-802-2 (apache2)
10782| [64653] Ubuntu USN-813-2 (apache2)
10783| [64559] Debian Security Advisory DSA 1834-2 (apache2)
10784| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
10785| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
10786| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
10787| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
10788| [64443] Ubuntu USN-802-1 (apache2)
10789| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
10790| [64423] Debian Security Advisory DSA 1834-1 (apache2)
10791| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
10792| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
10793| [64251] Debian Security Advisory DSA 1816-1 (apache2)
10794| [64201] Ubuntu USN-787-1 (apache2)
10795| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
10796| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
10797| [63565] FreeBSD Ports: apache
10798| [63562] Ubuntu USN-731-1 (apache2)
10799| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
10800| [61185] FreeBSD Ports: apache
10801| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
10802| [60387] Slackware Advisory SSA:2008-045-02 apache
10803| [58826] FreeBSD Ports: apache-tomcat
10804| [58825] FreeBSD Ports: apache-tomcat
10805| [58804] FreeBSD Ports: apache
10806| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
10807| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
10808| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
10809| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
10810| [57335] Debian Security Advisory DSA 1167-1 (apache)
10811| [57201] Debian Security Advisory DSA 1131-1 (apache)
10812| [57200] Debian Security Advisory DSA 1132-1 (apache2)
10813| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
10814| [57145] FreeBSD Ports: apache
10815| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
10816| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
10817| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
10818| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
10819| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
10820| [56067] FreeBSD Ports: apache
10821| [55803] Slackware Advisory SSA:2005-310-04 apache
10822| [55519] Debian Security Advisory DSA 839-1 (apachetop)
10823| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
10824| [55355] FreeBSD Ports: apache
10825| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
10826| [55261] Debian Security Advisory DSA 805-1 (apache2)
10827| [55259] Debian Security Advisory DSA 803-1 (apache)
10828| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
10829| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
10830| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
10831| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
10832| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
10833| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
10834| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
10835| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
10836| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
10837| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
10838| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
10839| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
10840| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
10841| [54439] FreeBSD Ports: apache
10842| [53931] Slackware Advisory SSA:2004-133-01 apache
10843| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
10844| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
10845| [53878] Slackware Advisory SSA:2003-308-01 apache security update
10846| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
10847| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
10848| [53848] Debian Security Advisory DSA 131-1 (apache)
10849| [53784] Debian Security Advisory DSA 021-1 (apache)
10850| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
10851| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
10852| [53735] Debian Security Advisory DSA 187-1 (apache)
10853| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
10854| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
10855| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
10856| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
10857| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
10858| [53282] Debian Security Advisory DSA 594-1 (apache)
10859| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
10860| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
10861| [53215] Debian Security Advisory DSA 525-1 (apache)
10862| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
10863| [52529] FreeBSD Ports: apache+ssl
10864| [52501] FreeBSD Ports: apache
10865| [52461] FreeBSD Ports: apache
10866| [52390] FreeBSD Ports: apache
10867| [52389] FreeBSD Ports: apache
10868| [52388] FreeBSD Ports: apache
10869| [52383] FreeBSD Ports: apache
10870| [52339] FreeBSD Ports: apache+mod_ssl
10871| [52331] FreeBSD Ports: apache
10872| [52329] FreeBSD Ports: ru-apache+mod_ssl
10873| [52314] FreeBSD Ports: apache
10874| [52310] FreeBSD Ports: apache
10875| [15588] Detect Apache HTTPS
10876| [15555] Apache mod_proxy content-length buffer overflow
10877| [15554] Apache mod_include priviledge escalation
10878| [14771] Apache <= 1.3.33 htpasswd local overflow
10879| [14177] Apache mod_access rule bypass
10880| [13644] Apache mod_rootme Backdoor
10881| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
10882| [12280] Apache Connection Blocking Denial of Service
10883| [12239] Apache Error Log Escape Sequence Injection
10884| [12123] Apache Tomcat source.jsp malformed request information disclosure
10885| [12085] Apache Tomcat servlet/JSP container default files
10886| [11438] Apache Tomcat Directory Listing and File disclosure
10887| [11204] Apache Tomcat Default Accounts
10888| [11092] Apache 2.0.39 Win32 directory traversal
10889| [11046] Apache Tomcat TroubleShooter Servlet Installed
10890| [11042] Apache Tomcat DOS Device Name XSS
10891| [11041] Apache Tomcat /servlet Cross Site Scripting
10892| [10938] Apache Remote Command Execution via .bat files
10893| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
10894| [10773] MacOS X Finder reveals contents of Apache Web files
10895| [10766] Apache UserDir Sensitive Information Disclosure
10896| [10756] MacOS X Finder reveals contents of Apache Web directories
10897| [10752] Apache Auth Module SQL Insertion Attack
10898| [10704] Apache Directory Listing
10899| [10678] Apache /server-info accessible
10900| [10677] Apache /server-status accessible
10901| [10440] Check for Apache Multiple / vulnerability
10902|
10903| SecurityTracker - https://www.securitytracker.com:
10904| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
10905| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
10906| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
10907| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
10908| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10909| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10910| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10911| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
10912| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
10913| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
10914| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10915| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
10916| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
10917| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
10918| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
10919| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
10920| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
10921| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
10922| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
10923| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
10924| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
10925| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
10926| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
10927| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10928| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
10929| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10930| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10931| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
10932| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
10933| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
10934| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
10935| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
10936| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
10937| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
10938| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
10939| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
10940| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
10941| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
10942| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
10943| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
10944| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
10945| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
10946| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
10947| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
10948| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
10949| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
10950| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10951| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
10952| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
10953| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
10954| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
10955| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
10956| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
10957| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
10958| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
10959| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
10960| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
10961| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
10962| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
10963| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
10964| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
10965| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
10966| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
10967| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
10968| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
10969| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
10970| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
10971| [1024096] Apache mod_proxy_http May Return Results for a Different Request
10972| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
10973| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
10974| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
10975| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
10976| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
10977| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
10978| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
10979| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
10980| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
10981| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
10982| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
10983| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
10984| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
10985| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10986| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
10987| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
10988| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
10989| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
10990| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
10991| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
10992| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
10993| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
10994| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
10995| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
10996| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
10997| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
10998| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
10999| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11000| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11001| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11002| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11003| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11004| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11005| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11006| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11007| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11008| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11009| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11010| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11011| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11012| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11013| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11014| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11015| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11016| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11017| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11018| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11019| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11020| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11021| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11022| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11023| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11024| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11025| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11026| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11027| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11028| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11029| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11030| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11031| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11032| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11033| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11034| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11035| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11036| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11037| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11038| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11039| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11040| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11041| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11042| [1008920] Apache mod_digest May Validate Replayed Client Responses
11043| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11044| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11045| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11046| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11047| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11048| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11049| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11050| [1008029] Apache mod_alias Contains a Buffer Overflow
11051| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11052| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11053| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11054| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11055| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11056| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11057| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11058| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11059| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11060| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11061| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11062| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11063| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11064| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11065| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11066| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11067| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11068| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11069| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11070| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11071| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11072| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11073| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11074| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11075| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11076| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11077| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11078| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11079| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11080| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11081| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11082| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11083| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11084| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11085| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11086| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11087| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11088| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11089| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11090| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11091| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11092| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11093| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11094| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11095| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11096| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11097| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11098| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11099| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11100| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11101| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11102| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11103| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11104| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11105| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11106| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11107|
11108| OSVDB - http://www.osvdb.org:
11109| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11110| [96077] Apache CloudStack Global Settings Multiple Field XSS
11111| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11112| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11113| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11114| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11115| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11116| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11117| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11118| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11119| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11120| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11121| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11122| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11123| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11124| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11125| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11126| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11127| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11128| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11129| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11130| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11131| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11132| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11133| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11134| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11135| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11136| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11137| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11138| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11139| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11140| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11141| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11142| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11143| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11144| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11145| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11146| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11147| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11148| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11149| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11150| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11151| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11152| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11153| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11154| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11155| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11156| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11157| [94279] Apache Qpid CA Certificate Validation Bypass
11158| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11159| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11160| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11161| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11162| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11163| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11164| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11165| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11166| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11167| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11168| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11169| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11170| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11171| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11172| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11173| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11174| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11175| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11176| [93541] Apache Solr json.wrf Callback XSS
11177| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11178| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11179| [93520] Apache CloudStack Default SSL Key Weakness
11180| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11181| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11182| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11183| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11184| [93515] Apache HBase table.jsp name Parameter XSS
11185| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11186| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11187| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11188| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11189| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11190| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11191| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11192| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11193| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11194| [93252] Apache Tomcat FORM Authenticator Session Fixation
11195| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11196| [93171] Apache Sling HtmlResponse Error Message XSS
11197| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11198| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11199| [93168] Apache Click ErrorReport.java id Parameter XSS
11200| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11201| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11202| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11203| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11204| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11205| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11206| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11207| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11208| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11209| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11210| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11211| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11212| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11213| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11214| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11215| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11216| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11217| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11218| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11219| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11220| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11221| [93144] Apache Solr Admin Command Execution CSRF
11222| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11223| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11224| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11225| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11226| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11227| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11228| [92748] Apache CloudStack VM Console Access Restriction Bypass
11229| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11230| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11231| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11232| [92706] Apache ActiveMQ Debug Log Rendering XSS
11233| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11234| [92270] Apache Tomcat Unspecified CSRF
11235| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11236| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11237| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11238| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11239| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11240| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11241| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11242| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11243| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11244| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11245| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11246| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11247| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11248| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11249| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11250| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11251| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11252| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11253| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11254| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11255| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11256| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11257| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11258| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11259| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11260| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11261| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11262| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11263| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11264| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11265| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11266| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11267| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11268| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11269| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11270| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11271| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11272| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11273| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11274| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11275| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11276| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11277| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11278| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11279| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11280| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11281| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11282| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11283| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11284| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11285| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11286| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11287| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11288| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11289| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11290| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11291| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11292| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11293| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11294| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11295| [86901] Apache Tomcat Error Message Path Disclosure
11296| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11297| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11298| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11299| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11300| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11301| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11302| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11303| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11304| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11305| [85430] Apache mod_pagespeed Module Unspecified XSS
11306| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11307| [85249] Apache Wicket Unspecified XSS
11308| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11309| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11310| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11311| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11312| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11313| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11314| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11315| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11316| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11317| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11318| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11319| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11320| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11321| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11322| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11323| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11324| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11325| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11326| [83339] Apache Roller Blogger Roll Unspecified XSS
11327| [83270] Apache Roller Unspecified Admin Action CSRF
11328| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11329| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11330| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11331| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11332| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11333| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11334| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11335| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11336| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11337| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11338| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11339| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11340| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11341| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11342| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11343| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11344| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11345| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11346| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11347| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11348| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11349| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11350| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11351| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11352| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11353| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11354| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11355| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11356| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11357| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11358| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11359| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11360| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11361| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11362| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11363| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11364| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11365| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11366| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11367| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11368| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11369| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11370| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11371| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11372| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11373| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11374| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11375| [77593] Apache Struts Conversion Error OGNL Expression Injection
11376| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11377| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11378| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11379| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11380| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11381| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11382| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11383| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11384| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11385| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11386| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11387| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11388| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11389| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11390| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11391| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11392| [74725] Apache Wicket Multi Window Support Unspecified XSS
11393| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11394| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11395| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11396| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11397| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11398| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11399| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11400| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11401| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11402| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11403| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11404| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11405| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11406| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11407| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11408| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11409| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11410| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11411| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11412| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11413| [73154] Apache Archiva Multiple Unspecified CSRF
11414| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11415| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11416| [72238] Apache Struts Action / Method Names <
11417| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11418| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11419| [71557] Apache Tomcat HTML Manager Multiple XSS
11420| [71075] Apache Archiva User Management Page XSS
11421| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11422| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11423| [70924] Apache Continuum Multiple Admin Function CSRF
11424| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11425| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11426| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11427| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11428| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11429| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11430| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11431| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11432| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11433| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11434| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11435| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11436| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11437| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11438| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11439| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11440| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11441| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11442| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11443| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11444| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11445| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11446| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11447| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11448| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11449| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11450| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11451| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11452| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11453| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11454| [65054] Apache ActiveMQ Jetty Error Handler XSS
11455| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11456| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11457| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11458| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11459| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11460| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11461| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11462| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11463| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11464| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11465| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11466| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11467| [63895] Apache HTTP Server mod_headers Unspecified Issue
11468| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11469| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11470| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11471| [63140] Apache Thrift Service Malformed Data Remote DoS
11472| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11473| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11474| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11475| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11476| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11477| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11478| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11479| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11480| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11481| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11482| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11483| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11484| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11485| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11486| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11487| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11488| [60678] Apache Roller Comment Email Notification Manipulation DoS
11489| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11490| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11491| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11492| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11493| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11494| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11495| [60232] PHP on Apache php.exe Direct Request Remote DoS
11496| [60176] Apache Tomcat Windows Installer Admin Default Password
11497| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11498| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11499| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11500| [59944] Apache Hadoop jobhistory.jsp XSS
11501| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11502| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11503| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11504| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11505| [59019] Apache mod_python Cookie Salting Weakness
11506| [59018] Apache Harmony Error Message Handling Overflow
11507| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11508| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11509| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11510| [59010] Apache Solr get-file.jsp XSS
11511| [59009] Apache Solr action.jsp XSS
11512| [59008] Apache Solr analysis.jsp XSS
11513| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11514| [59006] Apache Beehive select / checkbox Tag XSS
11515| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11516| [59004] Apache Beehive Error Message XSS
11517| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11518| [59002] Apache Jetspeed default-page.psml URI XSS
11519| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11520| [59000] Apache CXF Unsigned Message Policy Bypass
11521| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11522| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11523| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11524| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11525| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11526| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11527| [58993] Apache Hadoop browseBlock.jsp XSS
11528| [58991] Apache Hadoop browseDirectory.jsp XSS
11529| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11530| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11531| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11532| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11533| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11534| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11535| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11536| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11537| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11538| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11539| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11540| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11541| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11542| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11543| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11544| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11545| [58974] Apache Sling /apps Script User Session Management Access Weakness
11546| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11547| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11548| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11549| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11550| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11551| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11552| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11553| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11554| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11555| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11556| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11557| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11558| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11559| [58805] Apache Derby Unauthenticated Database / Admin Access
11560| [58804] Apache Wicket Header Contribution Unspecified Issue
11561| [58803] Apache Wicket Session Fixation
11562| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11563| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11564| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11565| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11566| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11567| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11568| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11569| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11570| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11571| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11572| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11573| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11574| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11575| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11576| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11577| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11578| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11579| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11580| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11581| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11582| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11583| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11584| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11585| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11586| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11587| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11588| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11589| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11590| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11591| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11592| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11593| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11594| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11595| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11596| [58755] Apache Harmony DRLVM Non-public Class Member Access
11597| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11598| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11599| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11600| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11601| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11602| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11603| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11604| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11605| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11606| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11607| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11608| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11609| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11610| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11611| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11612| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11613| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11614| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11615| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11616| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11617| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11618| [58724] Apache Roller Logout Functionality Failure Session Persistence
11619| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11620| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11621| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11622| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11623| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11624| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11625| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11626| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11627| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11628| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11629| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11630| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11631| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11632| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11633| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11634| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11635| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11636| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11637| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11638| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11639| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11640| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11641| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11642| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11643| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11644| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11645| [58687] Apache Axis Invalid wsdl Request XSS
11646| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11647| [58685] Apache Velocity Template Designer Privileged Code Execution
11648| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11649| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11650| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11651| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11652| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11653| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11654| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11655| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11656| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11657| [58667] Apache Roller Database Cleartext Passwords Disclosure
11658| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11659| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11660| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11661| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11662| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11663| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11664| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11665| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11666| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11667| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11668| [56984] Apache Xerces2 Java Malformed XML Input DoS
11669| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11670| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11671| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11672| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11673| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11674| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11675| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11676| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11677| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11678| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11679| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11680| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11681| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11682| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11683| [55056] Apache Tomcat Cross-application TLD File Manipulation
11684| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11685| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11686| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11687| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11688| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11689| [54589] Apache Jserv Nonexistent JSP Request XSS
11690| [54122] Apache Struts s:a / s:url Tag href Element XSS
11691| [54093] Apache ActiveMQ Web Console JMS Message XSS
11692| [53932] Apache Geronimo Multiple Admin Function CSRF
11693| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11694| [53930] Apache Geronimo /console/portal/ URI XSS
11695| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11696| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11697| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11698| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11699| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11700| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11701| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11702| [53380] Apache Struts Unspecified XSS
11703| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11704| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11705| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11706| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11707| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11708| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11709| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11710| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11711| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11712| [51151] Apache Roller Search Function q Parameter XSS
11713| [50482] PHP with Apache php_value Order Unspecified Issue
11714| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11715| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11716| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11717| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11718| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11719| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11720| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11721| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11722| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11723| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11724| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11725| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11726| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11727| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11728| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11729| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11730| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11731| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11732| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11733| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11734| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11735| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11736| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11737| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11738| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11739| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11740| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11741| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11742| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11743| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11744| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11745| [43452] Apache Tomcat HTTP Request Smuggling
11746| [43309] Apache Geronimo LoginModule Login Method Bypass
11747| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11748| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11749| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11750| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11751| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11752| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11753| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11754| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11755| [42091] Apache Maven Site Plugin Installation Permission Weakness
11756| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11757| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11758| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11759| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11760| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11761| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11762| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11763| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11764| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11765| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11766| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11767| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11768| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11769| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11770| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11771| [40262] Apache HTTP Server mod_status refresh XSS
11772| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11773| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11774| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11775| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11776| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11777| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11778| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11779| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
11780| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
11781| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
11782| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
11783| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
11784| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
11785| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
11786| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
11787| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
11788| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
11789| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
11790| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
11791| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
11792| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
11793| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
11794| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
11795| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
11796| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
11797| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
11798| [36080] Apache Tomcat JSP Examples Crafted URI XSS
11799| [36079] Apache Tomcat Manager Uploaded Filename XSS
11800| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
11801| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
11802| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
11803| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
11804| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
11805| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
11806| [34881] Apache Tomcat Malformed Accept-Language Header XSS
11807| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
11808| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
11809| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
11810| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
11811| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
11812| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
11813| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
11814| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
11815| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
11816| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
11817| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
11818| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
11819| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
11820| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
11821| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
11822| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
11823| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
11824| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
11825| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
11826| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
11827| [32724] Apache mod_python _filter_read Freed Memory Disclosure
11828| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
11829| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
11830| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
11831| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
11832| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
11833| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
11834| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
11835| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
11836| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
11837| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
11838| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
11839| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
11840| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
11841| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
11842| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
11843| [24365] Apache Struts Multiple Function Error Message XSS
11844| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
11845| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
11846| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
11847| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
11848| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
11849| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
11850| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
11851| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
11852| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
11853| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
11854| [22459] Apache Geronimo Error Page XSS
11855| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
11856| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
11857| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
11858| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
11859| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
11860| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
11861| [21021] Apache Struts Error Message XSS
11862| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
11863| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
11864| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
11865| [20439] Apache Tomcat Directory Listing Saturation DoS
11866| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
11867| [20285] Apache HTTP Server Log File Control Character Injection
11868| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
11869| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
11870| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
11871| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
11872| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
11873| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
11874| [19821] Apache Tomcat Malformed Post Request Information Disclosure
11875| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
11876| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
11877| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
11878| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
11879| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
11880| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
11881| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
11882| [18233] Apache HTTP Server htdigest user Variable Overfow
11883| [17738] Apache HTTP Server HTTP Request Smuggling
11884| [16586] Apache HTTP Server Win32 GET Overflow DoS
11885| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
11886| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
11887| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
11888| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
11889| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
11890| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
11891| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
11892| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
11893| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
11894| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
11895| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
11896| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
11897| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
11898| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
11899| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
11900| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
11901| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
11902| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
11903| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
11904| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
11905| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
11906| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
11907| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
11908| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
11909| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
11910| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
11911| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
11912| [13304] Apache Tomcat realPath.jsp Path Disclosure
11913| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
11914| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
11915| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
11916| [12848] Apache HTTP Server htdigest realm Variable Overflow
11917| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
11918| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
11919| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
11920| [12557] Apache HTTP Server prefork MPM accept Error DoS
11921| [12233] Apache Tomcat MS-DOS Device Name Request DoS
11922| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
11923| [12231] Apache Tomcat web.xml Arbitrary File Access
11924| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
11925| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
11926| [12178] Apache Jakarta Lucene results.jsp XSS
11927| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
11928| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
11929| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
11930| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
11931| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
11932| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
11933| [10471] Apache Xerces-C++ XML Parser DoS
11934| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
11935| [10068] Apache HTTP Server htpasswd Local Overflow
11936| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
11937| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
11938| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
11939| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
11940| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
11941| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
11942| [9717] Apache HTTP Server mod_cookies Cookie Overflow
11943| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
11944| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
11945| [9714] Apache Authentication Module Threaded MPM DoS
11946| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
11947| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
11948| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
11949| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
11950| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
11951| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
11952| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
11953| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
11954| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
11955| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
11956| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
11957| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
11958| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
11959| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
11960| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
11961| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
11962| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
11963| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
11964| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
11965| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
11966| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
11967| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
11968| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
11969| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
11970| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
11971| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
11972| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
11973| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
11974| [9208] Apache Tomcat .jsp Encoded Newline XSS
11975| [9204] Apache Tomcat ROOT Application XSS
11976| [9203] Apache Tomcat examples Application XSS
11977| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
11978| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
11979| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
11980| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
11981| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
11982| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
11983| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
11984| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
11985| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
11986| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
11987| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
11988| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
11989| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
11990| [7611] Apache HTTP Server mod_alias Local Overflow
11991| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
11992| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
11993| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
11994| [6882] Apache mod_python Malformed Query String Variant DoS
11995| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
11996| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
11997| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
11998| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
11999| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12000| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12001| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12002| [5278] Apache Tomcat web.xml Restriction Bypass
12003| [5051] Apache Tomcat Null Character DoS
12004| [4973] Apache Tomcat servlet Mapping XSS
12005| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12006| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12007| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12008| [4568] mod_survey For Apache ENV Tags SQL Injection
12009| [4553] Apache HTTP Server ApacheBench Overflow DoS
12010| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12011| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12012| [4383] Apache HTTP Server Socket Race Condition DoS
12013| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12014| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12015| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12016| [4231] Apache Cocoon Error Page Server Path Disclosure
12017| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12018| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12019| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12020| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12021| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12022| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12023| [3322] mod_php for Apache HTTP Server Process Hijack
12024| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12025| [2885] Apache mod_python Malformed Query String DoS
12026| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12027| [2733] Apache HTTP Server mod_rewrite Local Overflow
12028| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12029| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12030| [2149] Apache::Gallery Privilege Escalation
12031| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12032| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12033| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12034| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12035| [872] Apache Tomcat Multiple Default Accounts
12036| [862] Apache HTTP Server SSI Error Page XSS
12037| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12038| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12039| [845] Apache Tomcat MSDOS Device XSS
12040| [844] Apache Tomcat Java Servlet Error Page XSS
12041| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12042| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12043| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12044| [775] Apache mod_python Module Importing Privilege Function Execution
12045| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12046| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12047| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12048| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12049| [637] Apache HTTP Server UserDir Directive Username Enumeration
12050| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12051| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12052| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12053| [561] Apache Web Servers mod_status /server-status Information Disclosure
12054| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12055| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12056| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12057| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12058| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12059| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12060| [376] Apache Tomcat contextAdmin Arbitrary File Access
12061| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12062| [222] Apache HTTP Server test-cgi Arbitrary File Access
12063| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12064| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12065|_
12066445/tcp closed microsoft-ds
12067######################################################################################################################################
12068 Anonymous JTSEC #OpChili Full Recon #27