· 6 years ago · Nov 30, 2019, 11:47 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname shura.gov.sa ISP Shabakah Net
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Unknown Local time 01 Dec 2019 01:18 +03
8City Unknown Postal Code Unknown
9IP Address 212.102.11.4 Latitude 25
10 Longitude 45
11=======================================================================================================================================
12#######################################################################################################################################
13> shura.gov.sa
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: shura.gov.sa
19Address: 212.102.11.4
20>
21######################################################################################################################################
22
23Domain Name: shura.gov.sa
24
25 Registrant:
26 The Shura Council مجلس الشورى
27 Address: لا يوجد
28 Riyadh الرياض
29 Saudi Arabia المملكة العربية السعودية
30
31 Administrative Contact:
32 Sulaiman Al-Ateeq ************ ************
33 Address: *******
34 *************
35 *************************************
36
37 Technical Contact:
38 Ahmed M. **********
39 Address: **************
40 ******
41 ************
42
43 Name Servers:
44 ns1.shabakah.net.sa
45 ns2.shabakah.net.sa
46 ns4.shabakah.net.sa
47
48 DNSSEC: no
49
50Created on: 1999-07-14
51Last Updated on: 2017-05-25
52
53#######################################################################################################################################
54[+] Target : shura.gov.sa
55
56[+] IP Address : 212.102.11.4
57
58[+] Headers :
59
60[+] Date : Sat, 30 Nov 2019 22:20:21 GMT
61[+] Server : Apache
62[+] X-Frame-Options : SAMEORIGIN
63[+] X-Powered-By : Servlet/3.1
64[+] ETag : "1589193167-gzip"
65[+] Cache-Control : max-age=604800
66[+] Expires : Sat, 07 Dec 2019 22:20:21 GMT
67[+] Content-Type : text/html; charset=UTF-8
68[+] Content-Language : en-US
69[+] Vary : Accept-Encoding
70[+] Content-Encoding : gzip
71[+] Keep-Alive : timeout=15, max=99
72[+] Connection : Keep-Alive
73[+] Transfer-Encoding : chunked
74
75[+] SSL Certificate Information :
76
77[+] countryName : SA
78[+] localityName : Riyadh
79[+] organizationName : Majlis Al Shura
80[+] commonName : *.shura.gov.sa
81[+] countryName : US
82[+] organizationName : Entrust, Inc.
83[+] organizationalUnitName : (c) 2012 Entrust, Inc. - for authorized use only
84[+] commonName : Entrust Certification Authority - L1K
85[+] Version : 3
86[+] Serial Number : C274314C920912B90000000050DE2099
87[+] Not Before : Sep 18 09:24:27 2017 GMT
88[+] Not After : Sep 18 09:54:26 2020 GMT
89[+] OCSP : ('http://ocsp.entrust.net',)
90[+] subject Alt Name : (('DNS', '*.shura.gov.sa'), ('DNS', 'shura.gov.sa'), ('DNS', 'webconf.shura.gov.sa'), ('DNS', 'av.shura.gov.sa'), ('DNS', 'mail.shura.gov.sa'), ('DNS', 'webmail.shura.gov.sa'), ('DNS', 'sip.shura.gov.sa'), ('DNS', 'client.shura.gov.sa'))
91[+] CA Issuers : ('http://aia.entrust.net/l1k-chain256.cer',)
92[+] CRL Distribution Points : ('http://crl.entrust.net/level1k.crl',)
93
94[+] Whois Lookup :
95
96[+] NIR : None
97[+] ASN Registry : ripencc
98[+] ASN : 34426
99[+] ASN CIDR : 212.102.0.0/19
100[+] ASN Country Code : SA
101[+] ASN Date : 1999-05-27
102[+] ASN Description : SHABAKAHNET-ASN, SA
103[+] cidr : 212.102.11.0/24
104[+] name : SHABAKAH-NET
105[+] handle : ASA101-RIPE
106[+] range : 212.102.11.0 - 212.102.11.255
107[+] description : Internet Service Provider
108[+] country : SA
109[+] state : None
110[+] city : None
111[+] address : Shabakah Net ISP.
112PB NO. 55155
113RIYADH
114SAUDI ARABIA
115[+] postal_code : None
116[+] emails : None
117[+] created : 2002-10-03T06:24:14Z
118[+] updated : 2002-10-03T06:30:05Z
119
120[+] Crawling Target...
121
122[+] Looking for robots.txt........[ Not Found ]
123[+] Looking for sitemap.xml.......[ Not Found ]
124[+] Extracting CSS Links..........[ 4 ]
125[+] Extracting Javascript Links...[ 2 ]
126[+] Extracting Internal Links.....[ 1 ]
127[+] Extracting External Links.....[ 0 ]
128[+] Extracting Images.............[ 0 ]
129
130[+] Total Links Extracted : 7
131
132[+] Dumping Links in /opt/FinalRecon/dumps/shura.gov.sa.dump
133[+] Completed!
134#######################################################################################################################################
135[i] Scanning Site: https://shura.gov.sa
136
137
138
139B A S I C I N F O
140====================
141
142
143[+] Site Title: الصفحات - الصفحة الرئيسية
144[+] IP address: 212.102.11.4
145[+] Web Server: Apache
146[+] CMS: Could Not Detect
147[+] Cloudflare: Not Detected
148[+] Robots File: Could NOT Find robots.txt!
149
150
151
152
153W H O I S L O O K U P
154========================
155
156 % SaudiNIC Whois server.
157% Rights restricted by copyright.
158% http://nic.sa/en/view/whois-cmd-copyright
159
160Domain Name: shura.gov.sa
161
162 Registrant:
163 The Shura Council مجلس الشورى
164 Address: لا يوجد
165 Riyadh الرياض
166 Saudi Arabia المملكة العربية السعودية
167
168 Administrative Contact:
169 Sulaiman Al-Ateeq ************ ************
170 Address: *******
171 *************
172 *************************************
173
174 Technical Contact:
175 Ahmed M. **********
176 Address: **************
177 ******
178 ************
179
180 Name Servers:
181 ns1.shabakah.net.sa
182 ns2.shabakah.net.sa
183 ns4.shabakah.net.sa
184
185 DNSSEC: no
186
187Created on: 1999-07-14
188Last Updated on: 2017-05-25
189
190
191
192
193
194G E O I P L O O K U P
195=========================
196
197[i] IP Address: 212.102.11.4
198[i] Country: Saudi Arabia
199[i] State: Ar Riyad
200[i] City: Riyadh
201[i] Latitude: 24.6537
202[i] Longitude: 46.7152
203
204
205
206
207H T T P H E A D E R S
208=======================
209
210
211[i] HTTP/1.1 302 Found
212[i] Date: Sat, 30 Nov 2019 22:20:59 GMT
213[i] Server: Apache
214[i] X-Frame-Options: SAMEORIGIN
215[i] Location: https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/
216[i] Cache-Control: max-age=604800
217[i] Expires: Sat, 07 Dec 2019 22:20:59 GMT
218[i] Content-Length: 254
219[i] Content-Type: text/html; charset=iso-8859-1
220[i] Vary: Accept-Encoding
221[i] Connection: close
222[i] HTTP/1.1 200 OK
223[i] Date: Sat, 30 Nov 2019 22:21:01 GMT
224[i] Server: Apache
225[i] X-Frame-Options: SAMEORIGIN
226[i] X-Powered-By: Servlet/3.1
227[i] ETag: "1589193167"
228[i] Cache-Control: max-age=604800
229[i] Expires: Sat, 07 Dec 2019 22:21:01 GMT
230[i] Content-Type: text/html; charset=UTF-8
231[i] Content-Language: en-US
232[i] Vary: Accept-Encoding
233[i] Content-Length: 4329
234[i] Connection: close
235
236
237
238
239D N S L O O K U P
240===================
241
242shura.gov.sa. 3599 IN SOA ns1.shabakah.net.sa. administrator.shabakah.net.sa. 2019110501 3600 1800 2419200 3600
243shura.gov.sa. 3599 IN NS ns1.shabakah.net.sa.
244shura.gov.sa. 3599 IN NS ns2.shabakah.net.sa.
245shura.gov.sa. 3599 IN NS ns4.shabakah.net.sa.
246shura.gov.sa. 3599 IN A 212.102.11.4
247shura.gov.sa. 3599 IN MX 10 mail1.shura.gov.sa.
248shura.gov.sa. 3599 IN MX 30 shuextprtl2.shura.gov.sa.
249shura.gov.sa. 3599 IN MX 20 mail2.shura.gov.sa.
250shura.gov.sa. 3599 IN TXT "v=spf1 mx ip4:37.224.27.201 ip4:37.224.27.202 ip4:212.102.11.26 -all"
251
252
253
254
255S U B N E T C A L C U L A T I O N
256====================================
257
258Address = 212.102.11.4
259Network = 212.102.11.4 / 32
260Netmask = 255.255.255.255
261Broadcast = not needed on Point-to-Point links
262Wildcard Mask = 0.0.0.0
263Hosts Bits = 0
264Max. Hosts = 1 (2^0 - 0)
265Host Range = { 212.102.11.4 - 212.102.11.4 }
266
267
268
269N M A P P O R T S C A N
270============================
271
272Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-30 22:24 UTC
273Nmap scan report for shura.gov.sa (212.102.11.4)
274Host is up (0.16s latency).
275rDNS record for 212.102.11.4: AxPri.shabakah.net.sa
276
277PORT STATE SERVICE
27821/tcp filtered ftp
27922/tcp filtered ssh
28023/tcp filtered telnet
28180/tcp open http
282110/tcp filtered pop3
283143/tcp filtered imap
284443/tcp open https
2853389/tcp filtered ms-wbt-server
286
287Nmap done: 1 IP address (1 host up) scanned in 3.42 seconds
288
289
290
291S U B - D O M A I N F I N D E R
292==================================
293
294
295[i] Total Subdomains Found : 14
296
297[+] Subdomain: mail1.shura.gov.sa
298[-] IP: 37.224.27.201
299
300[+] Subdomain: dmzportal02.shura.gov.sa
301[-] IP: 212.102.11.26
302
303[+] Subdomain: mail2.shura.gov.sa
304[-] IP: 37.224.27.202
305
306[+] Subdomain: shuextprtl2.shura.gov.sa
307[-] IP: 212.102.11.55
308
309[+] Subdomain: webconf.shura.gov.sa
310[-] IP: 82.118.172.13
311
312[+] Subdomain: cpanel-mag.shura.gov.sa
313[-] IP: 212.102.11.27
314
315[+] Subdomain: www.cpanel-mag.shura.gov.sa
316[-] IP: 212.102.11.27
317
318[+] Subdomain: cpanel.shura.gov.sa
319[-] IP: 212.33.173.194
320
321[+] Subdomain: webmail.shura.gov.sa
322[-] IP: 37.224.27.200
323
324[+] Subdomain: vpn.shura.gov.sa
325[-] IP: 37.224.27.194
326
327[+] Subdomain: sip.shura.gov.sa
328[-] IP: 82.118.172.12
329
330[+] Subdomain: ftp.shura.gov.sa
331[-] IP: 212.33.173.194
332
333[+] Subdomain: client.shura.gov.sa
334[-] IP: 37.224.27.200
335
336[+] Subdomain: www.shura.gov.sa
337[-] IP: 212.102.11.4
338#######################################################################################################################################
339
340[+] Starting At 2019-11-30 17:23:34.895641
341[+] Collecting Information On: https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/
342[#] Status: 200
343--------------------------------------------------
344[#] Web Server Detected: Apache
345[#] X-Powered-By: Servlet/3.1
346- Date: Sat, 30 Nov 2019 22:20:42 GMT
347- Server: Apache
348- X-Frame-Options: SAMEORIGIN
349- X-Powered-By: Servlet/3.1
350- ETag: "1589193167-gzip"
351- Cache-Control: max-age=604800
352- Expires: Sat, 07 Dec 2019 22:20:42 GMT
353- Content-Type: text/html; charset=UTF-8
354- Content-Language: en-US
355- Vary: Accept-Encoding
356- Content-Encoding: gzip
357- Keep-Alive: timeout=15, max=100
358- Connection: Keep-Alive
359- Transfer-Encoding: chunked
360--------------------------------------------------
361[#] Finding Location..!
362[#] status: success
363[#] country: Saudi Arabia
364[#] countryCode: SA
365[#] region: 01
366[#] regionName: Ar Riyāḑ
367[#] city: Riyadh
368[#] zip:
369[#] lat: 24.7494
370[#] lon: 46.9028
371[#] timezone: Asia/Riyadh
372[#] isp: Saudi Arabia backbone and local registry
373[#] org:
374[#] as: AS34426 Shabakah Net
375[#] query: 212.102.11.4
376--------------------------------------------------
377[x] Didn't Detect WAF Presence on: https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/
378--------------------------------------------------
379[#] Starting Reverse DNS
380[-] Failed ! Fail
381--------------------------------------------------
382[!] Scanning Open Port
383[#] 80/tcp open http
384[#] 443/tcp open https
385[#] 8008/tcp open http
386--------------------------------------------------
387[+] Collecting Information Disclosure!
388[#] Detecting sitemap.xml file
389[-] sitemap.xml file not Found!?
390[#] Detecting robots.txt file
391[-] robots.txt file not Found!?
392[#] Detecting GNU Mailman
393[-] GNU Mailman App Not Detected!?
394--------------------------------------------------
395[+] Crawling Url Parameter On: https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/
396--------------------------------------------------
397[#] Searching Html Form !
398[-] No Html Form Found!?
399--------------------------------------------------
400[-] No DOM Paramter Found!?
401--------------------------------------------------
402[-] No internal Dynamic Parameter Found!?
403--------------------------------------------------
404[-] No external Dynamic Paramter Found!?
405--------------------------------------------------
406[!] 16 Internal links Discovered
407[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction//apple-touch-icon.png
408[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction//favicon-32x32.png
409[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction//favicon-16x16.png
410[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction//manifest./img/resources/json
411[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/images/favicon.ico
412[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/bootstrap.min.css
413[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/jquery.mCustomScrollbar./img/resources/css
414[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/style.css
415[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/font-awesome.min.css
416[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/linearicons./img/resources/css
417[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///img/resources/css/my-font.css
418[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///wps/wcm/connect/shuraarabic/internet/home
419[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///wps/wcm/connect/shuraarabic/internet/cv
420[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/
421[+] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction///wps/wcm/connect/ShuraArabic/internet/Session+Agenda/
422[+] http://shura.gov.sa/Araed/contactAraed/indexAraed_1.jsp
423--------------------------------------------------
424[-] No External Link Found!?
425--------------------------------------------------
426[#] Mapping Subdomain..
427[!] Found 15 Subdomain
428- shura.gov.sa
429- mail1.shura.gov.sa
430- dmzportal02.shura.gov.sa
431- mail2.shura.gov.sa
432- shuextprtl2.shura.gov.sa
433- webconf.shura.gov.sa
434- cpanel-mag.shura.gov.sa
435- www.cpanel-mag.shura.gov.sa
436- cpanel.shura.gov.sa
437- webmail.shura.gov.sa
438- vpn.shura.gov.sa
439- sip.shura.gov.sa
440- ftp.shura.gov.sa
441- client.shura.gov.sa
442- www.shura.gov.sa
443--------------------------------------------------
444[!] Done At 2019-11-30 17:24:29.001037
445######################################################################################################################################
446[INFO] ------TARGET info------
447[*] TARGET: https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/
448[*] TARGET IP: 212.102.11.4
449[INFO] NO load balancer detected for shura.gov.sa...
450[*] DNS servers: ns1.shabakah.net.sa.
451[*] TARGET server: Apache
452[*] CC: SA
453[*] Country: Saudi Arabia
454[*] RegionCode: 01
455[*] RegionName: Ar Riyāḑ
456[*] City: Riyadh
457[*] ASN: AS34426
458[*] BGP_PREFIX: 212.102.0.0/19
459[*] ISP: SHABAKAHNET-ASN Shabakah Net, SA
460[INFO] SSL/HTTPS certificate detected
461[*] Issuer: issuer=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Certification Authority - L1K
462[*] Subject: subject=C = SA, L = Riyadh, O = Majlis Al Shura, CN = *.shura.gov.sa
463[INFO] DNS enumeration:
464[*] ftp.shura.gov.sa 212.33.173.194
465[*] mail2.shura.gov.sa 37.224.27.202
466[*] news.shura.gov.sa 212.102.11.27
467[*] old.shura.gov.sa 212.102.11.121
468[*] test.shura.gov.sa 212.102.11.123
469[*] vpn.shura.gov.sa 37.224.27.194
470[*] webconf.shura.gov.sa 82.118.172.13
471[*] webmail.shura.gov.sa 37.224.27.200
472[INFO] Possible abuse mails are:
473[*] abdulwahab@shabakah.com
474[*] abuse@shura.gov.sa
475[*] bobby@shabakah.net.sa
476[INFO] NO PAC (Proxy Auto Configuration) file FOUND
477[INFO] Checking for HTTP status codes recursively from /wps/wcm/connect/ShuraArabic/internet/Introduction/
478[INFO] Status code Folders
479[*] 404 http://shura.gov.sa/wps/
480[*] 404 http://shura.gov.sa/wps/wcm/
481[*] 404 http://shura.gov.sa/wps/wcm/connect/
482[*] 404 http://shura.gov.sa/wps/wcm/connect/ShuraArabic/
483[*] 404 http://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/
484[INFO] Starting FUZZing in http://shura.gov.sa/FUzZzZzZzZz...
485[INFO] Status code Folders
486[ALERT] Look in the source code. It may contain passwords
487[INFO] Links found from https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Introduction/ http://212.102.11.4/:
488[*] http://shura.gov.sa/Araed/contactAraed/indexAraed_1.jsp
489[*] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/
490[*] https://shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv
491[*] https://shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home
492[*] https://shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/
493cut: intervalle de champ incorrecte
494Saisissez « cut --help » pour plus d'informations.
495[INFO] BING shows 212.102.11.4 is shared with 43 hosts/vhosts
496[INFO] Shodan detected the following opened ports on 212.102.11.4:
497[*] 443
498[*] 80
499[*] 8008
500[INFO] ------VirusTotal SECTION------
501[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
502[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
503[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
504[INFO] ------Alexa Rank SECTION------
505[INFO] Percent of Visitors Rank in Country:
506[INFO] Percent of Search Traffic:
507[INFO] Percent of Unique Visits:
508[INFO] Total Sites Linking In:
509[*] Total Sites
510[INFO] Useful links related to shura.gov.sa - 212.102.11.4:
511[*] https://www.virustotal.com/pt/ip-address/212.102.11.4/information/
512[*] https://www.hybrid-analysis.com/search?host=212.102.11.4
513[*] https://www.shodan.io/host/212.102.11.4
514[*] https://www.senderbase.org/lookup/?search_string=212.102.11.4
515[*] https://www.alienvault.com/open-threat-exchange/ip/212.102.11.4
516[*] http://pastebin.com/search?q=212.102.11.4
517[*] http://urlquery.net/search.php?q=212.102.11.4
518[*] http://www.alexa.com/siteinfo/shura.gov.sa
519[*] http://www.google.com/safebrowsing/diagnostic?site=shura.gov.sa
520[*] https://censys.io/ipv4/212.102.11.4
521[*] https://www.abuseipdb.com/check/212.102.11.4
522[*] https://urlscan.io/search/#212.102.11.4
523[*] https://github.com/search?q=212.102.11.4&type=Code
524[INFO] Useful links related to AS34426 - 212.102.0.0/19:
525[*] http://www.google.com/safebrowsing/diagnostic?site=AS:34426
526[*] https://www.senderbase.org/lookup/?search_string=212.102.0.0/19
527[*] http://bgp.he.net/AS34426
528[*] https://stat.ripe.net/AS34426
529[INFO] Date: 30/11/19 | Time: 17:27:10
530[INFO] Total time: 3 minute(s) and 28 second(s)
531#######################################################################################################################################
532Trying "shura.gov.sa"
533;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32464
534;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 3, ADDITIONAL: 3
535
536;; QUESTION SECTION:
537;shura.gov.sa. IN ANY
538
539;; ANSWER SECTION:
540shura.gov.sa. 0 IN A 212.102.11.4
541shura.gov.sa. 0 IN MX 30 shuextprtl2.shura.gov.sa.
542shura.gov.sa. 0 IN MX 10 mail1.shura.gov.sa.
543shura.gov.sa. 0 IN MX 20 mail2.shura.gov.sa.
544shura.gov.sa. 0 IN SOA ns1.shabakah.net.sa. administrator.shabakah.net.sa. 2019110501 3600 1800 2419200 3600
545shura.gov.sa. 0 IN TXT "v=spf1 mx ip4:37.224.27.201 ip4:37.224.27.202 ip4:212.102.11.26 -all"
546shura.gov.sa. 0 IN NS ns1.shabakah.net.sa.
547shura.gov.sa. 0 IN NS ns2.shabakah.net.sa.
548shura.gov.sa. 0 IN NS ns4.shabakah.net.sa.
549
550;; AUTHORITY SECTION:
551shura.gov.sa. 3599 IN NS ns2.shabakah.net.sa.
552shura.gov.sa. 3599 IN NS ns4.shabakah.net.sa.
553shura.gov.sa. 3599 IN NS ns1.shabakah.net.sa.
554
555;; ADDITIONAL SECTION:
556ns4.shabakah.net.sa. 3076 IN A 40.86.176.26
557ns2.shabakah.net.sa. 3076 IN A 212.102.0.3
558ns1.shabakah.net.sa. 3076 IN A 212.102.0.2
559
560Received 407 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1010 ms
561######################################################################################################################################
562
563; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace shura.gov.sa any
564;; global options: +cmd
565. 85800 IN NS m.root-servers.net.
566. 85800 IN NS l.root-servers.net.
567. 85800 IN NS g.root-servers.net.
568. 85800 IN NS a.root-servers.net.
569. 85800 IN NS d.root-servers.net.
570. 85800 IN NS i.root-servers.net.
571. 85800 IN NS h.root-servers.net.
572. 85800 IN NS c.root-servers.net.
573. 85800 IN NS k.root-servers.net.
574. 85800 IN NS b.root-servers.net.
575. 85800 IN NS f.root-servers.net.
576. 85800 IN NS j.root-servers.net.
577. 85800 IN NS e.root-servers.net.
578. 85800 IN RRSIG NS 8 0 518400 20191213170000 20191130160000 22545 . gGZBrktIkbjNA4wid3KNGdKGTzJmQZVsUjOy9/Itndl7kOXJbr+0iFy1 2IP85x69mlNuvmVBvSEMRxZK6L54hqiW90W6NJ8S7KoughDBayvxcmVq L9v2kRc6JE/cNruyKH1oC+Nm8S1V+ocfOifpm6epGP7B3W3StNSinVvQ +i8h0AziAUpzUcgWqBf9pxx7II199HAkb440poK3BbiBwWJ+F0GGKoFz f+POa3W/jJg1ZYcbQNtDtNxuvv2GBXAPPOkNpFM5+fJdlkYrqcky4hen 9XNjzFXe9/SPMt6FAMt2QPv1oszpFRa3vmlxahrJWRtA75kd5SNP2Ejr UavrOg==
579;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 314 ms
580
581sa. 172800 IN NS ns1.nic.net.sa.
582sa. 172800 IN NS i.nic.net.sa.
583sa. 172800 IN NS ns2.nic.net.sa.
584sa. 172800 IN NS s.nic.net.sa.
585sa. 172800 IN NS p.nic.net.sa.
586sa. 172800 IN NS n.nic.net.sa.
587sa. 172800 IN NS s2.nic.net.sa.
588sa. 86400 IN DS 30574 8 2 02FC3370C8453439627440B913A8C0A6A4698F9E503F6BBB553D75D7 7E34367E
589sa. 86400 IN RRSIG DS 8 1 86400 20191213170000 20191130160000 22545 . RMIj0O/u0K18U4MBQQFbsRYcCq1EwSwSY5PIUFlHMetqRj18/EVQPAzz L4aV0xVQu/eCWE/UFwFhOyJBHgrgSUo4Z6H5H1e+luZcZ9COUpWFy5Ss x2vXN0ic41/7v4l6yiyYvNFf2sYfhpV2acEbAitbTpJZkxpgaMggHhyE 6dAzOb5Jcg9HG8mDsMQQmUcldrKWbrQLeqV1E6cLWTAKbAAIX5PFHDri hpwd16HRub9pgrzvTwPBNRODIMdKcx4YUMJGn3qJYZmftqwYxSXU8kD6 R3PqpDnRBQ9RbNrzd83a66T9/epBk9cILaW49uwxyJsFRxdhjZkPdpX7 rCZpZw==
590;; Received 809 bytes from 202.12.27.33#53(m.root-servers.net) in 257 ms
591
592shura.gov.sa. 3600 IN NS ns1.shabakah.net.sa.
593shura.gov.sa. 3600 IN NS ns4.shabakah.net.sa.
594shura.gov.sa. 3600 IN NS ns2.shabakah.net.sa.
595kvnres9rkm0a01pu2u52s66olvpecbg5.gov.sa. 3600 IN NSEC3 1 1 5 55D71318097371EC MDGV83R1VIJAFL7VTP000E1NMEUP3SLL NS SOA RRSIG DNSKEY NSEC3PARAM
596kvnres9rkm0a01pu2u52s66olvpecbg5.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20191213160740 20191129150701 65268 gov.sa. SR0sAkSDyMe8LIej1VVEK14epgx58ARMCL8jfqMUX/jNO7eHzIS6gQEX 0l2JWIonZBRMHh506c/4zbBOWRWW3FhAlAnbLTqqVciZQAJyX0qRITOB pB8GEJ7675lbTItXPbYEBYXxYufVv5TWcSyDjFMeW39BoDJi57nRXL35 U473uSwGLeitwPvz2hnET4lHdMFOF359nFVxXsuKsKmGOAEds7nPMkb7 b+p2Ka9JIjorRD6hhWEY3OAyVyn+tjbfx5zvOywqfmB/qWf43lD6L70/ GmqPCzubZtqsLNg8MBuA+ZBU6oWWaHTXxAu3xn3tNqxIsDxQVkSLXC+L uSp1UQ==
597181aq7buvc1sv0fh4i6uvhgi62lliuja.gov.sa. 3600 IN NSEC3 1 1 5 55D71318097371EC 7LBBBUQQUDAD9KHH8U1LPLN2U010H31Q NS DS RRSIG
598181aq7buvc1sv0fh4i6uvhgi62lliuja.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20191213160625 20191129150701 65268 gov.sa. dLJUSZLjcI8oM+L1wq+zI1S0BIob55nGbdKm8VX5a6sKYzbFdJ+bwPwg ZFrWu2IPpc4xSzX9z7OmzcDLbIJP7HkLIwJlbCjrB0xnkBVPlfAhUCcR ZxQAC99wXZxZE2+PWsrGJ3WB7tGJiDgrKhb6ugqTKdfQo1JEf0vDu/rt ul/9fS6vjhEY4VC+mbEtm8BebDqlrSSa3nWVg76zYmM9lV78/FaaZieV ZQeRnQJJ2qI54/ZHY+5cmWfhYOS2yWDrtMDYW2yBUVhzIjjvYOdDj4hy dZenuhpy6D9/EuAB5NL1GNRdNTwcDzwjLN4EHBxdPolF7xBz9T/wEhM2 K3bWkA==
599;; Received 901 bytes from 194.146.106.102#53(n.nic.net.sa) in 575 ms
600
601shura.gov.sa. 3600 IN SOA ns1.shabakah.net.sa. administrator.shabakah.net.sa. 2019110501 3600 1800 2419200 3600
602shura.gov.sa. 3600 IN NS ns2.shabakah.net.sa.
603shura.gov.sa. 3600 IN NS ns4.shabakah.net.sa.
604shura.gov.sa. 3600 IN NS ns1.shabakah.net.sa.
605shura.gov.sa. 3600 IN A 212.102.11.4
606shura.gov.sa. 3600 IN MX 10 mail1.shura.gov.sa.
607shura.gov.sa. 3600 IN MX 20 mail2.shura.gov.sa.
608shura.gov.sa. 3600 IN MX 30 shuextprtl2.shura.gov.sa.
609shura.gov.sa. 3600 IN TXT "v=spf1 mx ip4:37.224.27.201 ip4:37.224.27.202 ip4:212.102.11.26 -all"
610;; Received 424 bytes from 40.86.176.26#53(ns4.shabakah.net.sa) in 624 ms
611
612######################################################################################################################################
613*] Performing General Enumeration of Domain: shura.gov.sa
614[-] DNSSEC is not configured for shura.gov.sa
615[*] SOA ns1.shabakah.net.sa 212.102.0.2
616[*] NS ns1.shabakah.net.sa 212.102.0.2
617[*] Bind Version for 212.102.0.2 10.2 By:Ahmed.Java@Gmail.Com
618[*] NS ns2.shabakah.net.sa 212.102.0.3
619[*] Bind Version for 212.102.0.3 10.2 Ahmed.Java@Gmail.Com
620[*] NS ns4.shabakah.net.sa 40.86.176.26
621[*] Bind Version for 40.86.176.26 10.2 Ahmed.Java@Gmail.Com
622[*] MX mail2.shura.gov.sa 37.224.27.202
623[*] MX mail1.shura.gov.sa 37.224.27.201
624[*] MX shuextprtl2.shura.gov.sa 212.102.11.55
625[*] A shura.gov.sa 212.102.11.4
626[*] TXT shura.gov.sa v=spf1 mx ip4:37.224.27.201 ip4:37.224.27.202 ip4:212.102.11.26 -all
627[*] Enumerating SRV Records
628[*] SRV _sipfederationtls._tcp.shura.gov.sa sip.shura.gov.sa 37.224.27.215 5061 1
629[*] SRV _sip._tls.shura.gov.sa sip.shura.gov.sa 37.224.27.215 443 1
630[*] SRV _sip._tls.shura.gov.sa sip.shura.gov.sa 37.224.27.215 5061 1
631[+] 3 Records Found
632######################################################################################################################################
633[*] Processing domain shura.gov.sa
634[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
635[+] Getting nameservers
636212.102.0.2 - ns1.shabakah.net.sa
637212.102.0.3 - ns2.shabakah.net.sa
63840.86.176.26 - ns4.shabakah.net.sa
639[-] Zone transfer failed
640
641[+] TXT records found
642"v=spf1 mx ip4:37.224.27.201 ip4:37.224.27.202 ip4:212.102.11.26 -all"
643
644[+] MX records found, added to target list
64520 mail2.shura.gov.sa.
64610 mail1.shura.gov.sa.
64730 shuextprtl2.shura.gov.sa.
648
649[*] Scanning shura.gov.sa for A records
650212.102.11.55 - shuextprtl2.shura.gov.sa
651212.102.11.4 - shura.gov.sa
65237.224.27.200 - client.shura.gov.sa
653212.33.173.194 - cpanel.shura.gov.sa
65482.118.172.38 - dialin.shura.gov.sa
65582.118.172.38 - lyncdiscover.shura.gov.sa
65637.224.27.201 - mail1.shura.gov.sa
65737.224.27.202 - mail2.shura.gov.sa
65882.118.172.38 - meet.shura.gov.sa
659212.102.11.27 - news.shura.gov.sa
660212.102.11.121 - old.shura.gov.sa
661212.102.11.4 - services.shura.gov.sa
66237.224.27.215 - sip.shura.gov.sa
663212.102.11.123 - test.shura.gov.sa
66437.224.27.194 - vpn.shura.gov.sa
66582.118.172.13 - webconf.shura.gov.sa
66637.224.27.200 - webmail.shura.gov.sa
667212.102.11.4 - www.shura.gov.sa
668#######################################################################################################################################
669 AVAILABLE PLUGINS
670 -----------------
671
672 SessionRenegotiationPlugin
673 SessionResumptionPlugin
674 FallbackScsvPlugin
675 OpenSslCipherSuitesPlugin
676 EarlyDataPlugin
677 CertificateInfoPlugin
678 HeartbleedPlugin
679 RobotPlugin
680 OpenSslCcsInjectionPlugin
681 HttpHeadersPlugin
682 CompressionPlugin
683
684
685
686 CHECKING HOST(S) AVAILABILITY
687 -----------------------------
688
689 212.102.11.4:443 => 212.102.11.4
690
691
692
693
694 SCAN RESULTS FOR 212.102.11.4:443 - 212.102.11.4
695 ------------------------------------------------
696
697 * SSLV2 Cipher Suites:
698 Server rejected all cipher suites.
699
700 * OpenSSL CCS Injection:
701 OK - Not vulnerable to OpenSSL CCS injection
702
703 * Deflate Compression:
704 OK - Compression disabled
705
706 * Session Renegotiation:
707 Client-initiated Renegotiation: OK - Rejected
708 Secure Renegotiation: OK - Supported
709
710 * TLS 1.2 Session Resumption Support:
711 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
712 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
713
714 * TLSV1_3 Cipher Suites:
715 Server rejected all cipher suites.
716
717 * Certificate Information:
718 Content
719 SHA1 Fingerprint: 74978757cc1f5b3c801f07864794e5b5e4c41876
720 Common Name: *.mawani.gov.sa
721 Issuer: DigiCert SHA2 Secure Server CA
722 Serial Number: 15672697320379179090057517123387418178
723 Not Before: 2019-09-11 00:00:00
724 Not After: 2020-12-09 12:00:00
725 Signature Algorithm: sha256
726 Public Key Algorithm: RSA
727 Key Size: 2048
728 Exponent: 65537 (0x10001)
729 DNS Subject Alternative Names: ['*.mawani.gov.sa', '*.ports.gov.sa', 'ports.gov.sa', 'mawani.gov.sa']
730
731 Trust
732 Hostname Validation: FAILED - Certificate does NOT match 212.102.11.4
733 Android CA Store (9.0.0_r9): OK - Certificate is trusted
734 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
735 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
736 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
737 Windows CA Store (2019-05-27): OK - Certificate is trusted
738 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
739 Received Chain: *.mawani.gov.sa --> DigiCert SHA2 Secure Server CA
740 Verified Chain: *.mawani.gov.sa --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
741 Received Chain Contains Anchor: OK - Anchor certificate not sent
742 Received Chain Order: OK - Order is valid
743 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
744
745 Extensions
746 OCSP Must-Staple: NOT SUPPORTED - Extension not found
747 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
748
749 OCSP Stapling
750 NOT SUPPORTED - Server did not send back an OCSP response
751
752 * Downgrade Attacks:
753 TLS_FALLBACK_SCSV: OK - Supported
754
755 * TLSV1_1 Cipher Suites:
756 Forward Secrecy OK - Supported
757 RC4 OK - Not Supported
758
759 Preferred:
760 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
761 Accepted:
762 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
763 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
764 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
765 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
766 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
767 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
768 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
769 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
770 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
771
772 * OpenSSL Heartbleed:
773 OK - Not vulnerable to Heartbleed
774
775 * TLSV1_2 Cipher Suites:
776 Forward Secrecy OK - Supported
777 RC4 OK - Not Supported
778
779 Preferred:
780 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
781 Accepted:
782 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
783 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
784 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
785 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
786 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
787 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
788 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
789 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
790 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 403 Forbidden
791 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
792 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
793 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
794 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
795 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
796 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
797 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
798 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
799 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
800 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
801 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
802 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
803 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
804
805 * ROBOT Attack:
806 OK - Not vulnerable
807
808 * TLSV1 Cipher Suites:
809 Server rejected all cipher suites.
810
811 * SSLV3 Cipher Suites:
812 Server rejected all cipher suites.
813
814
815 SCAN COMPLETED IN 36.70 S
816 -------------------------
817#######################################################################################################################################
818
819Domains still to check: 1
820 Checking if the hostname shura.gov.sa. given is in fact a domain...
821
822Analyzing domain: shura.gov.sa.
823 Checking NameServers using system default resolver...
824 IP: 212.102.0.2 (Saudi Arabia)
825 HostName: ns1.shabakah.net.sa Type: NS
826 HostName: ns1.shabakah.net.sa Type: PTR
827 IP: 212.102.0.3 (Saudi Arabia)
828 HostName: ns2.shabakah.net.sa Type: NS
829 HostName: ns2.shabakah.net.sa Type: PTR
830 IP: 40.86.176.26 (United States)
831 HostName: ns4.shabakah.net.sa Type: NS
832 HostName: ns4.shabakah.net.sa Type: PTR
833
834 Checking MailServers using system default resolver...
835 IP: 37.224.27.202 (Saudi Arabia)
836 HostName: mail2.shura.gov.sa Type: MX
837 HostName: mail2.shura.gov.sa Type: PTR
838 IP: 37.224.27.201 (Saudi Arabia)
839 HostName: mail1.shura.gov.sa Type: MX
840 HostName: mail.shura.gov.sa Type: PTR
841 IP: 212.102.11.55 (Saudi Arabia)
842 HostName: shuextprtl2.shura.gov.sa Type: MX
843 HostName: shabnet11-55.shabakah.net Type: PTR
844
845 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
846 No zone transfer found on nameserver 40.86.176.26
847 No zone transfer found on nameserver 212.102.0.3
848 No zone transfer found on nameserver 212.102.0.2
849
850 Checking SPF record...
851 New IP found: 212.102.11.26
852
853 Checking 192 most common hostnames using system default resolver...
854 IP: 212.102.11.4 (Saudi Arabia)
855 HostName: www.shura.gov.sa. Type: A
856 IP: 212.33.173.194 (Saudi Arabia)
857 HostName: ftp.shura.gov.sa. Type: A
858 IP: 212.102.11.123 (Saudi Arabia)
859 HostName: test.shura.gov.sa. Type: A
860 IP: 37.224.27.200 (Saudi Arabia)
861 HostName: webmail.shura.gov.sa. Type: A
862 IP: 212.102.11.121 (Saudi Arabia)
863 HostName: old.shura.gov.sa. Type: A
864
865 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
866 Checking netblock 37.224.27.0
867 Checking netblock 212.33.173.0
868 Checking netblock 212.102.11.0
869 Checking netblock 40.86.176.0
870 Checking netblock 212.102.0.0
871
872 Searching for shura.gov.sa. emails in Google
873 webmaster@shura.gov.sa�
874 webmaster@shura.gov.sa;
875 webmaster@shura.gov.sa
876 webmaster@shura.gov.sa.
877 sg_office@shura.gov.sa
878
879 Checking 12 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
880 Host 37.224.27.202 is up (reset ttl 64)
881 Host 212.33.173.194 is up (reset ttl 64)
882 Host 37.224.27.201 is up (reset ttl 64)
883 Host 212.102.11.4 is up (reset ttl 64)
884 Host 212.102.11.121 is up (reset ttl 64)
885 Host 37.224.27.200 is up (reset ttl 64)
886 Host 212.102.11.123 is up (reset ttl 64)
887 Host 40.86.176.26 is up (reset ttl 64)
888 Host 212.102.11.55 is up (echo-reply ttl 50)
889 Host 212.102.0.3 is up (reset ttl 64)
890 Host 212.102.0.2 is up (reset ttl 64)
891 Host 212.102.11.26 is up (reset ttl 64)
892
893 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
894 Scanning ip 37.224.27.202 (mail2.shura.gov.sa (PTR)):
895 Scanning ip 212.33.173.194 (ftp.shura.gov.sa.):
896 Scanning ip 37.224.27.201 (mail.shura.gov.sa (PTR)):
897 22/tcp open ssh syn-ack ttl 50 Fortinet VPN/firewall sshd (protocol 2.0)
898 | ssh-hostkey:
899 |_ 2048 a5:81:a2:5f:a0:1a:ad:3b:a0:2e:1e:f1:10:15:72:62 (RSA)
900 443/tcp open ssl/https syn-ack ttl 49
901 | fingerprint-strings:
902 | FourOhFourRequest:
903 | HTTP/1.1 404 Not Found
904 | Date: Sat, 30 Nov 2019 22:46:23 GMT
905 | Strict-Transport-Security: max-age=31536000; includeSubDomains
906 | Content-Length: 72
907 | Connection: close
908 | Content-Type: text/html; charset=iso-8859-1
909 | <h1>Not Found</h1><p>The requested URL was not found on this server.</p>
910 | GetRequest:
911 | HTTP/1.1 200 OK
912 | Date: Sat, 30 Nov 2019 22:46:16 GMT
913 | Strict-Transport-Security: max-age=31536000; includeSubDomains
914 | Last-Modified: Tue, 12 Feb 2019 22:11:49 GMT
915 | Accept-Ranges: bytes
916 | Content-Length: 80
917 | Vary: Accept-Encoding
918 | X-XSS-Protection: 1; mode=block
919 | X-Frame-Options: SAMEORIGIN
920 | Content-Security-Policy: frame-ancestors 'self'
921 | X-Content-Type-Options: nosniff
922 | Connection: close
923 | Content-Type: text/html
924 | <html>
925 | <script language=javascript>
926 | location="/m/webmail/";
927 | </script>
928 | </html>
929 | HTTPOptions:
930 | HTTP/1.1 200 OK
931 | Date: Sat, 30 Nov 2019 22:46:18 GMT
932 | Strict-Transport-Security: max-age=31536000; includeSubDomains
933 | Allow: HEAD,GET,POST,OPTIONS
934 | X-XSS-Protection: 1; mode=block
935 | X-Frame-Options: SAMEORIGIN
936 | Content-Security-Policy: frame-ancestors 'self'
937 | X-Content-Type-Options: nosniff
938 | Content-Length: 0
939 | Connection: close
940 | Content-Type: text/html
941 | RTSPRequest:
942 | HTTP/1.1 400 Bad Request
943 | Date: Sat, 30 Nov 2019 22:46:40 GMT
944 | Content-Length: 226
945 | Connection: close
946 | Content-Type: text/html; charset=iso-8859-1
947 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
948 | <html><head>
949 | <title>400 Bad Request</title>
950 | </head><body>
951 | <h1>Bad Request</h1>
952 | <p>Your browser sent a request that this server could not understand.<br />
953 | </p>
954 |_ </body></html>
955 | http-methods:
956 |_ Supported Methods: GET HEAD POST
957 |_http-title: 400 Bad Request
958 | ssl-cert: Subject: commonName=FortiMail/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
959 | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
960 | Public Key type: rsa
961 | Public Key bits: 2048
962 | Signature Algorithm: sha256WithRSAEncryption
963 | Not valid before: 2015-07-03T17:24:18
964 | Not valid after: 2038-01-19T03:14:07
965 | MD5: 3289 2aad db2d c86a 0940 bba3 9276 4365
966 |_SHA-1: 6bcd eac1 02be 0c39 7ee3 426d 8f59 6739 15a3 0b15
967 |_ssl-date: TLS randomness does not represent time
968 | tls-alpn:
969 |_ http/1.1
970 465/tcp open ssl/smtp syn-ack ttl 48 FortiMail smtpd (time zone: +0300)
971 |_smtp-commands: mail1.shura.gov.sa Hello salmondeal.com.0.116.160.in-addr.arpa [160.116.0.22], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, 8BITMIME, SIZE 26214400, DSN, AUTH LOGIN PLAIN, DELIVERBY, HELP,
972 | ssl-cert: Subject: commonName=FortiMail/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
973 | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
974 | Public Key type: rsa
975 | Public Key bits: 2048
976 | Signature Algorithm: sha256WithRSAEncryption
977 | Not valid before: 2015-07-03T17:24:18
978 | Not valid after: 2038-01-19T03:14:07
979 | MD5: 3289 2aad db2d c86a 0940 bba3 9276 4365
980 |_SHA-1: 6bcd eac1 02be 0c39 7ee3 426d 8f59 6739 15a3 0b15
981 OS Info: Service Info: Host: mail1.shura.gov.sa; Device: firewall
982 Scanning ip 212.102.11.4 (www.shura.gov.sa.):
983 80/tcp open http syn-ack ttl 49 Apache httpd (ASP.NET)
984 |_http-server-header: Apache
985 |_http-title: 403 Forbidden
986 443/tcp open ssl/http syn-ack ttl 49 Apache httpd
987 | http-methods:
988 |_ Supported Methods: GET HEAD POST
989 |_http-server-header: Apache
990 |_http-title: 400 Bad Request
991 | ssl-cert: Subject: commonName=*.mawani.gov.sa/organizationName=Saudi Ports Authority/countryName=SA
992 | Subject Alternative Name: DNS:*.mawani.gov.sa, DNS:*.ports.gov.sa, DNS:ports.gov.sa, DNS:mawani.gov.sa
993 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
994 | Public Key type: rsa
995 | Public Key bits: 2048
996 | Signature Algorithm: sha256WithRSAEncryption
997 | Not valid before: 2019-09-11T00:00:00
998 | Not valid after: 2020-12-09T12:00:00
999 | MD5: 14b2 ec82 43b3 f057 1119 4213 ca30 8a10
1000 |_SHA-1: 7497 8757 cc1f 5b3c 801f 0786 4794 e5b5 e4c4 1876
1001 |_ssl-date: TLS randomness does not represent time
1002 | tls-alpn:
1003 |_ http/1.1
1004 8008/tcp open http syn-ack ttl 50
1005 | fingerprint-strings:
1006 | FourOhFourRequest:
1007 | HTTP/1.1 302 Found
1008 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1009 | Connection: close
1010 | X-Frame-Options: SAMEORIGIN
1011 | X-XSS-Protection: 1; mode=block
1012 | X-Content-Type-Options: nosniff
1013 | Content-Security-Policy: frame-ancestors
1014 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1015 | HTTP/1.1 302 Found
1016 | Location: https://:8010
1017 | Connection: close
1018 | X-Frame-Options: SAMEORIGIN
1019 | X-XSS-Protection: 1; mode=block
1020 | X-Content-Type-Options: nosniff
1021 | Content-Security-Policy: frame-ancestors
1022 | GetRequest:
1023 | HTTP/1.1 302 Found
1024 | Location: https://:8010/
1025 | Connection: close
1026 | X-Frame-Options: SAMEORIGIN
1027 | X-XSS-Protection: 1; mode=block
1028 | X-Content-Type-Options: nosniff
1029 |_ Content-Security-Policy: frame-ancestors
1030 | http-methods:
1031 |_ Supported Methods: GET HEAD POST OPTIONS
1032 |_http-title: Did not follow redirect to https://212.102.11.4:8010/
1033 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1034 Scanning ip 212.102.11.121 (old.shura.gov.sa.):
1035 80/tcp open http? syn-ack ttl 50
1036 8008/tcp open http syn-ack ttl 50
1037 | fingerprint-strings:
1038 | FourOhFourRequest:
1039 | HTTP/1.1 302 Found
1040 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1041 | Connection: close
1042 | X-Frame-Options: SAMEORIGIN
1043 | X-XSS-Protection: 1; mode=block
1044 | X-Content-Type-Options: nosniff
1045 | Content-Security-Policy: frame-ancestors
1046 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1047 | HTTP/1.1 302 Found
1048 | Location: https://:8010
1049 | Connection: close
1050 | X-Frame-Options: SAMEORIGIN
1051 | X-XSS-Protection: 1; mode=block
1052 | X-Content-Type-Options: nosniff
1053 | Content-Security-Policy: frame-ancestors
1054 | GetRequest:
1055 | HTTP/1.1 302 Found
1056 | Location: https://:8010/
1057 | Connection: close
1058 | X-Frame-Options: SAMEORIGIN
1059 | X-XSS-Protection: 1; mode=block
1060 | X-Content-Type-Options: nosniff
1061 |_ Content-Security-Policy: frame-ancestors
1062 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1063 Scanning ip 37.224.27.200 (webmail.shura.gov.sa.):
1064 Scanning ip 212.102.11.123 (test.shura.gov.sa.):
1065 80/tcp open http? syn-ack ttl 50
1066 8008/tcp open http syn-ack ttl 50
1067 | fingerprint-strings:
1068 | FourOhFourRequest:
1069 | HTTP/1.1 302 Found
1070 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1071 | Connection: close
1072 | X-Frame-Options: SAMEORIGIN
1073 | X-XSS-Protection: 1; mode=block
1074 | X-Content-Type-Options: nosniff
1075 | Content-Security-Policy: frame-ancestors
1076 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1077 | HTTP/1.1 302 Found
1078 | Location: https://:8010
1079 | Connection: close
1080 | X-Frame-Options: SAMEORIGIN
1081 | X-XSS-Protection: 1; mode=block
1082 | X-Content-Type-Options: nosniff
1083 | Content-Security-Policy: frame-ancestors
1084 | GetRequest:
1085 | HTTP/1.1 302 Found
1086 | Location: https://:8010/
1087 | Connection: close
1088 | X-Frame-Options: SAMEORIGIN
1089 | X-XSS-Protection: 1; mode=block
1090 | X-Content-Type-Options: nosniff
1091 |_ Content-Security-Policy: frame-ancestors
1092 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1093 Scanning ip 40.86.176.26 (ns4.shabakah.net.sa (PTR)):
1094 53/tcp open domain syn-ack ttl 39 (unknown banner: 10.2 Ahmed.Java@Gmail.Com)
1095 | dns-nsid:
1096 |_ bind.version: 10.2 Ahmed.Java@Gmail.Com
1097 | fingerprint-strings:
1098 | DNSVersionBindReqTCP:
1099 | version
1100 | bind
1101 |_ 10.2 Ahmed.Java@Gmail.Com
1102 Scanning ip 212.102.11.55 (shabnet11-55.shabakah.net (PTR)):
1103 80/tcp open http syn-ack ttl 51
1104 | fingerprint-strings:
1105 | FourOhFourRequest:
1106 | HTTP/1.0 404 Not Found
1107 | Date: Sat, 30 Nov 2019 23:04:10 GMT
1108 | X-Frame-Options: SAMEORIGIN
1109 | Content-Length: 225
1110 | Content-Type: text/html; charset=iso-8859-1
1111 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
1112 | <html><head>
1113 | <title>404 Not Found</title>
1114 | </head><body>
1115 | <h1>Not Found</h1>
1116 | <p>The requested URL /nice ports,/Trinity.txt.bak was not found on this server.</p>
1117 | </body></html>
1118 | GetRequest:
1119 | HTTP/1.0 302 Found
1120 | Date: Sat, 30 Nov 2019 23:04:01 GMT
1121 | X-Frame-Options: SAMEORIGIN
1122 | Location: http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/
1123 | Cache-Control: max-age=604800
1124 | Expires: Sat, 07 Dec 2019 23:04:01 GMT
1125 | Content-Length: 255
1126 | Content-Type: text/html; charset=iso-8859-1
1127 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
1128 | <html><head>
1129 | <title>302 Found</title>
1130 | </head><body>
1131 | <h1>Found</h1>
1132 | <p>The document has moved <a href="http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/">here</a>.</p>
1133 | </body></html>
1134 | HTTPOptions:
1135 | HTTP/1.0 302 Found
1136 | Date: Sat, 30 Nov 2019 23:04:03 GMT
1137 | X-Frame-Options: SAMEORIGIN
1138 | Location: http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/
1139 | Cache-Control: max-age=604800
1140 | Expires: Sat, 07 Dec 2019 23:04:03 GMT
1141 | Content-Length: 255
1142 | Content-Type: text/html; charset=iso-8859-1
1143 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
1144 | <html><head>
1145 | <title>302 Found</title>
1146 | </head><body>
1147 | <h1>Found</h1>
1148 | <p>The document has moved <a href="http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/">here</a>.</p>
1149 | </body></html>
1150 | RTSPRequest:
1151 | HTTP/1.1 400 Bad Request
1152 | Date: Sat, 30 Nov 2019 23:04:04 GMT
1153 | X-Frame-Options: SAMEORIGIN
1154 | Content-Length: 226
1155 | Connection: close
1156 | Content-Type: text/html; charset=iso-8859-1
1157 | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
1158 | <html><head>
1159 | <title>400 Bad Request</title>
1160 | </head><body>
1161 | <h1>Bad Request</h1>
1162 | <p>Your browser sent a request that this server could not understand.<br />
1163 | </p>
1164 |_ </body></html>
1165 8008/tcp open http syn-ack ttl 51
1166 | fingerprint-strings:
1167 | FourOhFourRequest:
1168 | HTTP/1.1 302 Found
1169 | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
1170 | Connection: close
1171 | X-Frame-Options: SAMEORIGIN
1172 | X-XSS-Protection: 1; mode=block
1173 | X-Content-Type-Options: nosniff
1174 | Content-Security-Policy: frame-ancestors
1175 | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
1176 | HTTP/1.1 302 Found
1177 | Location: https://:8010
1178 | Connection: close
1179 | X-Frame-Options: SAMEORIGIN
1180 | X-XSS-Protection: 1; mode=block
1181 | X-Content-Type-Options: nosniff
1182 | Content-Security-Policy: frame-ancestors
1183 | GetRequest:
1184 | HTTP/1.1 302 Found
1185 | Location: https://:8010/
1186 | Connection: close
1187 | X-Frame-Options: SAMEORIGIN
1188 | X-XSS-Protection: 1; mode=block
1189 | X-Content-Type-Options: nosniff
1190 |_ Content-Security-Policy: frame-ancestors
1191 |_https-redirect: ERROR: Script execution failed (use -d to debug)
1192 Scanning ip 212.102.0.3 (ns2.shabakah.net.sa (PTR)):
1193 Scanning ip 212.102.0.2 (ns1.shabakah.net.sa (PTR)):
1194 53/tcp open domain syn-ack ttl 49 (unknown banner: 10.2 By:Ahmed.Java@Gmail.Com)
1195 | dns-nsid:
1196 |_ bind.version: 10.2 By:Ahmed.Java@Gmail.Com
1197 | fingerprint-strings:
1198 | DNSVersionBindReqTCP:
1199 | version
1200 | bind
1201 |_ 10.2 By:Ahmed.Java@Gmail.Com
1202 Scanning ip 212.102.11.26 ():
1203 WebCrawling domain's web servers... up to 50 max links.
1204
1205 + URL to crawl: http://mail1.shura.gov.sa:443
1206 + Date: 2019-11-30
1207
1208 + Crawling URL: http://mail1.shura.gov.sa:443:
1209 + Links:
1210 + Crawling http://mail1.shura.gov.sa:443 (400 Bad Request)
1211 + Searching for directories...
1212 + Searching open folders...
1213
1214
1215 + URL to crawl: http://www.shura.gov.sa.
1216 + Date: 2019-11-30
1217
1218 + Crawling URL: http://www.shura.gov.sa.:
1219 + Links:
1220 + Crawling http://www.shura.gov.sa.
1221 + Searching for directories...
1222 + Searching open folders...
1223
1224
1225 + URL to crawl: https://www.shura.gov.sa.
1226 + Date: 2019-11-30
1227
1228 + Crawling URL: https://www.shura.gov.sa.:
1229 + Links:
1230 + Crawling https://www.shura.gov.sa.
1231 + Searching for directories...
1232 + Searching open folders...
1233
1234
1235 + URL to crawl: http://www.shura.gov.sa.:8008
1236 + Date: 2019-11-30
1237
1238 + Crawling URL: http://www.shura.gov.sa.:8008:
1239 + Links:
1240 + Crawling http://www.shura.gov.sa.:8008 (timed out)
1241 + Searching for directories...
1242 + Searching open folders...
1243
1244
1245 + URL to crawl: http://old.shura.gov.sa.:8008
1246 + Date: 2019-11-30
1247
1248 + Crawling URL: http://old.shura.gov.sa.:8008:
1249 + Links:
1250 + Crawling http://old.shura.gov.sa.:8008 (timed out)
1251 + Searching for directories...
1252 + Searching open folders...
1253
1254
1255 + URL to crawl: http://test.shura.gov.sa.:8008
1256 + Date: 2019-11-30
1257
1258 + Crawling URL: http://test.shura.gov.sa.:8008:
1259 + Links:
1260 + Crawling http://test.shura.gov.sa.:8008 (timed out)
1261 + Searching for directories...
1262 + Searching open folders...
1263
1264
1265 + URL to crawl: http://shuextprtl2.shura.gov.sa
1266 + Date: 2019-11-30
1267
1268 + Crawling URL: http://shuextprtl2.shura.gov.sa:
1269 + Links:
1270 + Crawling http://shuextprtl2.shura.gov.sa
1271 + Crawling http://shuextprtl2.shura.gov.sa/img/resources/json (404 Not Found)
1272 + Crawling http://shuextprtl2.shura.gov.sa/img/resources/css (403 Forbidden)
1273 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home
1274 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv
1275 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/
1276 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/
1277 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/manifest.json (404 Not Found)
1278 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/
1279 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/
1280 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home
1281 + Crawling http://shuextprtl2.shura.gov.sa/member/LoginPage_2.jsp
1282 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/
1283 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links
1284 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/
1285 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/
1286 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/
1287 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/committees?contentIDR=5bdb7081-bd89-4c03-93b2-54972a81ed9e&useDefaultText=0&useDefaultDesc=0 (timed out)
1288 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/
1289 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/
1290 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/
1291 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics
1292 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/publications?contentIDR=6d61069e-818b-4d9c-b8fb-3669d21721ae&useDefaultText=0&useDefaultDesc=0 (timed out)
1293 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/
1294 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine
1295 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq
1296 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news
1297 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery
1298 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata
1299 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002
1300 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001
1301 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003
1302 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002
1303 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001
1304 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002
1305 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001
1306 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001
1307 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001
1308 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003
1309 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh
1310 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/9d2fbbad-1d1f-46a6-9f75-930b13ab297f/Abdullah_M.png?MOD=AJPERES&CACHEID=ROOTWORKSPACE-9d2fbbad-1d1f-46a6-9f75-930b13ab297f-me.y6PP (File! Not crawling it.)
1311 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani
1312 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan
1313 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi
1314 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/
1315 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/
1316 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56
1317 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54
1318 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55
1319 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53
1320 + Crawling http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52
1321 + Searching for directories...
1322 - Found: http://shuextprtl2.shura.gov.sa/img/
1323 - Found: http://shuextprtl2.shura.gov.sa/img/resources/
1324 - Found: http://shuextprtl2.shura.gov.sa/wps/
1325 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/
1326 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/
1327 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/
1328 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/
1329 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/
1330 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/
1331 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/
1332 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/
1333 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/
1334 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/
1335 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/
1336 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/
1337 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/
1338 - Found: http://shuextprtl2.shura.gov.sa/member/
1339 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/
1340 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/
1341 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/
1342 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/
1343 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/
1344 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/
1345 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/
1346 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/
1347 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/
1348 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/
1349 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/
1350 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/
1351 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/
1352 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/
1353 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/
1354 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/
1355 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/
1356 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/
1357 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/
1358 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/
1359 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/
1360 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/
1361 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/
1362 - Found: http://shuextprtl2.shura.gov.sa/img/resources/images/
1363 - Found: http://shuextprtl2.shura.gov.sa/img/resources/css/
1364 - Found: http://shuextprtl2.shura.gov.sa/img/resources/js/
1365 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv/
1366 - Found: http://shuextprtl2.shura.gov.sa/img/PT01/
1367 - Found: http://shuextprtl2.shura.gov.sa/img/PT01/ar/
1368 - Found: http://shuextprtl2.shura.gov.sa/img/PT01/ar/script/
1369 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home/
1370 - Found: http://shuextprtl2.shura.gov.sa/css/
1371 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links/
1372 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics/
1373 - Found: http://shuextprtl2.shura.gov.sa/img/ar/
1374 - Found: http://shuextprtl2.shura.gov.sa/img/ar/books/
1375 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine/
1376 - Found: http://shuextprtl2.shura.gov.sa/magazines/
1377 - Found: http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/
1378 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq/
1379 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery/
1380 - Found: http://shuextprtl2.shura.gov.sa/img/ar/gallery/
1381 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata/
1382 - Found: http://shuextprtl2.shura.gov.sa/img/resources/opendata/
1383 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002/
1384 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001/
1385 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003/
1386 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002/
1387 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001/
1388 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002/
1389 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001/
1390 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001/
1391 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001/
1392 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003/
1393 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh/
1394 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/9d2fbbad-1d1f-46a6-9f75-930b13ab297f/
1395 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani/
1396 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan/
1397 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi/
1398 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56/
1399 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54/
1400 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55/
1401 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53/
1402 - Found: http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52/
1403 + Searching open folders...
1404 - http://shuextprtl2.shura.gov.sa/img/ (403 Forbidden)
1405 - http://shuextprtl2.shura.gov.sa/img/resources/ (403 Forbidden)
1406 - http://shuextprtl2.shura.gov.sa/wps/ (404 Not Found)
1407 - http://shuextprtl2.shura.gov.sa/wps/wcm/ (404 Not Found)
1408 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ (404 Not Found)
1409 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/ (404 Not Found)
1410 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/ (404 Not Found)
1411 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/ (404 Not Found)
1412 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/ (404 Not Found)
1413 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/ (No Open Folder)
1414 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/ (No Open Folder)
1415 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/ (No Open Folder)
1416 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/ (No Open Folder)
1417 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/ (No Open Folder)
1418 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/ (404 Not Found)
1419 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/ (404 Not Found)
1420 - http://shuextprtl2.shura.gov.sa/member/ (404 Not Found)
1421 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/ (No Open Folder)
1422 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/ (No Open Folder)
1423 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/ (No Open Folder)
1424 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/ (No Open Folder)
1425 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/ (timed out)
1426 > Problems in searching for open folders or crawling again the folders with indexing.
1427
1428 + Crawl finished successfully.
1429----------------------------------------------------------------------
1430Summary of http://http://shuextprtl2.shura.gov.sa
1431----------------------------------------------------------------------
1432+ Links crawled:
1433 - http://shuextprtl2.shura.gov.sa
1434 - http://shuextprtl2.shura.gov.sa/img/resources/css (403 Forbidden)
1435 - http://shuextprtl2.shura.gov.sa/img/resources/json (404 Not Found)
1436 - http://shuextprtl2.shura.gov.sa/member/LoginPage_2.jsp
1437 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/
1438 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh
1439 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/
1440 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/
1441 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/
1442 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/
1443 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/
1444 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/
1445 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/
1446 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/
1447 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/
1448 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/
1449 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/
1450 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/
1451 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/
1452 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani
1453 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi
1454 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan
1455 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv
1456 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery
1457 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home
1458 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/manifest.json (404 Not Found)
1459 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links
1460 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news
1461 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003
1462 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001
1463 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001
1464 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001
1465 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002
1466 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001
1467 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002
1468 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003
1469 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001
1470 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002
1471 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata
1472 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq
1473 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine
1474 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52
1475 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53
1476 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54
1477 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55
1478 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56
1479 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics
1480 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home
1481 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/committees?contentIDR=5bdb7081-bd89-4c03-93b2-54972a81ed9e&useDefaultText=0&useDefaultDesc=0 (timed out)
1482 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/publications?contentIDR=6d61069e-818b-4d9c-b8fb-3669d21721ae&useDefaultText=0&useDefaultDesc=0 (timed out)
1483 Total links crawled: 50
1484
1485+ Links to files found:
1486 - http://shuextprtl2.shura.gov.sa/apple-touch-icon.png
1487 - http://shuextprtl2.shura.gov.sa/css/bootstrap.min.css
1488 - http://shuextprtl2.shura.gov.sa/css/font-awesome.min.css
1489 - http://shuextprtl2.shura.gov.sa/css/jquery.mCustomScrollbar.css
1490 - http://shuextprtl2.shura.gov.sa/css/my-font.css
1491 - http://shuextprtl2.shura.gov.sa/css/style.css
1492 - http://shuextprtl2.shura.gov.sa/favicon-16x16.png
1493 - http://shuextprtl2.shura.gov.sa/favicon-32x32.png
1494 - http://shuextprtl2.shura.gov.sa/img/PT01/ar/script/c_config.js
1495 - http://shuextprtl2.shura.gov.sa/img/PT01/ar/script/c_smartmenus.js
1496 - http://shuextprtl2.shura.gov.sa/img/ar/books/AmlaNew.pdf
1497 - http://shuextprtl2.shura.gov.sa/img/ar/books/SixthSessionAchievements.pdf
1498 - http://shuextprtl2.shura.gov.sa/img/ar/books/angaz.pdf
1499 - http://shuextprtl2.shura.gov.sa/img/ar/books/dalel.pdf
1500 - http://shuextprtl2.shura.gov.sa/img/ar/books/hasad.pdf
1501 - http://shuextprtl2.shura.gov.sa/img/ar/books/lamha.pdf
1502 - http://shuextprtl2.shura.gov.sa/img/ar/books/nezamNew.pdf
1503 - http://shuextprtl2.shura.gov.sa/img/ar/books/qathaua.pdf
1504 - http://shuextprtl2.shura.gov.sa/img/ar/books/shura.pdf
1505 - http://shuextprtl2.shura.gov.sa/img/ar/books/shurabook.pdf
1506 - http://shuextprtl2.shura.gov.sa/img/ar/books/shurakfbook.pdf
1507 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-01.jpg
1508 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-02.jpg
1509 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-03.jpg
1510 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-04.jpg
1511 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-05.jpg
1512 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-06.jpg
1513 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-07.jpg
1514 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-08.jpg
1515 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-09.jpg
1516 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-10.jpg
1517 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-11.jpg
1518 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-12.jpg
1519 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-13.jpg
1520 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-14.jpg
1521 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-15.jpg
1522 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-16.jpg
1523 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-17.jpg
1524 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-18.jpg
1525 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-19.jpg
1526 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-20.jpg
1527 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/big-21.jpg
1528 - http://shuextprtl2.shura.gov.sa/img/logo2.png
1529 - http://shuextprtl2.shura.gov.sa/img/resources/css/bootstrap.min.css
1530 - http://shuextprtl2.shura.gov.sa/img/resources/css/font-awesome.min.css
1531 - http://shuextprtl2.shura.gov.sa/img/resources/css/highslide.css
1532 - http://shuextprtl2.shura.gov.sa/img/resources/css/jquery.mCustomScrollbar.css
1533 - http://shuextprtl2.shura.gov.sa/img/resources/css/my-font.css
1534 - http://shuextprtl2.shura.gov.sa/img/resources/css/org-chart.css
1535 - http://shuextprtl2.shura.gov.sa/img/resources/css/style-en.css
1536 - http://shuextprtl2.shura.gov.sa/img/resources/css/style.css
1537 - http://shuextprtl2.shura.gov.sa/img/resources/images/1.jpg
1538 - http://shuextprtl2.shura.gov.sa/img/resources/images/2.jpg
1539 - http://shuextprtl2.shura.gov.sa/img/resources/images/3.jpg
1540 - http://shuextprtl2.shura.gov.sa/img/resources/images/4.jpg
1541 - http://shuextprtl2.shura.gov.sa/img/resources/images/Abdullah_M.png
1542 - http://shuextprtl2.shura.gov.sa/img/resources/images/OniziMO.png
1543 - http://shuextprtl2.shura.gov.sa/img/resources/images/OrgChart.png
1544 - http://shuextprtl2.shura.gov.sa/img/resources/images/abdulla-sheik.jpg
1545 - http://shuextprtl2.shura.gov.sa/img/resources/images/aread-icon.jpg
1546 - http://shuextprtl2.shura.gov.sa/img/resources/images/body-bg.jpg
1547 - http://shuextprtl2.shura.gov.sa/img/resources/images/color-brush.png
1548 - http://shuextprtl2.shura.gov.sa/img/resources/images/cross-box.png
1549 - http://shuextprtl2.shura.gov.sa/img/resources/images/cross-box2.png
1550 - http://shuextprtl2.shura.gov.sa/img/resources/images/favicon.ico
1551 - http://shuextprtl2.shura.gov.sa/img/resources/images/header-title-en.png
1552 - http://shuextprtl2.shura.gov.sa/img/resources/images/header-title.png
1553 - http://shuextprtl2.shura.gov.sa/img/resources/images/logo2.png
1554 - http://shuextprtl2.shura.gov.sa/img/resources/images/pdf-download.png
1555 - http://shuextprtl2.shura.gov.sa/img/resources/images/slide-01.png
1556 - http://shuextprtl2.shura.gov.sa/img/resources/images/tender-icon.jpg
1557 - http://shuextprtl2.shura.gov.sa/img/resources/images/theme.png
1558 - http://shuextprtl2.shura.gov.sa/img/resources/images/yahya_samaan.jpg
1559 - http://shuextprtl2.shura.gov.sa/img/resources/js/FileSaver.js
1560 - http://shuextprtl2.shura.gov.sa/img/resources/js/bootstrap.min.js
1561 - http://shuextprtl2.shura.gov.sa/img/resources/js/custom.js
1562 - http://shuextprtl2.shura.gov.sa/img/resources/js/highslide-with-htmlAr.js
1563 - http://shuextprtl2.shura.gov.sa/img/resources/js/html2canvas.js
1564 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery-1.12.3.js
1565 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.cookie.js
1566 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.fancybox.js
1567 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.flip.min.js
1568 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.jfontsize.js
1569 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.mCustomScrollbar.concat.min.js
1570 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.min.js
1571 - http://shuextprtl2.shura.gov.sa/img/resources/js/jquery.wordexport.js
1572 - http://shuextprtl2.shura.gov.sa/img/resources/js/jssor.slider-22.1.7.min.js
1573 - http://shuextprtl2.shura.gov.sa/img/resources/js/marquee.js
1574 - http://shuextprtl2.shura.gov.sa/img/resources/opendata/About_Shura.docx
1575 - http://shuextprtl2.shura.gov.sa/img/resources/opendata/Committees_Members.docx
1576 - http://shuextprtl2.shura.gov.sa/img/resources/opendata/Sessions_Agenda.docx
1577 - http://shuextprtl2.shura.gov.sa/img/resources/opendata/Statistics.docx
1578 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/119.pdf
1579 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/120.pdf
1580 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/121.pdf
1581 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/122.pdf
1582 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/123.pdf
1583 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/124.pdf
1584 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/125.pdf
1585 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/128.pdf
1586 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/129.pdf
1587 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/130.pdf
1588 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/131.pdf
1589 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/132.pdf
1590 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/133.pdf
1591 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/134.pdf
1592 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/135.pdf
1593 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/136.pdf
1594 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/137.pdf
1595 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/138.pdf
1596 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/139.pdf
1597 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/140.pdf
1598 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/141.pdf
1599 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/142.pdf
1600 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/143.pdf
1601 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/144.pdf
1602 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/145.pdf
1603 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/146.pdf
1604 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/147.pdf
1605 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/148.pdf
1606 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/149.pdf
1607 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/150.pdf
1608 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/151.pdf
1609 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/152.pdf
1610 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/153.pdf
1611 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/154.pdf
1612 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/155.pdf
1613 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/157.pdf
1614 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/158.pdf
1615 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/159.pdf
1616 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/160.pdf
1617 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/161.pdf
1618 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/162.pdf
1619 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/163.pdf
1620 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/164.pdf
1621 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/165.pdf
1622 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/166.pdf
1623 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/167.pdf
1624 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/168.pdf
1625 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/169.pdf
1626 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/170.pdf
1627 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/171.pdf
1628 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/172.pdf
1629 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/173.pdf
1630 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/174.pdf
1631 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/175.pdf
1632 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/176-177.pdf
1633 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/178.pdf
1634 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/179.pdf
1635 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/180.pdf
1636 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/182.pdf
1637 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/183.pdf
1638 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/184.pdf
1639 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/185.pdf
1640 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/186.pdf
1641 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/187-188.pdf
1642 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/189.pdf
1643 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/190.pdf
1644 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/191.pdf
1645 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/192.pdf
1646 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/193.pdf
1647 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/194.pdf
1648 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/195.pdf
1649 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/196-197.pdf
1650 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/198.pdf
1651 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/9d2fbbad-1d1f-46a6-9f75-930b13ab297f/Abdullah_M.png?MOD=AJPERES&CACHEID=ROOTWORKSPACE-9d2fbbad-1d1f-46a6-9f75-930b13ab297f-me.y6PP
1652 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/apple-touch-icon.png
1653 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/favicon-16x16.png
1654 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/favicon-32x32.png
1655 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh/apple-touch-icon.png
1656 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh/favicon-16x16.png
1657 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh/favicon-32x32.png
1658 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/apple-touch-icon.png
1659 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/favicon-16x16.png
1660 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/favicon-32x32.png
1661 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/apple-touch-icon.png
1662 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/favicon-16x16.png
1663 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/favicon-32x32.png
1664 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/apple-touch-icon.png
1665 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/favicon-16x16.png
1666 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/favicon-32x32.png
1667 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/apple-touch-icon.png
1668 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/favicon-16x16.png
1669 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/favicon-32x32.png
1670 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/apple-touch-icon.png
1671 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/favicon-16x16.png
1672 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/favicon-32x32.png
1673 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/apple-touch-icon.png
1674 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/favicon-16x16.png
1675 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/favicon-32x32.png
1676 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/apple-touch-icon.png
1677 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/favicon-16x16.png
1678 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/favicon-32x32.png
1679 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/apple-touch-icon.png
1680 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/favicon-16x16.png
1681 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/favicon-32x32.png
1682 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/apple-touch-icon.png
1683 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/favicon-16x16.png
1684 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/favicon-32x32.png
1685 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/apple-touch-icon.png
1686 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/favicon-16x16.png
1687 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/favicon-32x32.png
1688 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/apple-touch-icon.png
1689 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/favicon-16x16.png
1690 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/favicon-32x32.png
1691 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/apple-touch-icon.png
1692 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/favicon-16x16.png
1693 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/favicon-32x32.png
1694 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/apple-touch-icon.png
1695 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/favicon-16x16.png
1696 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/favicon-32x32.png
1697 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani/apple-touch-icon.png
1698 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani/favicon-16x16.png
1699 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani/favicon-32x32.png
1700 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi/apple-touch-icon.png
1701 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi/favicon-16x16.png
1702 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi/favicon-32x32.png
1703 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan/apple-touch-icon.png
1704 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan/favicon-16x16.png
1705 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan/favicon-32x32.png
1706 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv/apple-touch-icon.png
1707 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv/favicon-16x16.png
1708 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv/favicon-32x32.png
1709 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery/apple-touch-icon.png
1710 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery/favicon-16x16.png
1711 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery/favicon-32x32.png
1712 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/apple-touch-icon.png
1713 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/favicon-16x16.png
1714 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/favicon-32x32.png
1715 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links/apple-touch-icon.png
1716 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links/favicon-16x16.png
1717 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links/favicon-32x32.png
1718 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003/apple-touch-icon.png
1719 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003/favicon-16x16.png
1720 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003/favicon-32x32.png
1721 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001/apple-touch-icon.png
1722 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001/favicon-16x16.png
1723 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001/favicon-32x32.png
1724 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001/apple-touch-icon.png
1725 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001/favicon-16x16.png
1726 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001/favicon-32x32.png
1727 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001/apple-touch-icon.png
1728 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001/favicon-16x16.png
1729 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001/favicon-32x32.png
1730 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002/apple-touch-icon.png
1731 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002/favicon-16x16.png
1732 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002/favicon-32x32.png
1733 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001/apple-touch-icon.png
1734 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001/favicon-16x16.png
1735 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001/favicon-32x32.png
1736 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002/apple-touch-icon.png
1737 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002/favicon-16x16.png
1738 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002/favicon-32x32.png
1739 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003/apple-touch-icon.png
1740 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003/favicon-16x16.png
1741 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003/favicon-32x32.png
1742 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001/apple-touch-icon.png
1743 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001/favicon-16x16.png
1744 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001/favicon-32x32.png
1745 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002/apple-touch-icon.png
1746 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002/favicon-16x16.png
1747 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002/favicon-32x32.png
1748 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/apple-touch-icon.png
1749 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/favicon-16x16.png
1750 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/favicon-32x32.png
1751 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata/apple-touch-icon.png
1752 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata/favicon-16x16.png
1753 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata/favicon-32x32.png
1754 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq/apple-touch-icon.png
1755 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq/favicon-16x16.png
1756 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq/favicon-32x32.png
1757 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine/apple-touch-icon.png
1758 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine/favicon-16x16.png
1759 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine/favicon-32x32.png
1760 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52/apple-touch-icon.png
1761 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52/favicon-16x16.png
1762 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52/favicon-32x32.png
1763 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53/apple-touch-icon.png
1764 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53/favicon-16x16.png
1765 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53/favicon-32x32.png
1766 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54/apple-touch-icon.png
1767 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54/favicon-16x16.png
1768 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54/favicon-32x32.png
1769 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55/apple-touch-icon.png
1770 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55/favicon-16x16.png
1771 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55/favicon-32x32.png
1772 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56/apple-touch-icon.png
1773 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56/favicon-16x16.png
1774 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56/favicon-32x32.png
1775 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics/apple-touch-icon.png
1776 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics/favicon-16x16.png
1777 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics/favicon-32x32.png
1778 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home/apple-touch-icon.png
1779 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home/favicon-16x16.png
1780 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home/favicon-32x32.png
1781 Total links to files: 295
1782
1783+ Externals links found:
1784 - http://beta.shura.gov.sa/Araed/contactAraed/indexAraed_1.jsp
1785 - http://portal/pages/faq.aspx
1786 - http://portal/pages/usage.aspx
1787 - http://shura.gov.sa/Araed/contactAraed/indexAraed_1.jsp
1788 - http://www.shura.gov.sa:9081/member/LoginPage.jsp
1789 - https://instagram.com/shuracouncil_sa/
1790 - https://itunes.apple.com/us/app/mjls-alshwry-als-wdy/id1059674023?mt=8
1791 - https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv./img/resources/js
1792 - https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
1793 - https://oss.maxcdn.com/libs/respond./img/resources/js/1.4.2/respond.min./img/resources/js
1794 - https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
1795 - https://play.google.com/store/apps/details?id=com.codelab.shura
1796 - https://shura.gov.sa/Araed/contactAraed/indexAraed_1.jsp
1797 - https://shura.gov.sa/opendata/openData/index.jsp
1798 - https://twitter.com/ShuraCouncil_SA
1799 - https://twitter.com/shuracouncil_sa
1800 - https://www.my.gov.sa
1801 - https://www.my.gov.sa/wps/portal/snp/main
1802 - https://www.shura.gov.sa
1803 - https://youtube.com/channel/UCPcLi8WdzIBNvHnq1jznZ9A
1804 Total external links: 20
1805
1806+ Email addresses found:
1807 Total email address found: 0
1808
1809+ Directories found:
1810 - http://shuextprtl2.shura.gov.sa/css/
1811 - http://shuextprtl2.shura.gov.sa/img/ (403 Forbidden)
1812 - http://shuextprtl2.shura.gov.sa/img/PT01/
1813 - http://shuextprtl2.shura.gov.sa/img/PT01/ar/
1814 - http://shuextprtl2.shura.gov.sa/img/PT01/ar/script/
1815 - http://shuextprtl2.shura.gov.sa/img/ar/
1816 - http://shuextprtl2.shura.gov.sa/img/ar/books/
1817 - http://shuextprtl2.shura.gov.sa/img/ar/gallery/
1818 - http://shuextprtl2.shura.gov.sa/img/resources/ (403 Forbidden)
1819 - http://shuextprtl2.shura.gov.sa/img/resources/css/
1820 - http://shuextprtl2.shura.gov.sa/img/resources/images/
1821 - http://shuextprtl2.shura.gov.sa/img/resources/js/
1822 - http://shuextprtl2.shura.gov.sa/img/resources/opendata/
1823 - http://shuextprtl2.shura.gov.sa/magazines/
1824 - http://shuextprtl2.shura.gov.sa/magazines/complete-pdf/
1825 - http://shuextprtl2.shura.gov.sa/member/ (404 Not Found)
1826 - http://shuextprtl2.shura.gov.sa/wps/ (404 Not Found)
1827 - http://shuextprtl2.shura.gov.sa/wps/wcm/ (404 Not Found)
1828 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ (404 Not Found)
1829 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/9d2fbbad-1d1f-46a6-9f75-930b13ab297f/
1830 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/ (404 Not Found)
1831 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/ (404 Not Found)
1832 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Audio+and+Video/ (No open folder)
1833 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/
1834 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/CV/Abdullah+Bin+Ibrahim+Al+Al-Sheikh/
1835 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/
1836 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Committees+Jurisdiction+and+Duties/
1837 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Committees/Parliamentary+Friendship+Committees/
1838 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Contact+Us/ (No open folder)
1839 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/
1840 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/General+Subjects/Agenda+of+the+Majlis/
1841 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Historical+BG/ (No open folder)
1842 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Laws+and+Regulations/ (No open folder)
1843 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Organization+Chart/ (No open folder)
1844 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/
1845 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Publications/Shura+Publications/
1846 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Royal+Speeches/ (No open folder)
1847 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Session+Agenda/ (No open folder)
1848 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Site+Map/ (No open folder)
1849 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/
1850 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/6th+Term/
1851 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/Statistics/7th+Term/
1852 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/
1853 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/abdullah+salim+almutani/
1854 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/mohammed+dakhil+alsuhaimi/
1855 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/ShuraArabic/internet/cv/yahya+abdullah+alsamaan/
1856 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/ (404 Not Found)
1857 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/ (404 Not Found)
1858 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/cv/
1859 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/gallery/
1860 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/home/ (No open folder)
1861 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/links/
1862 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/
1863 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1810144003/
1864 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/1910144001/
1865 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2010144001/
1866 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144001/
1867 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2110144002/
1868 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144001/
1869 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144002/
1870 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2210144003/
1871 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144001/
1872 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/news/2310144002/
1873 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/opendata/
1874 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/
1875 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/faq/
1876 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/publications/magazine/
1877 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/
1878 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/
1879 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/52/
1880 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/53/
1881 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/54/
1882 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/55/
1883 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/session+agenda/seventh+term-3rd+year/56/
1884 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraarabic/internet/statistics/
1885 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/ (404 Not Found)
1886 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/ (404 Not Found)
1887 - http://shuextprtl2.shura.gov.sa/wps/wcm/connect/shuraen/internet/home/
1888 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/
1889 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/
1890 - http://shuextprtl2.shura.gov.sa/wps/wcm/myconnect/shuraarabic/internet/
1891 Total directories: 81
1892
1893+ Directory indexing found:
1894 Total directories with indexing: 0
1895
1896----------------------------------------------------------------------
1897
1898
1899 + URL to crawl: http://shuextprtl2.shura.gov.sa:8008
1900 + Date: 2019-11-30
1901
1902 + Crawling URL: http://shuextprtl2.shura.gov.sa:8008:
1903 + Links:
1904 + Crawling http://shuextprtl2.shura.gov.sa:8008 (timed out)
1905 + Searching for directories...
1906 + Searching open folders...
1907
1908--Finished--
1909Summary information for domain shura.gov.sa.
1910-----------------------------------------
1911 Domain Specific Information:
1912 Email: webmaster@shura.gov.sa�
1913 Email: webmaster@shura.gov.sa;
1914 Email: webmaster@shura.gov.sa
1915 Email: webmaster@shura.gov.sa.
1916 Email: sg_office@shura.gov.sa
1917
1918 Domain Ips Information:
1919 IP: 37.224.27.202
1920 HostName: mail2.shura.gov.sa Type: MX
1921 HostName: mail2.shura.gov.sa Type: PTR
1922 Type: SPF
1923 Country: Saudi Arabia
1924 Is Active: True (reset ttl 64)
1925 IP: 212.33.173.194
1926 HostName: ftp.shura.gov.sa. Type: A
1927 Country: Saudi Arabia
1928 Is Active: True (reset ttl 64)
1929 IP: 37.224.27.201
1930 HostName: mail1.shura.gov.sa Type: MX
1931 HostName: mail.shura.gov.sa Type: PTR
1932 Type: SPF
1933 Country: Saudi Arabia
1934 Is Active: True (reset ttl 64)
1935 Port: 22/tcp open ssh syn-ack ttl 50 Fortinet VPN/firewall sshd (protocol 2.0)
1936 Script Info: | ssh-hostkey:
1937 Script Info: |_ 2048 a5:81:a2:5f:a0:1a:ad:3b:a0:2e:1e:f1:10:15:72:62 (RSA)
1938 Port: 443/tcp open ssl/https syn-ack ttl 49
1939 Script Info: | fingerprint-strings:
1940 Script Info: | FourOhFourRequest:
1941 Script Info: | HTTP/1.1 404 Not Found
1942 Script Info: | Date: Sat, 30 Nov 2019 22:46:23 GMT
1943 Script Info: | Strict-Transport-Security: max-age=31536000; includeSubDomains
1944 Script Info: | Content-Length: 72
1945 Script Info: | Connection: close
1946 Script Info: | Content-Type: text/html; charset=iso-8859-1
1947 Script Info: | <h1>Not Found</h1><p>The requested URL was not found on this server.</p>
1948 Script Info: | GetRequest:
1949 Script Info: | HTTP/1.1 200 OK
1950 Script Info: | Date: Sat, 30 Nov 2019 22:46:16 GMT
1951 Script Info: | Strict-Transport-Security: max-age=31536000; includeSubDomains
1952 Script Info: | Last-Modified: Tue, 12 Feb 2019 22:11:49 GMT
1953 Script Info: | Accept-Ranges: bytes
1954 Script Info: | Content-Length: 80
1955 Script Info: | Vary: Accept-Encoding
1956 Script Info: | X-XSS-Protection: 1; mode=block
1957 Script Info: | X-Frame-Options: SAMEORIGIN
1958 Script Info: | Content-Security-Policy: frame-ancestors 'self'
1959 Script Info: | X-Content-Type-Options: nosniff
1960 Script Info: | Connection: close
1961 Script Info: | Content-Type: text/html
1962 Script Info: | <html>
1963 Script Info: | <script language=javascript>
1964 Script Info: | location="/m/webmail/";
1965 Script Info: | </script>
1966 Script Info: | </html>
1967 Script Info: | HTTPOptions:
1968 Script Info: | HTTP/1.1 200 OK
1969 Script Info: | Date: Sat, 30 Nov 2019 22:46:18 GMT
1970 Script Info: | Strict-Transport-Security: max-age=31536000; includeSubDomains
1971 Script Info: | Allow: HEAD,GET,POST,OPTIONS
1972 Script Info: | X-XSS-Protection: 1; mode=block
1973 Script Info: | X-Frame-Options: SAMEORIGIN
1974 Script Info: | Content-Security-Policy: frame-ancestors 'self'
1975 Script Info: | X-Content-Type-Options: nosniff
1976 Script Info: | Content-Length: 0
1977 Script Info: | Connection: close
1978 Script Info: | Content-Type: text/html
1979 Script Info: | RTSPRequest:
1980 Script Info: | HTTP/1.1 400 Bad Request
1981 Script Info: | Date: Sat, 30 Nov 2019 22:46:40 GMT
1982 Script Info: | Content-Length: 226
1983 Script Info: | Connection: close
1984 Script Info: | Content-Type: text/html; charset=iso-8859-1
1985 Script Info: | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
1986 Script Info: | <html><head>
1987 Script Info: | <title>400 Bad Request</title>
1988 Script Info: | </head><body>
1989 Script Info: | <h1>Bad Request</h1>
1990 Script Info: | <p>Your browser sent a request that this server could not understand.<br />
1991 Script Info: | </p>
1992 Script Info: |_ </body></html>
1993 Script Info: | http-methods:
1994 Script Info: |_ Supported Methods: GET HEAD POST
1995 Script Info: |_http-title: 400 Bad Request
1996 Script Info: | ssl-cert: Subject: commonName=FortiMail/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
1997 Script Info: | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
1998 Script Info: | Public Key type: rsa
1999 Script Info: | Public Key bits: 2048
2000 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2001 Script Info: | Not valid before: 2015-07-03T17:24:18
2002 Script Info: | Not valid after: 2038-01-19T03:14:07
2003 Script Info: | MD5: 3289 2aad db2d c86a 0940 bba3 9276 4365
2004 Script Info: |_SHA-1: 6bcd eac1 02be 0c39 7ee3 426d 8f59 6739 15a3 0b15
2005 Script Info: |_ssl-date: TLS randomness does not represent time
2006 Script Info: | tls-alpn:
2007 Script Info: |_ http/1.1
2008 Port: 465/tcp open ssl/smtp syn-ack ttl 48 FortiMail smtpd (time zone: +0300)
2009 Script Info: |_smtp-commands: mail1.shura.gov.sa Hello salmondeal.com.0.116.160.in-addr.arpa [160.116.0.22], pleased to meet you, ENHANCEDSTATUSCODES, PIPELINING, 8BITMIME, SIZE 26214400, DSN, AUTH LOGIN PLAIN, DELIVERBY, HELP,
2010 Script Info: | ssl-cert: Subject: commonName=FortiMail/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
2011 Script Info: | Issuer: commonName=support/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
2012 Script Info: | Public Key type: rsa
2013 Script Info: | Public Key bits: 2048
2014 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2015 Script Info: | Not valid before: 2015-07-03T17:24:18
2016 Script Info: | Not valid after: 2038-01-19T03:14:07
2017 Script Info: | MD5: 3289 2aad db2d c86a 0940 bba3 9276 4365
2018 Script Info: |_SHA-1: 6bcd eac1 02be 0c39 7ee3 426d 8f59 6739 15a3 0b15
2019 Os Info: Host: mail1.shura.gov.sa; Device: firewall
2020 IP: 212.102.11.4
2021 HostName: www.shura.gov.sa. Type: A
2022 Country: Saudi Arabia
2023 Is Active: True (reset ttl 64)
2024 Port: 80/tcp open http syn-ack ttl 49 Apache httpd (ASP.NET)
2025 Script Info: |_http-server-header: Apache
2026 Script Info: |_http-title: 403 Forbidden
2027 Port: 443/tcp open ssl/http syn-ack ttl 49 Apache httpd
2028 Script Info: | http-methods:
2029 Script Info: |_ Supported Methods: GET HEAD POST
2030 Script Info: |_http-server-header: Apache
2031 Script Info: |_http-title: 400 Bad Request
2032 Script Info: | ssl-cert: Subject: commonName=*.mawani.gov.sa/organizationName=Saudi Ports Authority/countryName=SA
2033 Script Info: | Subject Alternative Name: DNS:*.mawani.gov.sa, DNS:*.ports.gov.sa, DNS:ports.gov.sa, DNS:mawani.gov.sa
2034 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
2035 Script Info: | Public Key type: rsa
2036 Script Info: | Public Key bits: 2048
2037 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2038 Script Info: | Not valid before: 2019-09-11T00:00:00
2039 Script Info: | Not valid after: 2020-12-09T12:00:00
2040 Script Info: | MD5: 14b2 ec82 43b3 f057 1119 4213 ca30 8a10
2041 Script Info: |_SHA-1: 7497 8757 cc1f 5b3c 801f 0786 4794 e5b5 e4c4 1876
2042 Script Info: |_ssl-date: TLS randomness does not represent time
2043 Script Info: | tls-alpn:
2044 Script Info: |_ http/1.1
2045 Port: 8008/tcp open http syn-ack ttl 50
2046 Script Info: | fingerprint-strings:
2047 Script Info: | FourOhFourRequest:
2048 Script Info: | HTTP/1.1 302 Found
2049 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
2050 Script Info: | Connection: close
2051 Script Info: | X-Frame-Options: SAMEORIGIN
2052 Script Info: | X-XSS-Protection: 1; mode=block
2053 Script Info: | X-Content-Type-Options: nosniff
2054 Script Info: | Content-Security-Policy: frame-ancestors
2055 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
2056 Script Info: | HTTP/1.1 302 Found
2057 Script Info: | Location: https://:8010
2058 Script Info: | Connection: close
2059 Script Info: | X-Frame-Options: SAMEORIGIN
2060 Script Info: | X-XSS-Protection: 1; mode=block
2061 Script Info: | X-Content-Type-Options: nosniff
2062 Script Info: | Content-Security-Policy: frame-ancestors
2063 Script Info: | GetRequest:
2064 Script Info: | HTTP/1.1 302 Found
2065 Script Info: | Location: https://:8010/
2066 Script Info: | Connection: close
2067 Script Info: | X-Frame-Options: SAMEORIGIN
2068 Script Info: | X-XSS-Protection: 1; mode=block
2069 Script Info: | X-Content-Type-Options: nosniff
2070 Script Info: |_ Content-Security-Policy: frame-ancestors
2071 Script Info: | http-methods:
2072 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2073 Script Info: |_http-title: Did not follow redirect to https://212.102.11.4:8010/
2074 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
2075 IP: 212.102.11.121
2076 HostName: old.shura.gov.sa. Type: A
2077 Country: Saudi Arabia
2078 Is Active: True (reset ttl 64)
2079 Port: 80/tcp open http? syn-ack ttl 50
2080 Port: 8008/tcp open http syn-ack ttl 50
2081 Script Info: | fingerprint-strings:
2082 Script Info: | FourOhFourRequest:
2083 Script Info: | HTTP/1.1 302 Found
2084 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
2085 Script Info: | Connection: close
2086 Script Info: | X-Frame-Options: SAMEORIGIN
2087 Script Info: | X-XSS-Protection: 1; mode=block
2088 Script Info: | X-Content-Type-Options: nosniff
2089 Script Info: | Content-Security-Policy: frame-ancestors
2090 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
2091 Script Info: | HTTP/1.1 302 Found
2092 Script Info: | Location: https://:8010
2093 Script Info: | Connection: close
2094 Script Info: | X-Frame-Options: SAMEORIGIN
2095 Script Info: | X-XSS-Protection: 1; mode=block
2096 Script Info: | X-Content-Type-Options: nosniff
2097 Script Info: | Content-Security-Policy: frame-ancestors
2098 Script Info: | GetRequest:
2099 Script Info: | HTTP/1.1 302 Found
2100 Script Info: | Location: https://:8010/
2101 Script Info: | Connection: close
2102 Script Info: | X-Frame-Options: SAMEORIGIN
2103 Script Info: | X-XSS-Protection: 1; mode=block
2104 Script Info: | X-Content-Type-Options: nosniff
2105 Script Info: |_ Content-Security-Policy: frame-ancestors
2106 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
2107 IP: 37.224.27.200
2108 HostName: webmail.shura.gov.sa. Type: A
2109 Country: Saudi Arabia
2110 Is Active: True (reset ttl 64)
2111 IP: 212.102.11.123
2112 HostName: test.shura.gov.sa. Type: A
2113 Country: Saudi Arabia
2114 Is Active: True (reset ttl 64)
2115 Port: 80/tcp open http? syn-ack ttl 50
2116 Port: 8008/tcp open http syn-ack ttl 50
2117 Script Info: | fingerprint-strings:
2118 Script Info: | FourOhFourRequest:
2119 Script Info: | HTTP/1.1 302 Found
2120 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
2121 Script Info: | Connection: close
2122 Script Info: | X-Frame-Options: SAMEORIGIN
2123 Script Info: | X-XSS-Protection: 1; mode=block
2124 Script Info: | X-Content-Type-Options: nosniff
2125 Script Info: | Content-Security-Policy: frame-ancestors
2126 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
2127 Script Info: | HTTP/1.1 302 Found
2128 Script Info: | Location: https://:8010
2129 Script Info: | Connection: close
2130 Script Info: | X-Frame-Options: SAMEORIGIN
2131 Script Info: | X-XSS-Protection: 1; mode=block
2132 Script Info: | X-Content-Type-Options: nosniff
2133 Script Info: | Content-Security-Policy: frame-ancestors
2134 Script Info: | GetRequest:
2135 Script Info: | HTTP/1.1 302 Found
2136 Script Info: | Location: https://:8010/
2137 Script Info: | Connection: close
2138 Script Info: | X-Frame-Options: SAMEORIGIN
2139 Script Info: | X-XSS-Protection: 1; mode=block
2140 Script Info: | X-Content-Type-Options: nosniff
2141 Script Info: |_ Content-Security-Policy: frame-ancestors
2142 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
2143 IP: 40.86.176.26
2144 HostName: ns4.shabakah.net.sa Type: NS
2145 HostName: ns4.shabakah.net.sa Type: PTR
2146 Country: United States
2147 Is Active: True (reset ttl 64)
2148 Port: 53/tcp open domain syn-ack ttl 39 (unknown banner: 10.2 Ahmed.Java@Gmail.Com)
2149 Script Info: | dns-nsid:
2150 Script Info: |_ bind.version: 10.2 Ahmed.Java@Gmail.Com
2151 Script Info: | fingerprint-strings:
2152 Script Info: | DNSVersionBindReqTCP:
2153 Script Info: | version
2154 Script Info: | bind
2155 Script Info: |_ 10.2 Ahmed.Java@Gmail.Com
2156 IP: 212.102.11.55
2157 HostName: shuextprtl2.shura.gov.sa Type: MX
2158 HostName: shabnet11-55.shabakah.net Type: PTR
2159 Country: Saudi Arabia
2160 Is Active: True (echo-reply ttl 50)
2161 Port: 80/tcp open http syn-ack ttl 51
2162 Script Info: | fingerprint-strings:
2163 Script Info: | FourOhFourRequest:
2164 Script Info: | HTTP/1.0 404 Not Found
2165 Script Info: | Date: Sat, 30 Nov 2019 23:04:10 GMT
2166 Script Info: | X-Frame-Options: SAMEORIGIN
2167 Script Info: | Content-Length: 225
2168 Script Info: | Content-Type: text/html; charset=iso-8859-1
2169 Script Info: | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2170 Script Info: | <html><head>
2171 Script Info: | <title>404 Not Found</title>
2172 Script Info: | </head><body>
2173 Script Info: | <h1>Not Found</h1>
2174 Script Info: | <p>The requested URL /nice ports,/Trinity.txt.bak was not found on this server.</p>
2175 Script Info: | </body></html>
2176 Script Info: | GetRequest:
2177 Script Info: | HTTP/1.0 302 Found
2178 Script Info: | Date: Sat, 30 Nov 2019 23:04:01 GMT
2179 Script Info: | X-Frame-Options: SAMEORIGIN
2180 Script Info: | Location: http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/
2181 Script Info: | Cache-Control: max-age=604800
2182 Script Info: | Expires: Sat, 07 Dec 2019 23:04:01 GMT
2183 Script Info: | Content-Length: 255
2184 Script Info: | Content-Type: text/html; charset=iso-8859-1
2185 Script Info: | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2186 Script Info: | <html><head>
2187 Script Info: | <title>302 Found</title>
2188 Script Info: | </head><body>
2189 Script Info: | <h1>Found</h1>
2190 Script Info: | <p>The document has moved <a href="http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/">here</a>.</p>
2191 Script Info: | </body></html>
2192 Script Info: | HTTPOptions:
2193 Script Info: | HTTP/1.0 302 Found
2194 Script Info: | Date: Sat, 30 Nov 2019 23:04:03 GMT
2195 Script Info: | X-Frame-Options: SAMEORIGIN
2196 Script Info: | Location: http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/
2197 Script Info: | Cache-Control: max-age=604800
2198 Script Info: | Expires: Sat, 07 Dec 2019 23:04:03 GMT
2199 Script Info: | Content-Length: 255
2200 Script Info: | Content-Type: text/html; charset=iso-8859-1
2201 Script Info: | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2202 Script Info: | <html><head>
2203 Script Info: | <title>302 Found</title>
2204 Script Info: | </head><body>
2205 Script Info: | <h1>Found</h1>
2206 Script Info: | <p>The document has moved <a href="http://212.102.11.55/wps/wcm/connect/ShuraArabic/internet/Introduction/">here</a>.</p>
2207 Script Info: | </body></html>
2208 Script Info: | RTSPRequest:
2209 Script Info: | HTTP/1.1 400 Bad Request
2210 Script Info: | Date: Sat, 30 Nov 2019 23:04:04 GMT
2211 Script Info: | X-Frame-Options: SAMEORIGIN
2212 Script Info: | Content-Length: 226
2213 Script Info: | Connection: close
2214 Script Info: | Content-Type: text/html; charset=iso-8859-1
2215 Script Info: | <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2216 Script Info: | <html><head>
2217 Script Info: | <title>400 Bad Request</title>
2218 Script Info: | </head><body>
2219 Script Info: | <h1>Bad Request</h1>
2220 Script Info: | <p>Your browser sent a request that this server could not understand.<br />
2221 Script Info: | </p>
2222 Script Info: |_ </body></html>
2223 Port: 8008/tcp open http syn-ack ttl 51
2224 Script Info: | fingerprint-strings:
2225 Script Info: | FourOhFourRequest:
2226 Script Info: | HTTP/1.1 302 Found
2227 Script Info: | Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
2228 Script Info: | Connection: close
2229 Script Info: | X-Frame-Options: SAMEORIGIN
2230 Script Info: | X-XSS-Protection: 1; mode=block
2231 Script Info: | X-Content-Type-Options: nosniff
2232 Script Info: | Content-Security-Policy: frame-ancestors
2233 Script Info: | GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
2234 Script Info: | HTTP/1.1 302 Found
2235 Script Info: | Location: https://:8010
2236 Script Info: | Connection: close
2237 Script Info: | X-Frame-Options: SAMEORIGIN
2238 Script Info: | X-XSS-Protection: 1; mode=block
2239 Script Info: | X-Content-Type-Options: nosniff
2240 Script Info: | Content-Security-Policy: frame-ancestors
2241 Script Info: | GetRequest:
2242 Script Info: | HTTP/1.1 302 Found
2243 Script Info: | Location: https://:8010/
2244 Script Info: | Connection: close
2245 Script Info: | X-Frame-Options: SAMEORIGIN
2246 Script Info: | X-XSS-Protection: 1; mode=block
2247 Script Info: | X-Content-Type-Options: nosniff
2248 Script Info: |_ Content-Security-Policy: frame-ancestors
2249 Script Info: |_https-redirect: ERROR: Script execution failed (use -d to debug)
2250 IP: 212.102.0.3
2251 HostName: ns2.shabakah.net.sa Type: NS
2252 HostName: ns2.shabakah.net.sa Type: PTR
2253 Country: Saudi Arabia
2254 Is Active: True (reset ttl 64)
2255 IP: 212.102.0.2
2256 HostName: ns1.shabakah.net.sa Type: NS
2257 HostName: ns1.shabakah.net.sa Type: PTR
2258 Country: Saudi Arabia
2259 Is Active: True (reset ttl 64)
2260 Port: 53/tcp open domain syn-ack ttl 49 (unknown banner: 10.2 By:Ahmed.Java@Gmail.Com)
2261 Script Info: | dns-nsid:
2262 Script Info: |_ bind.version: 10.2 By:Ahmed.Java@Gmail.Com
2263 Script Info: | fingerprint-strings:
2264 Script Info: | DNSVersionBindReqTCP:
2265 Script Info: | version
2266 Script Info: | bind
2267 Script Info: |_ 10.2 By:Ahmed.Java@Gmail.Com
2268 IP: 212.102.11.26
2269 Type: SPF
2270 Is Active: True (reset ttl 64)
2271
2272--------------End Summary --------------
2273-----------------------------------------
2274#######################################################################################################################################
2275WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
2276Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 17:31 EST
2277Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
2278Host is up (0.51s latency).
2279Not shown: 489 filtered ports, 4 closed ports
2280Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2281PORT STATE SERVICE
228280/tcp open http
2283443/tcp open https
22848008/tcp open http
2285
2286Nmap done: 1 IP address (1 host up) scanned in 74.54 seconds
2287#######################################################################################################################################
2288Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 17:32 EST
2289Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
2290Host is up (0.31s latency).
2291Not shown: 2 filtered ports
2292PORT STATE SERVICE
229353/udp open|filtered domain
229467/udp open|filtered dhcps
229568/udp open|filtered dhcpc
229669/udp open|filtered tftp
229788/udp open|filtered kerberos-sec
2298123/udp open|filtered ntp
2299139/udp open|filtered netbios-ssn
2300161/udp open|filtered snmp
2301162/udp open|filtered snmptrap
2302389/udp open|filtered ldap
2303500/udp open|filtered isakmp
2304520/udp open|filtered route
23052049/udp open|filtered nfs
2306
2307Nmap done: 1 IP address (1 host up) scanned in 6.63 seconds
2308#######################################################################################################################################
2309HTTP/1.1 403 Forbidden
2310Date: Sat, 30 Nov 2019 22:32:34 GMT
2311Server: Apache
2312Content-Type: text/html; charset=iso-8859-1
2313#######################################################################################################################################
2314http://212.102.11.4 [403 Forbidden] Apache, Country[SAUDI ARABIA][SA], HTTPServer[Apache], IP[212.102.11.4], Title[403 Forbidden]
2315######################################################################################################################################
2316
2317wig - WebApp Information Gatherer
2318
2319
2320Scanning http://212.102.11.4...
2321_____________________ SITE INFO ______________________
2322IP Title
2323212.102.11.4 403 Forbidden
2324
2325______________________ VERSION _______________________
2326Name Versions Type
2327Apache Platform
2328
2329____________________ INTERESTING _____________________
2330URL Note Type
2331/readme.html Readme file Interesting
2332/install.php Installation file Interesting
2333/test.php Test file Interesting
2334
2335______________________________________________________
2336Time: 74.3 sec Urls: 599 Fingerprints: 40401
2337#######################################################################################################################################
2338Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 17:34 EST
2339NSE: Loaded 163 scripts for scanning.
2340NSE: Script Pre-scanning.
2341Initiating NSE at 17:34
2342Completed NSE at 17:34, 0.00s elapsed
2343Initiating NSE at 17:34
2344Completed NSE at 17:34, 0.00s elapsed
2345Initiating Parallel DNS resolution of 1 host. at 17:34
2346Completed Parallel DNS resolution of 1 host. at 17:34, 0.02s elapsed
2347Initiating SYN Stealth Scan at 17:34
2348Scanning AxPri.shabakah.net.sa (212.102.11.4) [1 port]
2349Discovered open port 80/tcp on 212.102.11.4
2350Completed SYN Stealth Scan at 17:34, 0.47s elapsed (1 total ports)
2351Initiating Service scan at 17:34
2352Scanning 1 service on AxPri.shabakah.net.sa (212.102.11.4)
2353Completed Service scan at 17:34, 6.81s elapsed (1 service on 1 host)
2354Initiating OS detection (try #1) against AxPri.shabakah.net.sa (212.102.11.4)
2355Retrying OS detection (try #2) against AxPri.shabakah.net.sa (212.102.11.4)
2356Initiating Traceroute at 17:34
2357Completed Traceroute at 17:34, 3.26s elapsed
2358Initiating Parallel DNS resolution of 16 hosts. at 17:34
2359Completed Parallel DNS resolution of 16 hosts. at 17:34, 0.49s elapsed
2360NSE: Script scanning 212.102.11.4.
2361Initiating NSE at 17:34
2362NSE: [http-wordpress-enum 212.102.11.4:80] got no answers from pipelined queries
2363Completed NSE at 17:36, 137.14s elapsed
2364Initiating NSE at 17:36
2365Completed NSE at 17:36, 1.96s elapsed
2366Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
2367Host is up (0.43s latency).
2368
2369PORT STATE SERVICE VERSION
237080/tcp open http Apache httpd (ASP.NET)
2371| http-brute:
2372|_ Path "/" does not require authentication
2373|_http-chrono: Request times for /; avg: 1856.23ms; min: 1766.17ms; max: 1885.59ms
2374|_http-csrf: Couldn't find any CSRF vulnerabilities.
2375|_http-date: Sat, 30 Nov 2019 22:34:34 GMT; 0s from local time.
2376|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
2377|_http-dombased-xss: Couldn't find any DOM based XSS.
2378|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
2379|_http-errors: ERROR: Script execution failed (use -d to debug)
2380|_http-feed: Couldn't find any feeds.
2381|_http-fetch: Please enter the complete path of the directory to save data in.
2382| http-headers:
2383| Date: Sat, 30 Nov 2019 22:35:13 GMT
2384| Server: Apache
2385| Content-Length: 209
2386| Connection: close
2387| Content-Type: text/html; charset=iso-8859-1
2388|
2389|_ (Request type: GET)
2390|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2391|_http-mobileversion-checker: No mobile version detected.
2392|_http-security-headers:
2393|_http-server-header: Apache
2394| http-sitemap-generator:
2395| Directory structure:
2396| Longest directory structure:
2397| Depth: 0
2398| Dir: /
2399| Total files found (by extension):
2400|_
2401|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2402|_http-title: 403 Forbidden
2403| http-vhosts:
2404|_127 names had status 403
2405|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
2406|_http-xssed: No previously reported XSS vuln.
2407| vulscan: VulDB - https://vuldb.com:
2408| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2409| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2410| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2411| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2412| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2413| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2414| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2415| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2416| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2417| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2418| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2419| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2420| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2421| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2422| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2423| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2424| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2425| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2426| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2427| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2428| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2429| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2430| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2431| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2432| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2433| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2434| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2435| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2436| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2437| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2438| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2439| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2440| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2441| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2442| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2443| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2444| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2445| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2446| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2447| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2448| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2449| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2450| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2451| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2452| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2453| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2454| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2455| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2456| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2457| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2458| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2459| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2460| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2461| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2462| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2463| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2464| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2465| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2466| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2467| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2468| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2469| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2470| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2471| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2472| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2473| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2474| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2475| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2476| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2477| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2478| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2479| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2480| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2481| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2482| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2483| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2484| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2485| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2486| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2487| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2488| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2489| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2490| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2491| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2492| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2493| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2494| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2495| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2496| [136370] Apache Fineract up to 1.2.x sql injection
2497| [136369] Apache Fineract up to 1.2.x sql injection
2498| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2499| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2500| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2501| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2502| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2503| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2504| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2505| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2506| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2507| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2508| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2509| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2510| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2511| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2512| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2513| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2514| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2515| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2516| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2517| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2518| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2519| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2520| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2521| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2522| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2523| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2524| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2525| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2526| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2527| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2528| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2529| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2530| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2531| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2532| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2533| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2534| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2535| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2536| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2537| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2538| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2539| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2540| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2541| [130629] Apache Guacamole Cookie Flag weak encryption
2542| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2543| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2544| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2545| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2546| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2547| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2548| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2549| [130123] Apache Airflow up to 1.8.2 information disclosure
2550| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2551| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2552| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2553| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2554| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2555| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2556| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2557| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2558| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2559| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2560| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2561| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2562| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2563| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2564| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2565| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2566| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2567| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2568| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2569| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2570| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2571| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2572| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2573| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2574| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2575| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2576| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2577| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2578| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2579| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2580| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2581| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2582| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2583| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2584| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2585| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2586| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2587| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2588| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2589| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2590| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2591| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2592| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2593| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2594| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2595| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2596| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2597| [127007] Apache Spark Request Code Execution
2598| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2599| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2600| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2601| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2602| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2603| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2604| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2605| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2606| [126346] Apache Tomcat Path privilege escalation
2607| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2608| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2609| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2610| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2611| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2612| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2613| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2614| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2615| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2616| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2617| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2618| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2619| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2620| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2621| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2622| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2623| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2624| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2625| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2626| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2627| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2628| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2629| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2630| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2631| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2632| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2633| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2634| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2635| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2636| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2637| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2638| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2639| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2640| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2641| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2642| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2643| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2644| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2645| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2646| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2647| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2648| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2649| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2650| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2651| [123197] Apache Sentry up to 2.0.0 privilege escalation
2652| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2653| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2654| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2655| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2656| [122800] Apache Spark 1.3.0 REST API weak authentication
2657| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2658| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2659| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2660| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2661| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2662| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2663| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2664| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2665| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2666| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2667| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2668| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2669| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2670| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2671| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2672| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2673| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2674| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2675| [121354] Apache CouchDB HTTP API Code Execution
2676| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2677| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2678| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2679| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2680| [120168] Apache CXF weak authentication
2681| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2682| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2683| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2684| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2685| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2686| [119306] Apache MXNet Network Interface privilege escalation
2687| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2688| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2689| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2690| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2691| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2692| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2693| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2694| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2695| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2696| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2697| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2698| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2699| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2700| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2701| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2702| [117115] Apache Tika up to 1.17 tika-server command injection
2703| [116929] Apache Fineract getReportType Parameter privilege escalation
2704| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2705| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2706| [116926] Apache Fineract REST Parameter privilege escalation
2707| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2708| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2709| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2710| [115883] Apache Hive up to 2.3.2 privilege escalation
2711| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2712| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2713| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2714| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2715| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2716| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2717| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2718| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2719| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2720| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2721| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2722| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2723| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2724| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2725| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2726| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2727| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2728| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2729| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2730| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2731| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2732| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2733| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2734| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2735| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2736| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2737| [113895] Apache Geode up to 1.3.x Code Execution
2738| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2739| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2740| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2741| [113747] Apache Tomcat Servlets privilege escalation
2742| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2743| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2744| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2745| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2746| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2747| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2748| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2749| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2750| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2751| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2752| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2753| [112885] Apache Allura up to 1.8.0 File information disclosure
2754| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2755| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2756| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2757| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2758| [112625] Apache POI up to 3.16 Loop denial of service
2759| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2760| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2761| [112339] Apache NiFi 1.5.0 Header privilege escalation
2762| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2763| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2764| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2765| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2766| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2767| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2768| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2769| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2770| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2771| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2772| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2773| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2774| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2775| [112114] Oracle 9.1 Apache Log4j privilege escalation
2776| [112113] Oracle 9.1 Apache Log4j privilege escalation
2777| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2778| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2779| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2780| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2781| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2782| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2783| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2784| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2785| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2786| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2787| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2788| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2789| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2790| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2791| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2792| [110701] Apache Fineract Query Parameter sql injection
2793| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2794| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2795| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2796| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2797| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2798| [110106] Apache CXF Fediz Spring cross site request forgery
2799| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2800| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2801| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2802| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2803| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2804| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2805| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2806| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2807| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2808| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2809| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2810| [108938] Apple macOS up to 10.13.1 apache denial of service
2811| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2812| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2813| [108935] Apple macOS up to 10.13.1 apache denial of service
2814| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2815| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2816| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2817| [108931] Apple macOS up to 10.13.1 apache denial of service
2818| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2819| [108929] Apple macOS up to 10.13.1 apache denial of service
2820| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2821| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2822| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2823| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2824| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2825| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2826| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2827| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2828| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2829| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2830| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2831| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2832| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2833| [108782] Apache Xerces2 XML Service denial of service
2834| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2835| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2836| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2837| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2838| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2839| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2840| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2841| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2842| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2843| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2844| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2845| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2846| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2847| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2848| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2849| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2850| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2851| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2852| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2853| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2854| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2855| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2856| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2857| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2858| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2859| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2860| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2861| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2862| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2863| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2864| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2865| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2866| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2867| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2868| [107639] Apache NiFi 1.4.0 XML External Entity
2869| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2870| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2871| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2872| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2873| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2874| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2875| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2876| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2877| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2878| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2879| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2880| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2881| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2882| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2883| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2884| [107084] Apache Struts up to 2.3.19 cross site scripting
2885| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2886| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2887| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2888| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2889| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2890| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2891| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2892| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2893| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2894| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2895| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2896| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2897| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2898| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2899| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2900| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2901| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2902| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2903| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2904| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2905| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2906| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2907| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2908| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2909| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2910| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2911| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2912| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2913| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2914| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2915| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2916| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2917| [105643] Apache Pony Mail up to 0.8b weak authentication
2918| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2919| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2920| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2921| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2922| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2923| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2924| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2925| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2926| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2927| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2928| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2929| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2930| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2931| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2932| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2933| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2934| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2935| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2936| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2937| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2938| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2939| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2940| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2941| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2942| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2943| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2944| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2945| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2946| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2947| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2948| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2949| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2950| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2951| [103690] Apache OpenMeetings 1.0.0 sql injection
2952| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2953| [103688] Apache OpenMeetings 1.0.0 weak encryption
2954| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2955| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2956| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2957| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2958| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2959| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2960| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2961| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2962| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2963| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2964| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2965| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2966| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2967| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2968| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2969| [103352] Apache Solr Node weak authentication
2970| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2971| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2972| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2973| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2974| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2975| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2976| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2977| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2978| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2979| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2980| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2981| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2982| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2983| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2984| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2985| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2986| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2987| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2988| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2989| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2990| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2991| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2992| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2993| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2994| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2995| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2996| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2997| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2998| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2999| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3000| [99937] Apache Batik up to 1.8 privilege escalation
3001| [99936] Apache FOP up to 2.1 privilege escalation
3002| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3003| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3004| [99930] Apache Traffic Server up to 6.2.0 denial of service
3005| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3006| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3007| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3008| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3009| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3010| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3011| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3012| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3013| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3014| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3015| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3016| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3017| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3018| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3019| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3020| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3021| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3022| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3023| [98605] Apple macOS up to 10.12.3 Apache denial of service
3024| [98604] Apple macOS up to 10.12.3 Apache denial of service
3025| [98603] Apple macOS up to 10.12.3 Apache denial of service
3026| [98602] Apple macOS up to 10.12.3 Apache denial of service
3027| [98601] Apple macOS up to 10.12.3 Apache denial of service
3028| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3029| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3030| [98199] Apache Camel Validation XML External Entity
3031| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3032| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3033| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3034| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3035| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3036| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3037| [97081] Apache Tomcat HTTPS Request denial of service
3038| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3039| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3040| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3041| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3042| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3043| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3044| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3045| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3046| [95311] Apache Storm UI Daemon privilege escalation
3047| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3048| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3049| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3050| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3051| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3052| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3053| [94540] Apache Tika 1.9 tika-server File information disclosure
3054| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3055| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3056| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3057| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3058| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3059| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3060| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3061| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3062| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3063| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3064| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3065| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3066| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3067| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3068| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3069| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3070| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3071| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3072| [93532] Apache Commons Collections Library Java privilege escalation
3073| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3074| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3075| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3076| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3077| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3078| [93098] Apache Commons FileUpload privilege escalation
3079| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3080| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3081| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3082| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3083| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3084| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3085| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3086| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3087| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3088| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3089| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3090| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3091| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3092| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3093| [92549] Apache Tomcat on Red Hat privilege escalation
3094| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3095| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3096| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3097| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3098| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3099| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3100| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3101| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3102| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3103| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3104| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3105| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3106| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3107| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3108| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3109| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3110| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3111| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3112| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3113| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3114| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3115| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3116| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3117| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3118| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3119| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3120| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
3121| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
3122| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
3123| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
3124| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
3125| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
3126| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
3127| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
3128| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
3129| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
3130| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
3131| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
3132| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
3133| [90263] Apache Archiva Header denial of service
3134| [90262] Apache Archiva Deserialize privilege escalation
3135| [90261] Apache Archiva XML DTD Connection privilege escalation
3136| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
3137| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3138| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
3139| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
3140| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3141| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3142| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
3143| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
3144| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
3145| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
3146| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
3147| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
3148| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
3149| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
3150| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
3151| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
3152| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
3153| [87765] Apache James Server 2.3.2 Command privilege escalation
3154| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
3155| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
3156| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
3157| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
3158| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
3159| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
3160| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
3161| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
3162| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
3163| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3164| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3165| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
3166| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
3167| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
3168| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3169| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3170| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
3171| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
3172| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
3173| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
3174| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
3175| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
3176| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
3177| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
3178| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
3179| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
3180| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
3181| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
3182| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
3183| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
3184| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
3185| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
3186| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
3187| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
3188| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
3189| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
3190| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
3191| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
3192| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
3193| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
3194| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
3195| [82076] Apache Ranger up to 0.5.1 privilege escalation
3196| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
3197| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
3198| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
3199| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
3200| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
3201| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
3202| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
3203| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
3204| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
3205| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
3206| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
3207| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
3208| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3209| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3210| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
3211| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
3212| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
3213| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
3214| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
3215| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
3216| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
3217| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
3218| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
3219| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
3220| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
3221| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
3222| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
3223| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
3224| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
3225| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
3226| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
3227| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
3228| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
3229| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
3230| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
3231| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
3232| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
3233| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
3234| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
3235| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3236| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3237| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3238| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3239| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3240| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3241| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3242| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3243| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3244| [78989] Apache Ambari up to 2.1.1 Open Redirect
3245| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3246| [78987] Apache Ambari up to 2.0.x cross site scripting
3247| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3248| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3249| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3250| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3251| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3252| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3253| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3254| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3255| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3256| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3257| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
3258| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
3259| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
3260| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
3261| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
3262| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
3263| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
3264| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
3265| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
3266| [76567] Apache Struts 2.3.20 unknown vulnerability
3267| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
3268| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
3269| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3270| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
3271| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
3272| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
3273| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
3274| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
3275| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
3276| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
3277| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
3278| [74793] Apache Tomcat File Upload denial of service
3279| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
3280| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
3281| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
3282| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
3283| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
3284| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
3285| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
3286| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
3287| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
3288| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
3289| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
3290| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
3291| [74468] Apache Batik up to 1.6 denial of service
3292| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
3293| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
3294| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3295| [74174] Apache WSS4J up to 2.0.0 privilege escalation
3296| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
3297| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
3298| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
3299| [73731] Apache XML Security unknown vulnerability
3300| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
3301| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
3302| [73593] Apache Traffic Server up to 5.1.0 denial of service
3303| [73511] Apache POI up to 3.10 Deadlock denial of service
3304| [73510] Apache Solr up to 4.3.0 cross site scripting
3305| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
3306| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
3307| [73173] Apache CloudStack Stack-Based unknown vulnerability
3308| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
3309| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
3310| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3311| [72890] Apache Qpid 0.30 unknown vulnerability
3312| [72887] Apache Hive 0.13.0 File Permission privilege escalation
3313| [72878] Apache Cordova 3.5.0 cross site request forgery
3314| [72877] Apache Cordova 3.5.0 cross site request forgery
3315| [72876] Apache Cordova 3.5.0 cross site request forgery
3316| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3317| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
3318| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
3319| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
3320| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3321| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3322| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
3323| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
3324| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
3325| [71629] Apache Axis2/C spoofing
3326| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
3327| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
3328| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
3329| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
3330| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
3331| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
3332| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
3333| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
3334| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
3335| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
3336| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
3337| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
3338| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
3339| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
3340| [70809] Apache POI up to 3.11 Crash denial of service
3341| [70808] Apache POI up to 3.10 unknown vulnerability
3342| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
3343| [70749] Apache Axis up to 1.4 getCN spoofing
3344| [70701] Apache Traffic Server up to 3.3.5 denial of service
3345| [70700] Apache OFBiz up to 12.04.03 cross site scripting
3346| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
3347| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
3348| [70661] Apache Subversion up to 1.6.17 denial of service
3349| [70660] Apache Subversion up to 1.6.17 spoofing
3350| [70659] Apache Subversion up to 1.6.17 spoofing
3351| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
3352| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
3353| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
3354| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
3355| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
3356| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
3357| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
3358| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
3359| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
3360| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
3361| [69846] Apache HBase up to 0.94.8 information disclosure
3362| [69783] Apache CouchDB up to 1.2.0 memory corruption
3363| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
3364| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3365| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3366| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
3367| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3368| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3369| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3370| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3371| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3372| [69431] Apache Archiva up to 1.3.6 cross site scripting
3373| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3374| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3375| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3376| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3377| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3378| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3379| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3380| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3381| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3382| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3383| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3384| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3385| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3386| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3387| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3388| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3389| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3390| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3391| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3392| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3393| [66356] Apache Wicket up to 6.8.0 information disclosure
3394| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3395| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3396| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3397| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3398| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3399| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3400| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3401| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3402| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3403| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3404| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3405| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3406| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3407| [65668] Apache Solr 4.0.0 Updater denial of service
3408| [65665] Apache Solr up to 4.3.0 denial of service
3409| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3410| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3411| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3412| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3413| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3414| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3415| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3416| [65410] Apache Struts 2.3.15.3 cross site scripting
3417| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3418| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3419| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3420| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3421| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3422| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3423| [65340] Apache Shindig 2.5.0 information disclosure
3424| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3425| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3426| [10826] Apache Struts 2 File privilege escalation
3427| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3428| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3429| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3430| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3431| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3432| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3433| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3434| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3435| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3436| [64722] Apache XML Security for C++ Heap-based memory corruption
3437| [64719] Apache XML Security for C++ Heap-based memory corruption
3438| [64718] Apache XML Security for C++ verify denial of service
3439| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3440| [64716] Apache XML Security for C++ spoofing
3441| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3442| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3443| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3444| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3445| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3446| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3447| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3448| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3449| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3450| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3451| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3452| [64467] Apache Geronimo 3.0 memory corruption
3453| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3454| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3455| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3456| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3457| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3458| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3459| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3460| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3461| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3462| [8873] Apache Struts 2.3.14 privilege escalation
3463| [8872] Apache Struts 2.3.14 privilege escalation
3464| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3465| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3466| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3467| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3468| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3469| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3470| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3471| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3472| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3473| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3474| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3475| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3476| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3477| [8427] Apache Tomcat Session Transaction weak authentication
3478| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3479| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3480| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3481| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3482| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3483| [63747] Apache Rave up to 0.20 User Account information disclosure
3484| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3485| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3486| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3487| [7687] Apache CXF up to 2.7.2 Token weak authentication
3488| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3489| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3490| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3491| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3492| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3493| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3494| [63090] Apache Tomcat up to 4.1.24 denial of service
3495| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3496| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3497| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3498| [62833] Apache CXF -/2.6.0 spoofing
3499| [62832] Apache Axis2 up to 1.6.2 spoofing
3500| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3501| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3502| [62826] Apache Libcloud up to 0.11.0 spoofing
3503| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3504| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3505| [62661] Apache Axis2 unknown vulnerability
3506| [62658] Apache Axis2 unknown vulnerability
3507| [62467] Apache Qpid up to 0.17 denial of service
3508| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3509| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3510| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3511| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3512| [62035] Apache Struts up to 2.3.4 denial of service
3513| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3514| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3515| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3516| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3517| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3518| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3519| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3520| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3521| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3522| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3523| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3524| [61229] Apache Sling up to 2.1.1 denial of service
3525| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3526| [61094] Apache Roller up to 5.0 cross site scripting
3527| [61093] Apache Roller up to 5.0 cross site request forgery
3528| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3529| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3530| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3531| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3532| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3533| [60708] Apache Qpid 0.12 unknown vulnerability
3534| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3535| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3536| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3537| [4882] Apache Wicket up to 1.5.4 directory traversal
3538| [4881] Apache Wicket up to 1.4.19 cross site scripting
3539| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3540| [60352] Apache Struts up to 2.2.3 memory corruption
3541| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3542| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3543| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3544| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3545| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3546| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3547| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3548| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3549| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3550| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3551| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3552| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3553| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3554| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3555| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3556| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3557| [59888] Apache Tomcat up to 6.0.6 denial of service
3558| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3559| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3560| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3561| [59850] Apache Geronimo up to 2.2.1 denial of service
3562| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3563| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3564| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3565| [58413] Apache Tomcat up to 6.0.10 spoofing
3566| [58381] Apache Wicket up to 1.4.17 cross site scripting
3567| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3568| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3569| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3570| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3571| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3572| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3573| [57568] Apache Archiva up to 1.3.4 cross site scripting
3574| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3575| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3576| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3577| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3578| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3579| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3580| [57025] Apache Tomcat up to 7.0.11 information disclosure
3581| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3582| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3583| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3584| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3585| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3586| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3587| [56512] Apache Continuum up to 1.4.0 cross site scripting
3588| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3589| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3590| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3591| [56441] Apache Tomcat up to 7.0.6 denial of service
3592| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3593| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3594| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3595| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3596| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3597| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3598| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3599| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3600| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3601| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3602| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3603| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3604| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3605| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3606| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3607| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3608| [54012] Apache Tomcat up to 6.0.10 denial of service
3609| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3610| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3611| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3612| [52894] Apache Tomcat up to 6.0.7 information disclosure
3613| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3614| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3615| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3616| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3617| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3618| [52584] Apache CouchDB up to 0.10.1 information disclosure
3619| [51757] Apache HTTP Server 2.0.44 cross site scripting
3620| [51756] Apache HTTP Server 2.0.44 spoofing
3621| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3622| [51690] Apache Tomcat up to 6.0 directory traversal
3623| [51689] Apache Tomcat up to 6.0 information disclosure
3624| [51688] Apache Tomcat up to 6.0 directory traversal
3625| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3626| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3627| [50626] Apache Solr 1.0.0 cross site scripting
3628| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3629| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3630| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3631| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3632| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3633| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3634| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3635| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3636| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3637| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3638| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3639| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3640| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3641| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3642| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3643| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3644| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3645| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3646| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3647| [47214] Apachefriends xampp 1.6.8 spoofing
3648| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3649| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3650| [47065] Apache Tomcat 4.1.23 cross site scripting
3651| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3652| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3653| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3654| [86625] Apache Struts directory traversal
3655| [44461] Apache Tomcat up to 5.5.0 information disclosure
3656| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3657| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3658| [43663] Apache Tomcat up to 6.0.16 directory traversal
3659| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3660| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3661| [43516] Apache Tomcat up to 4.1.20 directory traversal
3662| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3663| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3664| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3665| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3666| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3667| [40924] Apache Tomcat up to 6.0.15 information disclosure
3668| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3669| [40922] Apache Tomcat up to 6.0 information disclosure
3670| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3671| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3672| [40656] Apache Tomcat 5.5.20 information disclosure
3673| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3674| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3675| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3676| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3677| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3678| [40234] Apache Tomcat up to 6.0.15 directory traversal
3679| [40221] Apache HTTP Server 2.2.6 information disclosure
3680| [40027] David Castro Apache Authcas 0.4 sql injection
3681| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3682| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3683| [3414] Apache Tomcat WebDAV Stored privilege escalation
3684| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3685| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3686| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3687| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3688| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3689| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3690| [38524] Apache Geronimo 2.0 unknown vulnerability
3691| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3692| [38331] Apache Tomcat 4.1.24 information disclosure
3693| [38330] Apache Tomcat 4.1.24 information disclosure
3694| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3695| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3696| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3697| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3698| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3699| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3700| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3701| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3702| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3703| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3704| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3705| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3706| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3707| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3708| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3709| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3710| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3711| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3712| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3713| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3714| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3715| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3716| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3717| [34252] Apache HTTP Server denial of service
3718| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3719| [33877] Apache Opentaps 0.9.3 cross site scripting
3720| [33876] Apache Open For Business Project unknown vulnerability
3721| [33875] Apache Open For Business Project cross site scripting
3722| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3723| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3724|
3725| MITRE CVE - https://cve.mitre.org:
3726| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3727| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3728| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3729| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3730| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3731| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3732| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3733| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3734| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3735| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3736| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3737| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3738| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3739| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3740| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3741| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3742| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3743| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3744| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3745| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3746| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3747| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3748| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3749| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3750| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3751| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3752| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3753| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3754| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3755| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3756| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3757| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3758| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3759| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3760| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3761| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3762| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3763| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3764| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3765| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3766| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3767| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3768| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3769| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3770| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3771| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3772| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3773| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3774| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3775| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3776| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3777| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3778| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3779| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3780| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3781| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3782| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3783| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3784| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3785| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3786| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3787| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3788| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3789| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3790| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3791| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3792| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3793| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3794| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3795| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3796| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3797| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3798| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3799| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3800| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3801| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3802| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3803| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3804| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3805| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3806| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3807| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3808| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3809| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3810| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3811| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3812| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3813| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3814| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3815| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3816| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3817| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3818| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3819| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3820| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3821| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3822| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3823| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3824| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3825| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3826| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3827| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3828| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3829| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3830| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3831| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3832| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3833| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3834| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3835| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3836| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3837| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3838| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3839| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3840| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3841| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3842| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3843| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3844| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3845| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3846| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3847| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3848| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3849| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3850| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3851| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3852| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3853| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3854| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3855| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3856| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3857| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3858| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3859| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3860| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3861| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3862| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3863| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3864| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3865| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3866| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3867| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3868| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3869| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3870| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3871| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3872| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3873| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3874| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3875| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3876| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3877| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3878| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3879| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3880| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3881| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3882| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3883| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3884| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3885| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3886| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3887| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3888| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3889| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3890| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3891| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3892| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3893| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3894| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3895| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3896| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3897| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3898| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3899| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3900| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3901| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3902| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3903| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3904| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3905| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3906| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3907| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3908| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3909| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3910| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3911| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3912| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3913| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3914| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3915| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3916| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3917| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3918| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3919| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3920| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3921| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3922| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3923| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3924| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3925| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3926| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3927| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3928| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3929| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3930| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3931| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3932| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3933| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3934| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3935| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3936| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3937| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3938| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3939| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3940| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3941| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3942| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3943| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3944| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3945| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3946| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3947| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3948| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3949| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3950| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3951| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3952| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3953| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3954| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3955| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3956| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3957| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3958| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3959| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3960| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3961| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3962| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3963| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3964| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3965| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3966| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3967| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3968| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3969| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3970| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3971| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3972| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3973| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3974| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3975| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3976| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3977| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3978| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3979| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3980| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3981| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3982| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3983| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3984| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3985| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3986| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3987| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3988| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3989| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3990| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3991| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3992| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3993| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3994| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3995| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3996| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3997| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3998| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3999| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4000| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4001| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4002| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4003| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4004| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4005| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4006| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4007| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4008| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4009| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4010| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4011| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4012| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4013| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4014| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4015| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4016| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4017| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4018| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4019| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4020| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4021| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4022| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4023| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4024| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4025| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4026| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4027| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4028| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4029| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4030| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4031| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4032| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4033| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4034| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4035| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4036| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4037| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4038| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4039| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4040| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4041| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4042| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4043| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4044| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4045| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4046| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4047| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4048| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4049| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4050| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4051| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4052| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4053| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4054| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4055| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4056| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4057| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4058| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4059| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4060| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4061| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4062| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4063| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4064| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4065| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4066| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4067| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4068| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4069| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4070| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4071| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4072| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4073| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4074| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4075| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4076| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4077| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4078| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4079| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4080| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4081| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4082| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4083| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4084| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4085| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4086| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4087| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4088| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4089| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4090| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4091| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4092| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4093| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4094| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4095| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4096| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4097| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4098| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4099| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4100| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4101| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4102| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4103| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4104| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4105| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4106| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4107| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4108| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4109| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4110| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4111| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4112| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4113| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4114| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4115| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4116| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4117| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4118| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4119| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4120| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
4121| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4122| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4123| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
4124| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
4125| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
4126| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
4127| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
4128| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
4129| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4130| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
4131| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
4132| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4133| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
4134| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
4135| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
4136| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
4137| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
4138| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4139| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
4140| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
4141| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
4142| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
4143| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4144| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4145| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
4146| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
4147| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
4148| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4149| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
4150| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
4151| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
4152| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
4153| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4154| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
4155| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
4156| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4157| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
4158| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
4159| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
4160| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
4161| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
4162| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4163| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
4164| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
4165| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
4166| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
4167| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4168| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4169| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4170| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4171| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
4172| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
4173| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
4174| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
4175| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4176| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4177| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
4178| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
4179| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4180| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4181| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4182| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
4183| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
4184| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
4185| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
4186| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4187| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4188| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
4189| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
4190| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
4191| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4192| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4193| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
4194| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
4195| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
4196| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
4197| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
4198| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4199| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
4200| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
4201| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
4202| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4203| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
4204| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
4205| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
4206| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
4207| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
4208| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
4209| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
4210| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
4211| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4212| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
4213| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4214| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4215| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
4216| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
4217| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
4218| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
4219| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4220| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4221| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
4222| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4223| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
4224| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
4225| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
4226| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
4227| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4228| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
4229| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
4230| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
4231| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
4232| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4233| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
4234| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
4235| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4236| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4237| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4238| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4239| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4240| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4241| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4242| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4243| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4244| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4245| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4246| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4247| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4248| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4249| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4250| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4251| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4252| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4253| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4254| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4255| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4256| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4257| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
4258| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
4259| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4260| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4261| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4262| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
4263| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4264| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4265| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4266| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4267| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4268| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
4269| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4270| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4271| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4272| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
4273| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
4274| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
4275| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
4276| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
4277| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4278| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4279| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
4280| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
4281| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
4282| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4283| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
4284| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4285| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
4286| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
4287| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4288| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4289| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4290| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4291| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
4292| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
4293| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4294| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4295| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
4296| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4297| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
4298| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
4299| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
4300| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
4301| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
4302| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4303| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
4304| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
4305| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
4306| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
4307| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4308| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
4309| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
4310| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
4311| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
4312| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4313| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
4314| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
4315| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
4316| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
4317| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
4318| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
4319| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
4320| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
4321| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
4322| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4323| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4324| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
4325| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
4326| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4327| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
4328| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
4329| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4330| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
4331| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4332| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
4333| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
4334| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
4335|
4336| SecurityFocus - https://www.securityfocus.com/bid/:
4337| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
4338| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
4339| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
4340| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
4341| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
4342| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
4343| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
4344| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
4345| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
4346| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
4347| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
4348| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
4349| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
4350| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
4351| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
4352| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
4353| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
4354| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
4355| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
4356| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
4357| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
4358| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
4359| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4360| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4361| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4362| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4363| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4364| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4365| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4366| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4367| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4368| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4369| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4370| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4371| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4372| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4373| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4374| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4375| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4376| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4377| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4378| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4379| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4380| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4381| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4382| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4383| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4384| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4385| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4386| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4387| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4388| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4389| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4390| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4391| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4392| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4393| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4394| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4395| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4396| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4397| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4398| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4399| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4400| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4401| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4402| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4403| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4404| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4405| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4406| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4407| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4408| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4409| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4410| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4411| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4412| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4413| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4414| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4415| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4416| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4417| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4418| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4419| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4420| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4421| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4422| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4423| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4424| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4425| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4426| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4427| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4428| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4429| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4430| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4431| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4432| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4433| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4434| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4435| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4436| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4437| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4438| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4439| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4440| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4441| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4442| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4443| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4444| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4445| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4446| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4447| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4448| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4449| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4450| [100447] Apache2Triad Multiple Security Vulnerabilities
4451| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4452| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4453| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4454| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4455| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4456| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4457| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4458| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4459| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4460| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4461| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4462| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4463| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4464| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4465| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4466| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4467| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4468| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4469| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4470| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4471| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4472| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4473| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4474| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4475| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4476| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4477| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4478| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4479| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4480| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4481| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4482| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4483| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4484| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4485| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4486| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4487| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4488| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4489| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4490| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4491| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4492| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4493| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4494| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4495| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4496| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4497| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4498| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4499| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4500| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4501| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4502| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4503| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4504| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4505| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4506| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4507| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4508| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4509| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4510| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4511| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4512| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4513| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4514| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4515| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4516| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4517| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4518| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4519| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4520| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4521| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4522| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4523| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4524| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4525| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4526| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4527| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4528| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4529| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4530| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4531| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4532| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4533| [95675] Apache Struts Remote Code Execution Vulnerability
4534| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4535| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4536| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4537| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4538| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4539| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4540| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4541| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4542| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4543| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4544| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4545| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4546| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4547| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4548| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4549| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4550| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4551| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4552| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4553| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4554| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4555| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4556| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4557| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4558| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4559| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4560| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4561| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4562| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4563| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4564| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4565| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4566| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4567| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4568| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4569| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4570| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4571| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4572| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4573| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4574| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4575| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4576| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4577| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4578| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4579| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4580| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4581| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4582| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4583| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4584| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4585| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4586| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4587| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4588| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4589| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4590| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4591| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4592| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4593| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4594| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4595| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4596| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4597| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4598| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4599| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4600| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4601| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4602| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4603| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4604| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4605| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4606| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4607| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4608| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4609| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4610| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4611| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4612| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4613| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4614| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4615| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4616| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4617| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4618| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4619| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4620| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4621| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4622| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4623| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4624| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4625| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4626| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4627| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4628| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4629| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4630| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4631| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4632| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4633| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4634| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4635| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4636| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4637| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4638| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4639| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4640| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4641| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4642| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4643| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4644| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4645| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4646| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4647| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4648| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4649| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4650| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4651| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4652| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4653| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4654| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4655| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4656| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4657| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4658| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4659| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4660| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4661| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4662| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4663| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4664| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4665| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4666| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4667| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4668| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4669| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4670| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4671| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4672| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4673| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4674| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4675| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4676| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4677| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4678| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4679| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4680| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4681| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4682| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4683| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4684| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4685| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4686| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4687| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4688| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4689| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4690| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4691| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4692| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4693| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4694| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4695| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4696| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4697| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4698| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4699| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4700| [76933] Apache James Server Unspecified Command Execution Vulnerability
4701| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4702| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4703| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4704| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4705| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4706| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4707| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4708| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4709| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4710| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4711| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4712| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4713| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4714| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4715| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4716| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4717| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4718| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4719| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4720| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4721| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4722| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4723| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4724| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4725| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4726| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4727| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4728| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4729| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4730| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4731| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4732| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4733| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4734| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4735| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4736| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4737| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4738| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4739| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4740| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4741| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4742| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4743| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4744| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4745| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4746| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4747| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4748| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4749| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4750| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4751| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4752| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4753| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4754| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4755| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4756| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4757| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4758| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4759| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4760| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4761| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4762| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4763| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4764| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4765| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4766| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4767| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4768| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4769| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4770| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4771| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4772| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4773| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4774| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4775| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4776| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4777| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4778| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4779| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4780| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4781| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4782| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4783| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4784| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4785| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4786| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4787| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4788| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4789| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4790| [68229] Apache Harmony PRNG Entropy Weakness
4791| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4792| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4793| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4794| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4795| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4796| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4797| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4798| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4799| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4800| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4801| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4802| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4803| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4804| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4805| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4806| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4807| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4808| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4809| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4810| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4811| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4812| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4813| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4814| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4815| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4816| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4817| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4818| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4819| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4820| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4821| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4822| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4823| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4824| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4825| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4826| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4827| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4828| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4829| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4830| [64780] Apache CloudStack Unauthorized Access Vulnerability
4831| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4832| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4833| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4834| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4835| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4836| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4837| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4838| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4839| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4840| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4841| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4842| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4843| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4844| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4845| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4846| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4847| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4848| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4849| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4850| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4851| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4852| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4853| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4854| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4855| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4856| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4857| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4858| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4859| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4860| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4861| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4862| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4863| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4864| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4865| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4866| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4867| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4868| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4869| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4870| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4871| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4872| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4873| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4874| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4875| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4876| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4877| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4878| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4879| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4880| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4881| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4882| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4883| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4884| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4885| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4886| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4887| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4888| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4889| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4890| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4891| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4892| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4893| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4894| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4895| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4896| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4897| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4898| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4899| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4900| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4901| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4902| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4903| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4904| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4905| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4906| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4907| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4908| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4909| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4910| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4911| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4912| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4913| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4914| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4915| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4916| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4917| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4918| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4919| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4920| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4921| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4922| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4923| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4924| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4925| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4926| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4927| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4928| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4929| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4930| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4931| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4932| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4933| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4934| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4935| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4936| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4937| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4938| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4939| [54798] Apache Libcloud Man In The Middle Vulnerability
4940| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4941| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4942| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4943| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4944| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4945| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4946| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4947| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4948| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4949| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4950| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4951| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4952| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4953| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4954| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4955| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4956| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4957| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4958| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4959| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4960| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4961| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4962| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4963| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4964| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4965| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4966| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4967| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4968| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4969| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4970| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4971| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4972| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4973| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4974| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4975| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4976| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4977| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4978| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4979| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4980| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4981| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4982| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4983| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4984| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4985| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4986| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4987| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4988| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4989| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4990| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4991| [49290] Apache Wicket Cross Site Scripting Vulnerability
4992| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4993| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4994| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4995| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4996| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4997| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4998| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4999| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5000| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5001| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5002| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5003| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5004| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5005| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5006| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5007| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5008| [46953] Apache MPM-ITK Module Security Weakness
5009| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5010| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5011| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5012| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5013| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5014| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5015| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5016| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5017| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5018| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5019| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5020| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5021| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5022| [44616] Apache Shiro Directory Traversal Vulnerability
5023| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5024| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5025| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5026| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5027| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5028| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5029| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5030| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5031| [42492] Apache CXF XML DTD Processing Security Vulnerability
5032| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5033| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5034| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5035| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5036| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5037| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5038| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5039| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5040| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5041| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5042| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5043| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5044| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5045| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5046| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5047| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5048| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5049| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5050| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5051| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5052| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5053| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5054| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5055| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5056| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5057| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5058| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5059| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5060| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5061| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5062| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5063| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5064| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5065| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5066| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5067| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5068| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5069| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5070| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5071| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5072| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5073| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5074| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5075| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5076| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5077| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5078| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5079| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5080| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5081| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5082| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5083| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5084| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5085| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5086| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5087| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5088| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5089| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5090| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5091| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5092| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5093| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5094| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5095| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5096| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5097| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5098| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5099| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5100| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5101| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5102| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5103| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5104| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5105| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5106| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5107| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5108| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5109| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5110| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5111| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5112| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5113| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5114| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5115| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5116| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5117| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5118| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5119| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5120| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
5121| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
5122| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
5123| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
5124| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
5125| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5126| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5127| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
5128| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
5129| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
5130| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5131| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
5132| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5133| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
5134| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5135| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
5136| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
5137| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5138| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
5139| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
5140| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
5141| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
5142| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
5143| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
5144| [20527] Apache Mod_TCL Remote Format String Vulnerability
5145| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5146| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
5147| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
5148| [19106] Apache Tomcat Information Disclosure Vulnerability
5149| [18138] Apache James SMTP Denial Of Service Vulnerability
5150| [17342] Apache Struts Multiple Remote Vulnerabilities
5151| [17095] Apache Log4Net Denial Of Service Vulnerability
5152| [16916] Apache mod_python FileSession Code Execution Vulnerability
5153| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
5154| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
5155| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
5156| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
5157| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
5158| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
5159| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
5160| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
5161| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
5162| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
5163| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
5164| [15177] PHP Apache 2 Local Denial of Service Vulnerability
5165| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
5166| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
5167| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
5168| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
5169| [14106] Apache HTTP Request Smuggling Vulnerability
5170| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
5171| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
5172| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
5173| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
5174| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
5175| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
5176| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
5177| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
5178| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
5179| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5180| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
5181| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
5182| [11471] Apache mod_include Local Buffer Overflow Vulnerability
5183| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
5184| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
5185| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5186| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
5187| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5188| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
5189| [11094] Apache mod_ssl Denial Of Service Vulnerability
5190| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
5191| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
5192| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
5193| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
5194| [10478] ClueCentral Apache Suexec Patch Security Weakness
5195| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
5196| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
5197| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
5198| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
5199| [9921] Apache Connection Blocking Denial Of Service Vulnerability
5200| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
5201| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5202| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
5203| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
5204| [9733] Apache Cygwin Directory Traversal Vulnerability
5205| [9599] Apache mod_php Global Variables Information Disclosure Weakness
5206| [9590] Apache-SSL Client Certificate Forging Vulnerability
5207| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
5208| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
5209| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
5210| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
5211| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
5212| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5213| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
5214| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5215| [8898] Red Hat Apache Directory Index Default Configuration Error
5216| [8883] Apache Cocoon Directory Traversal Vulnerability
5217| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
5218| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
5219| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
5220| [8707] Apache htpasswd Password Entropy Weakness
5221| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
5222| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
5223| [8226] Apache HTTP Server Multiple Vulnerabilities
5224| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5225| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5226| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5227| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5228| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5229| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
5230| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
5231| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
5232| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
5233| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
5234| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5235| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5236| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5237| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5238| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5239| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5240| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5241| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5242| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5243| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5244| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5245| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5246| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5247| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5248| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5249| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5250| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5251| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5252| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5253| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5254| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5255| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5256| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5257| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5258| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5259| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5260| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
5261| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
5262| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
5263| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
5264| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5265| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
5266| [5485] Apache 2.0 Path Disclosure Vulnerability
5267| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5268| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
5269| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
5270| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
5271| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
5272| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
5273| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
5274| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
5275| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
5276| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
5277| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
5278| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
5279| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
5280| [4437] Apache Error Message Cross-Site Scripting Vulnerability
5281| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
5282| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
5283| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
5284| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
5285| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
5286| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
5287| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
5288| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
5289| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
5290| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
5291| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
5292| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
5293| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5294| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5295| [3596] Apache Split-Logfile File Append Vulnerability
5296| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
5297| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
5298| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
5299| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
5300| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
5301| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
5302| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
5303| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
5304| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
5305| [3169] Apache Server Address Disclosure Vulnerability
5306| [3009] Apache Possible Directory Index Disclosure Vulnerability
5307| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
5308| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
5309| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5310| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
5311| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
5312| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
5313| [2216] Apache Web Server DoS Vulnerability
5314| [2182] Apache /tmp File Race Vulnerability
5315| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
5316| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5317| [1821] Apache mod_cookies Buffer Overflow Vulnerability
5318| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
5319| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
5320| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
5321| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
5322| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
5323| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
5324| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
5325| [1457] Apache::ASP source.asp Example Script Vulnerability
5326| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5327| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
5328|
5329| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5330| [86258] Apache CloudStack text fields cross-site scripting
5331| [85983] Apache Subversion mod_dav_svn module denial of service
5332| [85875] Apache OFBiz UEL code execution
5333| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
5334| [85871] Apache HTTP Server mod_session_dbd unspecified
5335| [85756] Apache Struts OGNL expression command execution
5336| [85755] Apache Struts DefaultActionMapper class open redirect
5337| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
5338| [85574] Apache HTTP Server mod_dav denial of service
5339| [85573] Apache Struts Showcase App OGNL code execution
5340| [85496] Apache CXF denial of service
5341| [85423] Apache Geronimo RMI classloader code execution
5342| [85326] Apache Santuario XML Security for C++ buffer overflow
5343| [85323] Apache Santuario XML Security for Java spoofing
5344| [85319] Apache Qpid Python client SSL spoofing
5345| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
5346| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
5347| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
5348| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
5349| [84952] Apache Tomcat CVE-2012-3544 denial of service
5350| [84763] Apache Struts CVE-2013-2135 security bypass
5351| [84762] Apache Struts CVE-2013-2134 security bypass
5352| [84719] Apache Subversion CVE-2013-2088 command execution
5353| [84718] Apache Subversion CVE-2013-2112 denial of service
5354| [84717] Apache Subversion CVE-2013-1968 denial of service
5355| [84577] Apache Tomcat security bypass
5356| [84576] Apache Tomcat symlink
5357| [84543] Apache Struts CVE-2013-2115 security bypass
5358| [84542] Apache Struts CVE-2013-1966 security bypass
5359| [84154] Apache Tomcat session hijacking
5360| [84144] Apache Tomcat denial of service
5361| [84143] Apache Tomcat information disclosure
5362| [84111] Apache HTTP Server command execution
5363| [84043] Apache Virtual Computing Lab cross-site scripting
5364| [84042] Apache Virtual Computing Lab cross-site scripting
5365| [83782] Apache CloudStack information disclosure
5366| [83781] Apache CloudStack security bypass
5367| [83720] Apache ActiveMQ cross-site scripting
5368| [83719] Apache ActiveMQ denial of service
5369| [83718] Apache ActiveMQ denial of service
5370| [83263] Apache Subversion denial of service
5371| [83262] Apache Subversion denial of service
5372| [83261] Apache Subversion denial of service
5373| [83259] Apache Subversion denial of service
5374| [83035] Apache mod_ruid2 security bypass
5375| [82852] Apache Qpid federation_tag security bypass
5376| [82851] Apache Qpid qpid::framing::Buffer denial of service
5377| [82758] Apache Rave User RPC API information disclosure
5378| [82663] Apache Subversion svn_fs_file_length() denial of service
5379| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5380| [82641] Apache Qpid AMQP denial of service
5381| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5382| [82618] Apache Commons FileUpload symlink
5383| [82360] Apache HTTP Server manager interface cross-site scripting
5384| [82359] Apache HTTP Server hostnames cross-site scripting
5385| [82338] Apache Tomcat log/logdir information disclosure
5386| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5387| [82268] Apache OpenJPA deserialization command execution
5388| [81981] Apache CXF UsernameTokens security bypass
5389| [81980] Apache CXF WS-Security security bypass
5390| [81398] Apache OFBiz cross-site scripting
5391| [81240] Apache CouchDB directory traversal
5392| [81226] Apache CouchDB JSONP code execution
5393| [81225] Apache CouchDB Futon user interface cross-site scripting
5394| [81211] Apache Axis2/C SSL spoofing
5395| [81167] Apache CloudStack DeployVM information disclosure
5396| [81166] Apache CloudStack AddHost API information disclosure
5397| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5398| [80518] Apache Tomcat cross-site request forgery security bypass
5399| [80517] Apache Tomcat FormAuthenticator security bypass
5400| [80516] Apache Tomcat NIO denial of service
5401| [80408] Apache Tomcat replay-countermeasure security bypass
5402| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5403| [80317] Apache Tomcat slowloris denial of service
5404| [79984] Apache Commons HttpClient SSL spoofing
5405| [79983] Apache CXF SSL spoofing
5406| [79830] Apache Axis2/Java SSL spoofing
5407| [79829] Apache Axis SSL spoofing
5408| [79809] Apache Tomcat DIGEST security bypass
5409| [79806] Apache Tomcat parseHeaders() denial of service
5410| [79540] Apache OFBiz unspecified
5411| [79487] Apache Axis2 SAML security bypass
5412| [79212] Apache Cloudstack code execution
5413| [78734] Apache CXF SOAP Action security bypass
5414| [78730] Apache Qpid broker denial of service
5415| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5416| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5417| [78562] Apache mod_pagespeed module security bypass
5418| [78454] Apache Axis2 security bypass
5419| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5420| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5421| [78321] Apache Wicket unspecified cross-site scripting
5422| [78183] Apache Struts parameters denial of service
5423| [78182] Apache Struts cross-site request forgery
5424| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5425| [77987] mod_rpaf module for Apache denial of service
5426| [77958] Apache Struts skill name code execution
5427| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5428| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5429| [77568] Apache Qpid broker security bypass
5430| [77421] Apache Libcloud spoofing
5431| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5432| [77046] Oracle Solaris Apache HTTP Server information disclosure
5433| [76837] Apache Hadoop information disclosure
5434| [76802] Apache Sling CopyFrom denial of service
5435| [76692] Apache Hadoop symlink
5436| [76535] Apache Roller console cross-site request forgery
5437| [76534] Apache Roller weblog cross-site scripting
5438| [76152] Apache CXF elements security bypass
5439| [76151] Apache CXF child policies security bypass
5440| [75983] MapServer for Windows Apache file include
5441| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5442| [75558] Apache POI denial of service
5443| [75545] PHP apache_request_headers() buffer overflow
5444| [75302] Apache Qpid SASL security bypass
5445| [75211] Debian GNU/Linux apache 2 cross-site scripting
5446| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5447| [74871] Apache OFBiz FlexibleStringExpander code execution
5448| [74870] Apache OFBiz multiple cross-site scripting
5449| [74750] Apache Hadoop unspecified spoofing
5450| [74319] Apache Struts XSLTResult.java file upload
5451| [74313] Apache Traffic Server header buffer overflow
5452| [74276] Apache Wicket directory traversal
5453| [74273] Apache Wicket unspecified cross-site scripting
5454| [74181] Apache HTTP Server mod_fcgid module denial of service
5455| [73690] Apache Struts OGNL code execution
5456| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5457| [73100] Apache MyFaces in directory traversal
5458| [73096] Apache APR hash denial of service
5459| [73052] Apache Struts name cross-site scripting
5460| [73030] Apache CXF UsernameToken security bypass
5461| [72888] Apache Struts lastName cross-site scripting
5462| [72758] Apache HTTP Server httpOnly information disclosure
5463| [72757] Apache HTTP Server MPM denial of service
5464| [72585] Apache Struts ParameterInterceptor security bypass
5465| [72438] Apache Tomcat Digest security bypass
5466| [72437] Apache Tomcat Digest security bypass
5467| [72436] Apache Tomcat DIGEST security bypass
5468| [72425] Apache Tomcat parameter denial of service
5469| [72422] Apache Tomcat request object information disclosure
5470| [72377] Apache HTTP Server scoreboard security bypass
5471| [72345] Apache HTTP Server HTTP request denial of service
5472| [72229] Apache Struts ExceptionDelegator command execution
5473| [72089] Apache Struts ParameterInterceptor directory traversal
5474| [72088] Apache Struts CookieInterceptor command execution
5475| [72047] Apache Geronimo hash denial of service
5476| [72016] Apache Tomcat hash denial of service
5477| [71711] Apache Struts OGNL expression code execution
5478| [71654] Apache Struts interfaces security bypass
5479| [71620] Apache ActiveMQ failover denial of service
5480| [71617] Apache HTTP Server mod_proxy module information disclosure
5481| [71508] Apache MyFaces EL security bypass
5482| [71445] Apache HTTP Server mod_proxy security bypass
5483| [71203] Apache Tomcat servlets privilege escalation
5484| [71181] Apache HTTP Server ap_pregsub() denial of service
5485| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5486| [70336] Apache HTTP Server mod_proxy information disclosure
5487| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5488| [69472] Apache Tomcat AJP security bypass
5489| [69396] Apache HTTP Server ByteRange filter denial of service
5490| [69394] Apache Wicket multi window support cross-site scripting
5491| [69176] Apache Tomcat XML information disclosure
5492| [69161] Apache Tomcat jsvc information disclosure
5493| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5494| [68541] Apache Tomcat sendfile information disclosure
5495| [68420] Apache XML Security denial of service
5496| [68238] Apache Tomcat JMX information disclosure
5497| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5498| [67804] Apache Subversion control rules information disclosure
5499| [67803] Apache Subversion control rules denial of service
5500| [67802] Apache Subversion baselined denial of service
5501| [67672] Apache Archiva multiple cross-site scripting
5502| [67671] Apache Archiva multiple cross-site request forgery
5503| [67564] Apache APR apr_fnmatch() denial of service
5504| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5505| [67515] Apache Tomcat annotations security bypass
5506| [67480] Apache Struts s:submit information disclosure
5507| [67414] Apache APR apr_fnmatch() denial of service
5508| [67356] Apache Struts javatemplates cross-site scripting
5509| [67354] Apache Struts Xwork cross-site scripting
5510| [66676] Apache Tomcat HTTP BIO information disclosure
5511| [66675] Apache Tomcat web.xml security bypass
5512| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5513| [66241] Apache HttpComponents information disclosure
5514| [66154] Apache Tomcat ServletSecurity security bypass
5515| [65971] Apache Tomcat ServletSecurity security bypass
5516| [65876] Apache Subversion mod_dav_svn denial of service
5517| [65343] Apache Continuum unspecified cross-site scripting
5518| [65162] Apache Tomcat NIO connector denial of service
5519| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5520| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5521| [65159] Apache Tomcat ServletContect security bypass
5522| [65050] Apache CouchDB web-based administration UI cross-site scripting
5523| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5524| [64473] Apache Subversion blame -g denial of service
5525| [64472] Apache Subversion walk() denial of service
5526| [64407] Apache Axis2 CVE-2010-0219 code execution
5527| [63926] Apache Archiva password privilege escalation
5528| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5529| [63493] Apache Archiva credentials cross-site request forgery
5530| [63477] Apache Tomcat HttpOnly session hijacking
5531| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5532| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5533| [62959] Apache Shiro filters security bypass
5534| [62790] Apache Perl cgi module denial of service
5535| [62576] Apache Qpid exchange denial of service
5536| [62575] Apache Qpid AMQP denial of service
5537| [62354] Apache Qpid SSL denial of service
5538| [62235] Apache APR-util apr_brigade_split_line() denial of service
5539| [62181] Apache XML-RPC SAX Parser information disclosure
5540| [61721] Apache Traffic Server cache poisoning
5541| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5542| [61186] Apache CouchDB Futon cross-site request forgery
5543| [61169] Apache CXF DTD denial of service
5544| [61070] Apache Jackrabbit search.jsp SQL injection
5545| [61006] Apache SLMS Quoting cross-site request forgery
5546| [60962] Apache Tomcat time cross-site scripting
5547| [60883] Apache mod_proxy_http information disclosure
5548| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5549| [60264] Apache Tomcat Transfer-Encoding denial of service
5550| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5551| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5552| [59413] Apache mod_proxy_http timeout information disclosure
5553| [59058] Apache MyFaces unencrypted view state cross-site scripting
5554| [58827] Apache Axis2 xsd file include
5555| [58790] Apache Axis2 modules cross-site scripting
5556| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5557| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5558| [58056] Apache ActiveMQ .jsp source code disclosure
5559| [58055] Apache Tomcat realm name information disclosure
5560| [58046] Apache HTTP Server mod_auth_shadow security bypass
5561| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5562| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5563| [57429] Apache CouchDB algorithms information disclosure
5564| [57398] Apache ActiveMQ Web console cross-site request forgery
5565| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5566| [56653] Apache HTTP Server DNS spoofing
5567| [56652] Apache HTTP Server DNS cross-site scripting
5568| [56625] Apache HTTP Server request header information disclosure
5569| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5570| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5571| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5572| [55857] Apache Tomcat WAR files directory traversal
5573| [55856] Apache Tomcat autoDeploy attribute security bypass
5574| [55855] Apache Tomcat WAR directory traversal
5575| [55210] Intuit component for Joomla! Apache information disclosure
5576| [54533] Apache Tomcat 404 error page cross-site scripting
5577| [54182] Apache Tomcat admin default password
5578| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5579| [53666] Apache HTTP Server Solaris pollset support denial of service
5580| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5581| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5582| [53041] mod_proxy_ftp module for Apache denial of service
5583| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5584| [51953] Apache Tomcat Path Disclosure
5585| [51952] Apache Tomcat Path Traversal
5586| [51951] Apache stronghold-status Information Disclosure
5587| [51950] Apache stronghold-info Information Disclosure
5588| [51949] Apache PHP Source Code Disclosure
5589| [51948] Apache Multiviews Attack
5590| [51946] Apache JServ Environment Status Information Disclosure
5591| [51945] Apache error_log Information Disclosure
5592| [51944] Apache Default Installation Page Pattern Found
5593| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5594| [51942] Apache AXIS XML External Entity File Retrieval
5595| [51941] Apache AXIS Sample Servlet Information Leak
5596| [51940] Apache access_log Information Disclosure
5597| [51626] Apache mod_deflate denial of service
5598| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5599| [51365] Apache Tomcat RequestDispatcher security bypass
5600| [51273] Apache HTTP Server Incomplete Request denial of service
5601| [51195] Apache Tomcat XML information disclosure
5602| [50994] Apache APR-util xml/apr_xml.c denial of service
5603| [50993] Apache APR-util apr_brigade_vprintf denial of service
5604| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5605| [50930] Apache Tomcat j_security_check information disclosure
5606| [50928] Apache Tomcat AJP denial of service
5607| [50884] Apache HTTP Server XML ENTITY denial of service
5608| [50808] Apache HTTP Server AllowOverride privilege escalation
5609| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5610| [50059] Apache mod_proxy_ajp information disclosure
5611| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5612| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5613| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5614| [49921] Apache ActiveMQ Web interface cross-site scripting
5615| [49898] Apache Geronimo Services/Repository directory traversal
5616| [49725] Apache Tomcat mod_jk module information disclosure
5617| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5618| [49712] Apache Struts unspecified cross-site scripting
5619| [49213] Apache Tomcat cal2.jsp cross-site scripting
5620| [48934] Apache Tomcat POST doRead method information disclosure
5621| [48211] Apache Tomcat header HTTP request smuggling
5622| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5623| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5624| [47709] Apache Roller "
5625| [47104] Novell Netware ApacheAdmin console security bypass
5626| [47086] Apache HTTP Server OS fingerprinting unspecified
5627| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5628| [45791] Apache Tomcat RemoteFilterValve security bypass
5629| [44435] Oracle WebLogic Apache Connector buffer overflow
5630| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5631| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5632| [44156] Apache Tomcat RequestDispatcher directory traversal
5633| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5634| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5635| [42987] Apache HTTP Server mod_proxy module denial of service
5636| [42915] Apache Tomcat JSP files path disclosure
5637| [42914] Apache Tomcat MS-DOS path disclosure
5638| [42892] Apache Tomcat unspecified unauthorized access
5639| [42816] Apache Tomcat Host Manager cross-site scripting
5640| [42303] Apache 403 error cross-site scripting
5641| [41618] Apache-SSL ExpandCert() authentication bypass
5642| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5643| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5644| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5645| [40562] Apache Geronimo init information disclosure
5646| [40478] Novell Web Manager webadmin-apache.conf security bypass
5647| [40411] Apache Tomcat exception handling information disclosure
5648| [40409] Apache Tomcat native (APR based) connector weak security
5649| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5650| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5651| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5652| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5653| [39804] Apache Tomcat SingleSignOn information disclosure
5654| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5655| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5656| [39608] Apache HTTP Server balancer manager cross-site request forgery
5657| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5658| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5659| [39472] Apache HTTP Server mod_status cross-site scripting
5660| [39201] Apache Tomcat JULI logging weak security
5661| [39158] Apache HTTP Server Windows SMB shares information disclosure
5662| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5663| [38951] Apache::AuthCAS Perl module cookie SQL injection
5664| [38800] Apache HTTP Server 413 error page cross-site scripting
5665| [38211] Apache Geronimo SQLLoginModule authentication bypass
5666| [37243] Apache Tomcat WebDAV directory traversal
5667| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5668| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5669| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5670| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5671| [36782] Apache Geronimo MEJB unauthorized access
5672| [36586] Apache HTTP Server UTF-7 cross-site scripting
5673| [36468] Apache Geronimo LoginModule security bypass
5674| [36467] Apache Tomcat functions.jsp cross-site scripting
5675| [36402] Apache Tomcat calendar cross-site request forgery
5676| [36354] Apache HTTP Server mod_proxy module denial of service
5677| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5678| [36336] Apache Derby lock table privilege escalation
5679| [36335] Apache Derby schema privilege escalation
5680| [36006] Apache Tomcat "
5681| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5682| [35999] Apache Tomcat \"
5683| [35795] Apache Tomcat CookieExample cross-site scripting
5684| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5685| [35384] Apache HTTP Server mod_cache module denial of service
5686| [35097] Apache HTTP Server mod_status module cross-site scripting
5687| [35095] Apache HTTP Server Prefork MPM module denial of service
5688| [34984] Apache HTTP Server recall_headers information disclosure
5689| [34966] Apache HTTP Server MPM content spoofing
5690| [34965] Apache HTTP Server MPM information disclosure
5691| [34963] Apache HTTP Server MPM multiple denial of service
5692| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5693| [34869] Apache Tomcat JSP example Web application cross-site scripting
5694| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5695| [34496] Apache Tomcat JK Connector security bypass
5696| [34377] Apache Tomcat hello.jsp cross-site scripting
5697| [34212] Apache Tomcat SSL configuration security bypass
5698| [34210] Apache Tomcat Accept-Language cross-site scripting
5699| [34209] Apache Tomcat calendar application cross-site scripting
5700| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5701| [34167] Apache Axis WSDL file path disclosure
5702| [34068] Apache Tomcat AJP connector information disclosure
5703| [33584] Apache HTTP Server suEXEC privilege escalation
5704| [32988] Apache Tomcat proxy module directory traversal
5705| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5706| [32708] Debian Apache tty privilege escalation
5707| [32441] ApacheStats extract() PHP call unspecified
5708| [32128] Apache Tomcat default account
5709| [31680] Apache Tomcat RequestParamExample cross-site scripting
5710| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5711| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5712| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5713| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5714| [29550] Apache mod_tcl set_var() format string
5715| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5716| [28357] Apache HTTP Server mod_alias script source information disclosure
5717| [28063] Apache mod_rewrite off-by-one buffer overflow
5718| [27902] Apache Tomcat URL information disclosure
5719| [26786] Apache James SMTP server denial of service
5720| [25680] libapache2 /tmp/svn file upload
5721| [25614] Apache Struts lookupMap cross-site scripting
5722| [25613] Apache Struts ActionForm denial of service
5723| [25612] Apache Struts isCancelled() security bypass
5724| [24965] Apache mod_python FileSession command execution
5725| [24716] Apache James spooler memory leak denial of service
5726| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5727| [24158] Apache Geronimo jsp-examples cross-site scripting
5728| [24030] Apache auth_ldap module multiple format strings
5729| [24008] Apache mod_ssl custom error message denial of service
5730| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5731| [23612] Apache mod_imap referer field cross-site scripting
5732| [23173] Apache Struts error message cross-site scripting
5733| [22942] Apache Tomcat directory listing denial of service
5734| [22858] Apache Multi-Processing Module code allows denial of service
5735| [22602] RHSA-2005:582 updates for Apache httpd not installed
5736| [22520] Apache mod-auth-shadow "
5737| [22466] ApacheTop symlink
5738| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5739| [22006] Apache HTTP Server byte-range filter denial of service
5740| [21567] Apache mod_ssl off-by-one buffer overflow
5741| [21195] Apache HTTP Server header HTTP request smuggling
5742| [20383] Apache HTTP Server htdigest buffer overflow
5743| [19681] Apache Tomcat AJP12 request denial of service
5744| [18993] Apache HTTP server check_forensic symlink attack
5745| [18790] Apache Tomcat Manager cross-site scripting
5746| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5747| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5748| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5749| [17961] Apache Web server ServerTokens has not been set
5750| [17930] Apache HTTP Server HTTP GET request denial of service
5751| [17785] Apache mod_include module buffer overflow
5752| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5753| [17473] Apache HTTP Server Satisfy directive allows access to resources
5754| [17413] Apache htpasswd buffer overflow
5755| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5756| [17382] Apache HTTP Server IPv6 apr_util denial of service
5757| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5758| [17273] Apache HTTP Server speculative mode denial of service
5759| [17200] Apache HTTP Server mod_ssl denial of service
5760| [16890] Apache HTTP Server server-info request has been detected
5761| [16889] Apache HTTP Server server-status request has been detected
5762| [16705] Apache mod_ssl format string attack
5763| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5764| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5765| [16230] Apache HTTP Server PHP denial of service
5766| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5767| [15958] Apache HTTP Server authentication modules memory corruption
5768| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5769| [15540] Apache HTTP Server socket starvation denial of service
5770| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5771| [15422] Apache HTTP Server mod_access information disclosure
5772| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5773| [15293] Apache for Cygwin "
5774| [15065] Apache-SSL has a default password
5775| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5776| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5777| [14751] Apache Mod_python output filter information disclosure
5778| [14125] Apache HTTP Server mod_userdir module information disclosure
5779| [14075] Apache HTTP Server mod_php file descriptor leak
5780| [13703] Apache HTTP Server account
5781| [13689] Apache HTTP Server configuration allows symlinks
5782| [13688] Apache HTTP Server configuration allows SSI
5783| [13687] Apache HTTP Server Server: header value
5784| [13685] Apache HTTP Server ServerTokens value
5785| [13684] Apache HTTP Server ServerSignature value
5786| [13672] Apache HTTP Server config allows directory autoindexing
5787| [13671] Apache HTTP Server default content
5788| [13670] Apache HTTP Server config file directive references outside content root
5789| [13668] Apache HTTP Server httpd not running in chroot environment
5790| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5791| [13664] Apache HTTP Server config file contains ScriptAlias entry
5792| [13663] Apache HTTP Server CGI support modules loaded
5793| [13661] Apache HTTP Server config file contains AddHandler entry
5794| [13660] Apache HTTP Server 500 error page not CGI script
5795| [13659] Apache HTTP Server 413 error page not CGI script
5796| [13658] Apache HTTP Server 403 error page not CGI script
5797| [13657] Apache HTTP Server 401 error page not CGI script
5798| [13552] Apache HTTP Server mod_cgid module information disclosure
5799| [13550] Apache GET request directory traversal
5800| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5801| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5802| [13429] Apache Tomcat non-HTTP request denial of service
5803| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5804| [13295] Apache weak password encryption
5805| [13254] Apache Tomcat .jsp cross-site scripting
5806| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5807| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5808| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5809| [12662] Apache HTTP Server rotatelogs denial of service
5810| [12554] Apache Tomcat stores password in plain text
5811| [12553] Apache HTTP Server redirects and subrequests denial of service
5812| [12552] Apache HTTP Server FTP proxy server denial of service
5813| [12551] Apache HTTP Server prefork MPM denial of service
5814| [12550] Apache HTTP Server weaker than expected encryption
5815| [12549] Apache HTTP Server type-map file denial of service
5816| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5817| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5818| [12091] Apache HTTP Server apr_password_validate denial of service
5819| [12090] Apache HTTP Server apr_psprintf code execution
5820| [11804] Apache HTTP Server mod_access_referer denial of service
5821| [11750] Apache HTTP Server could leak sensitive file descriptors
5822| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5823| [11703] Apache long slash path allows directory listing
5824| [11695] Apache HTTP Server LF (Line Feed) denial of service
5825| [11694] Apache HTTP Server filestat.c denial of service
5826| [11438] Apache HTTP Server MIME message boundaries information disclosure
5827| [11412] Apache HTTP Server error log terminal escape sequence injection
5828| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5829| [11195] Apache Tomcat web.xml could be used to read files
5830| [11194] Apache Tomcat URL appended with a null character could list directories
5831| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5832| [11126] Apache HTTP Server illegal character file disclosure
5833| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5834| [11124] Apache HTTP Server DOS device name denial of service
5835| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5836| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5837| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5838| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5839| [10499] Apache HTTP Server WebDAV HTTP POST view source
5840| [10457] Apache HTTP Server mod_ssl "
5841| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5842| [10414] Apache HTTP Server htdigest multiple buffer overflows
5843| [10413] Apache HTTP Server htdigest temporary file race condition
5844| [10412] Apache HTTP Server htpasswd temporary file race condition
5845| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5846| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5847| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5848| [10280] Apache HTTP Server shared memory scorecard overwrite
5849| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5850| [10241] Apache HTTP Server Host: header cross-site scripting
5851| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5852| [10208] Apache HTTP Server mod_dav denial of service
5853| [10206] HP VVOS Apache mod_ssl denial of service
5854| [10200] Apache HTTP Server stderr denial of service
5855| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5856| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5857| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5858| [10098] Slapper worm targets OpenSSL/Apache systems
5859| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5860| [9875] Apache HTTP Server .var file request could disclose installation path
5861| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5862| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5863| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5864| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5865| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5866| [9396] Apache Tomcat null character to threads denial of service
5867| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5868| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5869| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5870| [8932] Apache Tomcat example class information disclosure
5871| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5872| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5873| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5874| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5875| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5876| [8400] Apache HTTP Server mod_frontpage buffer overflows
5877| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5878| [8308] Apache "
5879| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5880| [8119] Apache and PHP OPTIONS request reveals "
5881| [8054] Apache is running on the system
5882| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5883| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5884| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5885| [7836] Apache HTTP Server log directory denial of service
5886| [7815] Apache for Windows "
5887| [7810] Apache HTTP request could result in unexpected behavior
5888| [7599] Apache Tomcat reveals installation path
5889| [7494] Apache "
5890| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5891| [7363] Apache Web Server hidden HTTP requests
5892| [7249] Apache mod_proxy denial of service
5893| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5894| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5895| [7059] Apache "
5896| [7057] Apache "
5897| [7056] Apache "
5898| [7055] Apache "
5899| [7054] Apache "
5900| [6997] Apache Jakarta Tomcat error message may reveal information
5901| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5902| [6970] Apache crafted HTTP request could reveal the internal IP address
5903| [6921] Apache long slash path allows directory listing
5904| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5905| [6527] Apache Web Server for Windows and OS2 denial of service
5906| [6316] Apache Jakarta Tomcat may reveal JSP source code
5907| [6305] Apache Jakarta Tomcat directory traversal
5908| [5926] Linux Apache symbolic link
5909| [5659] Apache Web server discloses files when used with php script
5910| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5911| [5204] Apache WebDAV directory listings
5912| [5197] Apache Web server reveals CGI script source code
5913| [5160] Apache Jakarta Tomcat default installation
5914| [5099] Trustix Secure Linux installs Apache with world writable access
5915| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5916| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5917| [4931] Apache source.asp example file allows users to write to files
5918| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5919| [4205] Apache Jakarta Tomcat delivers file contents
5920| [2084] Apache on Debian by default serves the /usr/doc directory
5921| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5922| [697] Apache HTTP server beck exploit
5923| [331] Apache cookies buffer overflow
5924|
5925| Exploit-DB - https://www.exploit-db.com:
5926| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5927| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5928| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5929| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5930| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5931| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5932| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5933| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5934| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5935| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5936| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5937| [29859] Apache Roller OGNL Injection
5938| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5939| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5940| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5941| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5942| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5943| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5944| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5945| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5946| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5947| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5948| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5949| [27096] Apache Geronimo 1.0 Error Page XSS
5950| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5951| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5952| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5953| [25986] Plesk Apache Zeroday Remote Exploit
5954| [25980] Apache Struts includeParams Remote Code Execution
5955| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5956| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5957| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5958| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5959| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5960| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5961| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5962| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5963| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5964| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5965| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5966| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5967| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5968| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5969| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5970| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5971| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5972| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5973| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5974| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5975| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5976| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5977| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5978| [21719] Apache 2.0 Path Disclosure Vulnerability
5979| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5980| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5981| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5982| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5983| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5984| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5985| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5986| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5987| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5988| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5989| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5990| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5991| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5992| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5993| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5994| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5995| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5996| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5997| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5998| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5999| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6000| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6001| [20558] Apache 1.2 Web Server DoS Vulnerability
6002| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6003| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6004| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6005| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6006| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6007| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6008| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6009| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6010| [19231] PHP apache_request_headers Function Buffer Overflow
6011| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6012| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6013| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6014| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6015| [18442] Apache httpOnly Cookie Disclosure
6016| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6017| [18221] Apache HTTP Server Denial of Service
6018| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6019| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6020| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6021| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6022| [16782] Apache Win32 Chunked Encoding
6023| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6024| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6025| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6026| [15319] Apache 2.2 (Windows) Local Denial of Service
6027| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6028| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6029| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6030| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6031| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6032| [12330] Apache OFBiz - Multiple XSS
6033| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6034| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6035| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6036| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6037| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6038| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6039| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6040| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6041| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6042| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6043| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6044| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6045| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6046| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6047| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6048| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6049| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6050| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6051| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6052| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6053| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6054| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6055| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6056| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6057| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6058| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6059| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6060| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6061| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6062| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6063| [466] htpasswd Apache 1.3.31 - Local Exploit
6064| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6065| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6066| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6067| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6068| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6069| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6070| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6071| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6072| [9] Apache HTTP Server 2.x Memory Leak Exploit
6073|
6074| OpenVAS (Nessus) - http://www.openvas.org:
6075| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6076| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6077| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6078| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6079| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6080| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6081| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6082| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6083| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6084| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6085| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6086| [900571] Apache APR-Utils Version Detection
6087| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6088| [900496] Apache Tiles Multiple XSS Vulnerability
6089| [900493] Apache Tiles Version Detection
6090| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6091| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6092| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6093| [870175] RedHat Update for apache RHSA-2008:0004-01
6094| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6095| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6096| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6097| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6098| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6099| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6100| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6101| [855821] Solaris Update for Apache 1.3 122912-19
6102| [855812] Solaris Update for Apache 1.3 122911-19
6103| [855737] Solaris Update for Apache 1.3 122911-17
6104| [855731] Solaris Update for Apache 1.3 122912-17
6105| [855695] Solaris Update for Apache 1.3 122911-16
6106| [855645] Solaris Update for Apache 1.3 122912-16
6107| [855587] Solaris Update for kernel update and Apache 108529-29
6108| [855566] Solaris Update for Apache 116973-07
6109| [855531] Solaris Update for Apache 116974-07
6110| [855524] Solaris Update for Apache 2 120544-14
6111| [855494] Solaris Update for Apache 1.3 122911-15
6112| [855478] Solaris Update for Apache Security 114145-11
6113| [855472] Solaris Update for Apache Security 113146-12
6114| [855179] Solaris Update for Apache 1.3 122912-15
6115| [855147] Solaris Update for kernel update and Apache 108528-29
6116| [855077] Solaris Update for Apache 2 120543-14
6117| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6118| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6119| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6120| [841209] Ubuntu Update for apache2 USN-1627-1
6121| [840900] Ubuntu Update for apache2 USN-1368-1
6122| [840798] Ubuntu Update for apache2 USN-1259-1
6123| [840734] Ubuntu Update for apache2 USN-1199-1
6124| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
6125| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
6126| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
6127| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
6128| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
6129| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
6130| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
6131| [835253] HP-UX Update for Apache Web Server HPSBUX02645
6132| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
6133| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
6134| [835236] HP-UX Update for Apache with PHP HPSBUX02543
6135| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
6136| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
6137| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
6138| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
6139| [835188] HP-UX Update for Apache HPSBUX02308
6140| [835181] HP-UX Update for Apache With PHP HPSBUX02332
6141| [835180] HP-UX Update for Apache with PHP HPSBUX02342
6142| [835172] HP-UX Update for Apache HPSBUX02365
6143| [835168] HP-UX Update for Apache HPSBUX02313
6144| [835148] HP-UX Update for Apache HPSBUX01064
6145| [835139] HP-UX Update for Apache with PHP HPSBUX01090
6146| [835131] HP-UX Update for Apache HPSBUX00256
6147| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
6148| [835104] HP-UX Update for Apache HPSBUX00224
6149| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
6150| [835101] HP-UX Update for Apache HPSBUX01232
6151| [835080] HP-UX Update for Apache HPSBUX02273
6152| [835078] HP-UX Update for ApacheStrong HPSBUX00255
6153| [835044] HP-UX Update for Apache HPSBUX01019
6154| [835040] HP-UX Update for Apache PHP HPSBUX00207
6155| [835025] HP-UX Update for Apache HPSBUX00197
6156| [835023] HP-UX Update for Apache HPSBUX01022
6157| [835022] HP-UX Update for Apache HPSBUX02292
6158| [835005] HP-UX Update for Apache HPSBUX02262
6159| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
6160| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
6161| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
6162| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
6163| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
6164| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
6165| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
6166| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
6167| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
6168| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
6169| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
6170| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
6171| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
6172| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
6173| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
6174| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
6175| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
6176| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
6177| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
6178| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
6179| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
6180| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
6181| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
6182| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
6183| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
6184| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
6185| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
6186| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
6187| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
6188| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
6189| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6190| [801942] Apache Archiva Multiple Vulnerabilities
6191| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
6192| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
6193| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
6194| [801284] Apache Derby Information Disclosure Vulnerability
6195| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
6196| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
6197| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
6198| [800680] Apache APR Version Detection
6199| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6200| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6201| [800677] Apache Roller Version Detection
6202| [800279] Apache mod_jk Module Version Detection
6203| [800278] Apache Struts Cross Site Scripting Vulnerability
6204| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
6205| [800276] Apache Struts Version Detection
6206| [800271] Apache Struts Directory Traversal Vulnerability
6207| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
6208| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6209| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6210| [103122] Apache Web Server ETag Header Information Disclosure Weakness
6211| [103074] Apache Continuum Cross Site Scripting Vulnerability
6212| [103073] Apache Continuum Detection
6213| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6214| [101023] Apache Open For Business Weak Password security check
6215| [101020] Apache Open For Business HTML injection vulnerability
6216| [101019] Apache Open For Business service detection
6217| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
6218| [100923] Apache Archiva Detection
6219| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6220| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6221| [100813] Apache Axis2 Detection
6222| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6223| [100795] Apache Derby Detection
6224| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
6225| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6226| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6227| [100514] Apache Multiple Security Vulnerabilities
6228| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6229| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6230| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6231| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6232| [72626] Debian Security Advisory DSA 2579-1 (apache2)
6233| [72612] FreeBSD Ports: apache22
6234| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
6235| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6236| [71512] FreeBSD Ports: apache
6237| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6238| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6239| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6240| [70737] FreeBSD Ports: apache
6241| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6242| [70600] FreeBSD Ports: apache
6243| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6244| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6245| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6246| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6247| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6248| [67868] FreeBSD Ports: apache
6249| [66816] FreeBSD Ports: apache
6250| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6251| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6252| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6253| [66081] SLES11: Security update for Apache 2
6254| [66074] SLES10: Security update for Apache 2
6255| [66070] SLES9: Security update for Apache 2
6256| [65998] SLES10: Security update for apache2-mod_python
6257| [65893] SLES10: Security update for Apache 2
6258| [65888] SLES10: Security update for Apache 2
6259| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
6260| [65510] SLES9: Security update for Apache 2
6261| [65472] SLES9: Security update for Apache
6262| [65467] SLES9: Security update for Apache
6263| [65450] SLES9: Security update for apache2
6264| [65390] SLES9: Security update for Apache2
6265| [65363] SLES9: Security update for Apache2
6266| [65309] SLES9: Security update for Apache and mod_ssl
6267| [65296] SLES9: Security update for webdav apache module
6268| [65283] SLES9: Security update for Apache2
6269| [65249] SLES9: Security update for Apache 2
6270| [65230] SLES9: Security update for Apache 2
6271| [65228] SLES9: Security update for Apache 2
6272| [65212] SLES9: Security update for apache2-mod_python
6273| [65209] SLES9: Security update for apache2-worker
6274| [65207] SLES9: Security update for Apache 2
6275| [65168] SLES9: Security update for apache2-mod_python
6276| [65142] SLES9: Security update for Apache2
6277| [65136] SLES9: Security update for Apache 2
6278| [65132] SLES9: Security update for apache
6279| [65131] SLES9: Security update for Apache 2 oes/CORE
6280| [65113] SLES9: Security update for apache2
6281| [65072] SLES9: Security update for apache and mod_ssl
6282| [65017] SLES9: Security update for Apache 2
6283| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
6284| [64783] FreeBSD Ports: apache
6285| [64774] Ubuntu USN-802-2 (apache2)
6286| [64653] Ubuntu USN-813-2 (apache2)
6287| [64559] Debian Security Advisory DSA 1834-2 (apache2)
6288| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
6289| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
6290| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
6291| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
6292| [64443] Ubuntu USN-802-1 (apache2)
6293| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
6294| [64423] Debian Security Advisory DSA 1834-1 (apache2)
6295| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
6296| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
6297| [64251] Debian Security Advisory DSA 1816-1 (apache2)
6298| [64201] Ubuntu USN-787-1 (apache2)
6299| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
6300| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
6301| [63565] FreeBSD Ports: apache
6302| [63562] Ubuntu USN-731-1 (apache2)
6303| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
6304| [61185] FreeBSD Ports: apache
6305| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
6306| [60387] Slackware Advisory SSA:2008-045-02 apache
6307| [58826] FreeBSD Ports: apache-tomcat
6308| [58825] FreeBSD Ports: apache-tomcat
6309| [58804] FreeBSD Ports: apache
6310| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
6311| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
6312| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
6313| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
6314| [57335] Debian Security Advisory DSA 1167-1 (apache)
6315| [57201] Debian Security Advisory DSA 1131-1 (apache)
6316| [57200] Debian Security Advisory DSA 1132-1 (apache2)
6317| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
6318| [57145] FreeBSD Ports: apache
6319| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
6320| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
6321| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
6322| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
6323| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
6324| [56067] FreeBSD Ports: apache
6325| [55803] Slackware Advisory SSA:2005-310-04 apache
6326| [55519] Debian Security Advisory DSA 839-1 (apachetop)
6327| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
6328| [55355] FreeBSD Ports: apache
6329| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
6330| [55261] Debian Security Advisory DSA 805-1 (apache2)
6331| [55259] Debian Security Advisory DSA 803-1 (apache)
6332| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
6333| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
6334| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
6335| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
6336| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
6337| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
6338| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
6339| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
6340| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
6341| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
6342| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
6343| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
6344| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
6345| [54439] FreeBSD Ports: apache
6346| [53931] Slackware Advisory SSA:2004-133-01 apache
6347| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
6348| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
6349| [53878] Slackware Advisory SSA:2003-308-01 apache security update
6350| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
6351| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
6352| [53848] Debian Security Advisory DSA 131-1 (apache)
6353| [53784] Debian Security Advisory DSA 021-1 (apache)
6354| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
6355| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
6356| [53735] Debian Security Advisory DSA 187-1 (apache)
6357| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
6358| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
6359| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
6360| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6361| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6362| [53282] Debian Security Advisory DSA 594-1 (apache)
6363| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6364| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6365| [53215] Debian Security Advisory DSA 525-1 (apache)
6366| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6367| [52529] FreeBSD Ports: apache+ssl
6368| [52501] FreeBSD Ports: apache
6369| [52461] FreeBSD Ports: apache
6370| [52390] FreeBSD Ports: apache
6371| [52389] FreeBSD Ports: apache
6372| [52388] FreeBSD Ports: apache
6373| [52383] FreeBSD Ports: apache
6374| [52339] FreeBSD Ports: apache+mod_ssl
6375| [52331] FreeBSD Ports: apache
6376| [52329] FreeBSD Ports: ru-apache+mod_ssl
6377| [52314] FreeBSD Ports: apache
6378| [52310] FreeBSD Ports: apache
6379| [15588] Detect Apache HTTPS
6380| [15555] Apache mod_proxy content-length buffer overflow
6381| [15554] Apache mod_include priviledge escalation
6382| [14771] Apache <= 1.3.33 htpasswd local overflow
6383| [14177] Apache mod_access rule bypass
6384| [13644] Apache mod_rootme Backdoor
6385| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6386| [12280] Apache Connection Blocking Denial of Service
6387| [12239] Apache Error Log Escape Sequence Injection
6388| [12123] Apache Tomcat source.jsp malformed request information disclosure
6389| [12085] Apache Tomcat servlet/JSP container default files
6390| [11438] Apache Tomcat Directory Listing and File disclosure
6391| [11204] Apache Tomcat Default Accounts
6392| [11092] Apache 2.0.39 Win32 directory traversal
6393| [11046] Apache Tomcat TroubleShooter Servlet Installed
6394| [11042] Apache Tomcat DOS Device Name XSS
6395| [11041] Apache Tomcat /servlet Cross Site Scripting
6396| [10938] Apache Remote Command Execution via .bat files
6397| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6398| [10773] MacOS X Finder reveals contents of Apache Web files
6399| [10766] Apache UserDir Sensitive Information Disclosure
6400| [10756] MacOS X Finder reveals contents of Apache Web directories
6401| [10752] Apache Auth Module SQL Insertion Attack
6402| [10704] Apache Directory Listing
6403| [10678] Apache /server-info accessible
6404| [10677] Apache /server-status accessible
6405| [10440] Check for Apache Multiple / vulnerability
6406|
6407| SecurityTracker - https://www.securitytracker.com:
6408| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6409| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6410| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6411| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6412| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6413| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6414| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6415| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6416| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6417| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6418| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6419| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6420| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6421| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6422| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6423| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6424| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6425| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6426| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6427| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6428| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6429| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6430| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6431| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6432| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6433| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6434| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6435| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6436| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6437| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6438| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6439| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6440| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6441| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6442| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6443| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6444| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6445| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6446| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6447| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6448| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6449| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6450| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6451| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6452| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6453| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6454| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6455| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6456| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6457| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6458| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6459| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6460| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6461| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6462| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6463| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6464| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6465| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6466| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6467| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6468| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6469| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6470| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6471| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6472| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6473| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6474| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6475| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6476| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6477| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6478| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6479| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6480| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6481| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6482| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6483| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6484| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6485| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6486| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6487| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6488| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6489| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6490| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6491| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6492| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6493| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6494| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6495| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6496| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6497| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6498| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6499| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6500| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6501| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6502| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6503| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6504| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6505| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6506| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6507| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6508| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6509| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6510| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6511| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6512| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6513| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6514| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6515| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6516| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6517| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6518| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6519| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6520| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6521| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6522| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6523| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6524| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6525| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6526| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6527| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6528| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6529| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6530| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6531| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6532| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6533| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6534| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6535| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6536| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6537| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6538| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6539| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6540| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6541| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6542| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6543| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6544| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6545| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6546| [1008920] Apache mod_digest May Validate Replayed Client Responses
6547| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6548| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6549| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6550| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6551| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6552| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6553| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6554| [1008029] Apache mod_alias Contains a Buffer Overflow
6555| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6556| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6557| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6558| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6559| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6560| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6561| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6562| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6563| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6564| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6565| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6566| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6567| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6568| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6569| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6570| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6571| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6572| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6573| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6574| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6575| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6576| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6577| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6578| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6579| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6580| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6581| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6582| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6583| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6584| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6585| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6586| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6587| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6588| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6589| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6590| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6591| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6592| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6593| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6594| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6595| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6596| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6597| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6598| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6599| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6600| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6601| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6602| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6603| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6604| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6605| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6606| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6607| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6608| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6609| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6610| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6611|
6612| OSVDB - http://www.osvdb.org:
6613| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6614| [96077] Apache CloudStack Global Settings Multiple Field XSS
6615| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6616| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6617| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6618| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6619| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6620| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6621| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6622| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6623| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6624| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6625| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6626| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6627| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6628| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6629| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6630| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6631| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6632| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6633| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6634| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6635| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6636| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6637| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6638| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6639| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6640| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6641| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6642| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6643| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6644| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6645| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6646| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6647| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6648| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6649| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6650| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6651| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6652| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6653| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6654| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6655| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6656| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6657| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6658| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6659| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6660| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6661| [94279] Apache Qpid CA Certificate Validation Bypass
6662| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6663| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6664| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6665| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6666| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6667| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6668| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6669| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6670| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6671| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6672| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6673| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6674| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6675| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6676| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6677| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6678| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6679| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6680| [93541] Apache Solr json.wrf Callback XSS
6681| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6682| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6683| [93520] Apache CloudStack Default SSL Key Weakness
6684| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6685| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6686| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6687| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6688| [93515] Apache HBase table.jsp name Parameter XSS
6689| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6690| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6691| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6692| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6693| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6694| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6695| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6696| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6697| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6698| [93252] Apache Tomcat FORM Authenticator Session Fixation
6699| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6700| [93171] Apache Sling HtmlResponse Error Message XSS
6701| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6702| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6703| [93168] Apache Click ErrorReport.java id Parameter XSS
6704| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6705| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6706| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6707| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6708| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6709| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6710| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6711| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6712| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6713| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6714| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6715| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6716| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6717| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6718| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6719| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6720| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6721| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6722| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6723| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6724| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6725| [93144] Apache Solr Admin Command Execution CSRF
6726| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6727| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6728| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6729| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6730| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6731| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6732| [92748] Apache CloudStack VM Console Access Restriction Bypass
6733| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6734| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6735| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6736| [92706] Apache ActiveMQ Debug Log Rendering XSS
6737| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6738| [92270] Apache Tomcat Unspecified CSRF
6739| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6740| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6741| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6742| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6743| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6744| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6745| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6746| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6747| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6748| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6749| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6750| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6751| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6752| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6753| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6754| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6755| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6756| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6757| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6758| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6759| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6760| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6761| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6762| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6763| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6764| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6765| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6766| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6767| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6768| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6769| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6770| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6771| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6772| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6773| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6774| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6775| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6776| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6777| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6778| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6779| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6780| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6781| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6782| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6783| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6784| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6785| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6786| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6787| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6788| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6789| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6790| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6791| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6792| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6793| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6794| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6795| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6796| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6797| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6798| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6799| [86901] Apache Tomcat Error Message Path Disclosure
6800| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6801| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6802| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6803| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6804| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6805| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6806| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6807| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6808| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6809| [85430] Apache mod_pagespeed Module Unspecified XSS
6810| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6811| [85249] Apache Wicket Unspecified XSS
6812| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6813| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6814| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6815| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6816| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6817| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6818| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6819| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6820| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6821| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6822| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6823| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6824| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6825| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6826| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6827| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6828| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6829| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6830| [83339] Apache Roller Blogger Roll Unspecified XSS
6831| [83270] Apache Roller Unspecified Admin Action CSRF
6832| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6833| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6834| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6835| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6836| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6837| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6838| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6839| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6840| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6841| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6842| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6843| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6844| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6845| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6846| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6847| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6848| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6849| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6850| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6851| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6852| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6853| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6854| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6855| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6856| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6857| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6858| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6859| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6860| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6861| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6862| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6863| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6864| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6865| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6866| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6867| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6868| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6869| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6870| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6871| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6872| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6873| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6874| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6875| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6876| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6877| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6878| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6879| [77593] Apache Struts Conversion Error OGNL Expression Injection
6880| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6881| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6882| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6883| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6884| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6885| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6886| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6887| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6888| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6889| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6890| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6891| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6892| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6893| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6894| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6895| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6896| [74725] Apache Wicket Multi Window Support Unspecified XSS
6897| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6898| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6899| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6900| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6901| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6902| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6903| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6904| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6905| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6906| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6907| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6908| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6909| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6910| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6911| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6912| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6913| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6914| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6915| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6916| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6917| [73154] Apache Archiva Multiple Unspecified CSRF
6918| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6919| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6920| [72238] Apache Struts Action / Method Names <
6921| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6922| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6923| [71557] Apache Tomcat HTML Manager Multiple XSS
6924| [71075] Apache Archiva User Management Page XSS
6925| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6926| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6927| [70924] Apache Continuum Multiple Admin Function CSRF
6928| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6929| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6930| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6931| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6932| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6933| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6934| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6935| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6936| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6937| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6938| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6939| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6940| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6941| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6942| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6943| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6944| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6945| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6946| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6947| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6948| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6949| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6950| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6951| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6952| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6953| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6954| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6955| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6956| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6957| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6958| [65054] Apache ActiveMQ Jetty Error Handler XSS
6959| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6960| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6961| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6962| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6963| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6964| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6965| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6966| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6967| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6968| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6969| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6970| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6971| [63895] Apache HTTP Server mod_headers Unspecified Issue
6972| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6973| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6974| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6975| [63140] Apache Thrift Service Malformed Data Remote DoS
6976| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6977| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6978| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6979| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6980| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6981| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6982| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6983| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6984| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6985| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6986| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6987| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6988| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6989| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6990| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6991| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6992| [60678] Apache Roller Comment Email Notification Manipulation DoS
6993| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6994| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6995| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6996| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6997| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6998| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6999| [60232] PHP on Apache php.exe Direct Request Remote DoS
7000| [60176] Apache Tomcat Windows Installer Admin Default Password
7001| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7002| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7003| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7004| [59944] Apache Hadoop jobhistory.jsp XSS
7005| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7006| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7007| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7008| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7009| [59019] Apache mod_python Cookie Salting Weakness
7010| [59018] Apache Harmony Error Message Handling Overflow
7011| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7012| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7013| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7014| [59010] Apache Solr get-file.jsp XSS
7015| [59009] Apache Solr action.jsp XSS
7016| [59008] Apache Solr analysis.jsp XSS
7017| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7018| [59006] Apache Beehive select / checkbox Tag XSS
7019| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7020| [59004] Apache Beehive Error Message XSS
7021| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7022| [59002] Apache Jetspeed default-page.psml URI XSS
7023| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7024| [59000] Apache CXF Unsigned Message Policy Bypass
7025| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7026| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7027| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7028| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7029| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7030| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7031| [58993] Apache Hadoop browseBlock.jsp XSS
7032| [58991] Apache Hadoop browseDirectory.jsp XSS
7033| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7034| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7035| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7036| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7037| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7038| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7039| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7040| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7041| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7042| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7043| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7044| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7045| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7046| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7047| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7048| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7049| [58974] Apache Sling /apps Script User Session Management Access Weakness
7050| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7051| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7052| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7053| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7054| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7055| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7056| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7057| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7058| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7059| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7060| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7061| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7062| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7063| [58805] Apache Derby Unauthenticated Database / Admin Access
7064| [58804] Apache Wicket Header Contribution Unspecified Issue
7065| [58803] Apache Wicket Session Fixation
7066| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7067| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7068| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7069| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7070| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7071| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7072| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7073| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7074| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7075| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7076| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7077| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7078| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7079| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7080| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7081| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7082| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7083| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7084| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7085| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7086| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7087| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7088| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7089| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7090| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7091| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7092| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7093| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7094| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7095| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7096| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7097| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7098| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7099| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7100| [58755] Apache Harmony DRLVM Non-public Class Member Access
7101| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7102| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7103| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7104| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7105| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7106| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7107| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7108| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7109| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7110| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7111| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7112| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7113| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7114| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7115| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7116| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7117| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7118| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7119| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7120| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
7121| [58725] Apache Tapestry Basic String ACL Bypass Weakness
7122| [58724] Apache Roller Logout Functionality Failure Session Persistence
7123| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
7124| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
7125| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
7126| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
7127| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
7128| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
7129| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
7130| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
7131| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
7132| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
7133| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7134| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7135| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
7136| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7137| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
7138| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
7139| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
7140| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
7141| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
7142| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
7143| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
7144| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
7145| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
7146| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
7147| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
7148| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
7149| [58687] Apache Axis Invalid wsdl Request XSS
7150| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
7151| [58685] Apache Velocity Template Designer Privileged Code Execution
7152| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
7153| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
7154| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
7155| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
7156| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
7157| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
7158| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
7159| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
7160| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
7161| [58667] Apache Roller Database Cleartext Passwords Disclosure
7162| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
7163| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
7164| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
7165| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
7166| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
7167| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
7168| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
7169| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
7170| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7171| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7172| [56984] Apache Xerces2 Java Malformed XML Input DoS
7173| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
7174| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
7175| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
7176| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
7177| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7178| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
7179| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
7180| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7181| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7182| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7183| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7184| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
7185| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
7186| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
7187| [55056] Apache Tomcat Cross-application TLD File Manipulation
7188| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
7189| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
7190| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
7191| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7192| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
7193| [54589] Apache Jserv Nonexistent JSP Request XSS
7194| [54122] Apache Struts s:a / s:url Tag href Element XSS
7195| [54093] Apache ActiveMQ Web Console JMS Message XSS
7196| [53932] Apache Geronimo Multiple Admin Function CSRF
7197| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7198| [53930] Apache Geronimo /console/portal/ URI XSS
7199| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
7200| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
7201| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
7202| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7203| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7204| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
7205| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
7206| [53380] Apache Struts Unspecified XSS
7207| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
7208| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7209| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
7210| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
7211| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7212| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7213| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7214| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
7215| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
7216| [51151] Apache Roller Search Function q Parameter XSS
7217| [50482] PHP with Apache php_value Order Unspecified Issue
7218| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
7219| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
7220| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
7221| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7222| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
7223| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
7224| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
7225| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7226| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
7227| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
7228| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
7229| [47096] Oracle Weblogic Apache Connector POST Request Overflow
7230| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
7231| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
7232| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7233| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
7234| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
7235| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7236| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7237| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7238| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7239| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7240| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7241| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7242| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7243| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7244| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7245| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7246| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7247| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7248| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7249| [43452] Apache Tomcat HTTP Request Smuggling
7250| [43309] Apache Geronimo LoginModule Login Method Bypass
7251| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7252| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7253| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7254| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7255| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7256| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7257| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
7258| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7259| [42091] Apache Maven Site Plugin Installation Permission Weakness
7260| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
7261| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
7262| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
7263| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7264| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
7265| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
7266| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
7267| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
7268| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
7269| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
7270| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7271| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7272| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
7273| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7274| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7275| [40262] Apache HTTP Server mod_status refresh XSS
7276| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
7277| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
7278| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
7279| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
7280| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
7281| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
7282| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7283| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
7284| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7285| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
7286| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
7287| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
7288| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7289| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7290| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7291| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7292| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7293| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
7294| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7295| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
7296| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
7297| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7298| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7299| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7300| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
7301| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
7302| [36080] Apache Tomcat JSP Examples Crafted URI XSS
7303| [36079] Apache Tomcat Manager Uploaded Filename XSS
7304| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
7305| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
7306| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
7307| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
7308| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
7309| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
7310| [34881] Apache Tomcat Malformed Accept-Language Header XSS
7311| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
7312| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
7313| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
7314| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7315| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7316| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
7317| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
7318| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
7319| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7320| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
7321| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7322| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7323| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
7324| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
7325| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7326| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7327| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7328| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
7329| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7330| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7331| [32724] Apache mod_python _filter_read Freed Memory Disclosure
7332| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
7333| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
7334| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
7335| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
7336| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
7337| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
7338| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
7339| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
7340| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7341| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7342| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7343| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
7344| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7345| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
7346| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
7347| [24365] Apache Struts Multiple Function Error Message XSS
7348| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
7349| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
7350| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
7351| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7352| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
7353| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
7354| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
7355| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7356| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
7357| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
7358| [22459] Apache Geronimo Error Page XSS
7359| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
7360| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7361| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7362| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7363| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7364| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7365| [21021] Apache Struts Error Message XSS
7366| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7367| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7368| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7369| [20439] Apache Tomcat Directory Listing Saturation DoS
7370| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7371| [20285] Apache HTTP Server Log File Control Character Injection
7372| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7373| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7374| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7375| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7376| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7377| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7378| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7379| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7380| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7381| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7382| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7383| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7384| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7385| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7386| [18233] Apache HTTP Server htdigest user Variable Overfow
7387| [17738] Apache HTTP Server HTTP Request Smuggling
7388| [16586] Apache HTTP Server Win32 GET Overflow DoS
7389| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7390| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7391| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7392| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7393| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7394| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7395| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7396| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7397| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7398| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7399| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7400| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7401| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7402| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7403| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7404| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7405| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7406| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7407| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7408| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7409| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7410| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7411| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7412| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7413| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7414| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7415| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7416| [13304] Apache Tomcat realPath.jsp Path Disclosure
7417| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7418| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7419| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7420| [12848] Apache HTTP Server htdigest realm Variable Overflow
7421| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7422| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7423| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7424| [12557] Apache HTTP Server prefork MPM accept Error DoS
7425| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7426| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7427| [12231] Apache Tomcat web.xml Arbitrary File Access
7428| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7429| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7430| [12178] Apache Jakarta Lucene results.jsp XSS
7431| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7432| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7433| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7434| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7435| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7436| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7437| [10471] Apache Xerces-C++ XML Parser DoS
7438| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7439| [10068] Apache HTTP Server htpasswd Local Overflow
7440| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7441| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7442| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7443| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7444| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7445| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7446| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7447| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7448| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7449| [9714] Apache Authentication Module Threaded MPM DoS
7450| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7451| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7452| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7453| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7454| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7455| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7456| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7457| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7458| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7459| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7460| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7461| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7462| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7463| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7464| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7465| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7466| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7467| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7468| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7469| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7470| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7471| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7472| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7473| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7474| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7475| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7476| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7477| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7478| [9208] Apache Tomcat .jsp Encoded Newline XSS
7479| [9204] Apache Tomcat ROOT Application XSS
7480| [9203] Apache Tomcat examples Application XSS
7481| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7482| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7483| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7484| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7485| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7486| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7487| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7488| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7489| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7490| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7491| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7492| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7493| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7494| [7611] Apache HTTP Server mod_alias Local Overflow
7495| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7496| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7497| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7498| [6882] Apache mod_python Malformed Query String Variant DoS
7499| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7500| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7501| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7502| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7503| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7504| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7505| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7506| [5278] Apache Tomcat web.xml Restriction Bypass
7507| [5051] Apache Tomcat Null Character DoS
7508| [4973] Apache Tomcat servlet Mapping XSS
7509| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7510| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7511| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7512| [4568] mod_survey For Apache ENV Tags SQL Injection
7513| [4553] Apache HTTP Server ApacheBench Overflow DoS
7514| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7515| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7516| [4383] Apache HTTP Server Socket Race Condition DoS
7517| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7518| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7519| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7520| [4231] Apache Cocoon Error Page Server Path Disclosure
7521| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7522| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7523| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7524| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7525| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7526| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7527| [3322] mod_php for Apache HTTP Server Process Hijack
7528| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7529| [2885] Apache mod_python Malformed Query String DoS
7530| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7531| [2733] Apache HTTP Server mod_rewrite Local Overflow
7532| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7533| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7534| [2149] Apache::Gallery Privilege Escalation
7535| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7536| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7537| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7538| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7539| [872] Apache Tomcat Multiple Default Accounts
7540| [862] Apache HTTP Server SSI Error Page XSS
7541| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7542| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7543| [845] Apache Tomcat MSDOS Device XSS
7544| [844] Apache Tomcat Java Servlet Error Page XSS
7545| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7546| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7547| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7548| [775] Apache mod_python Module Importing Privilege Function Execution
7549| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7550| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7551| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7552| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7553| [637] Apache HTTP Server UserDir Directive Username Enumeration
7554| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7555| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7556| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7557| [561] Apache Web Servers mod_status /server-status Information Disclosure
7558| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7559| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7560| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7561| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7562| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7563| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7564| [376] Apache Tomcat contextAdmin Arbitrary File Access
7565| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7566| [222] Apache HTTP Server test-cgi Arbitrary File Access
7567| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7568| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7569|_
7570Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7571Device type: general purpose
7572Running (JUST GUESSING): Linux 3.X|4.X (90%)
7573OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
7574Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.13 (86%), Linux 3.16 (86%)
7575No exact OS matches for host (test conditions non-ideal).
7576Uptime guess: 120.409 days (since Fri Aug 2 08:47:46 2019)
7577Network Distance: 18 hops
7578TCP Sequence Prediction: Difficulty=262 (Good luck!)
7579IP ID Sequence Generation: All zeros
7580
7581TRACEROUTE (using port 80/tcp)
7582HOP RTT ADDRESS
75831 245.43 ms 10.244.204.1
75842 245.51 ms 213.184.122.97
75853 245.46 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
75864 245.48 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
75875 245.51 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1)
75886 245.63 ms bzq-179-161-218.pop.bezeqint.net (212.179.161.218)
75897 245.65 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
75908 245.67 ms et-0-0-67.cr2-fra2.ip4.gtt.net (141.136.110.54)
75919 307.67 ms et-0-0-67.cr2-fra2.ip4.gtt.net (141.136.110.54)
759210 307.67 ms if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17)
759311 367.02 ms if-ae-7-2.tcore2.wyn-marseille.as6453.net (80.231.200.77)
759412 367.01 ms if-ae-7-3.tcore2.wyn-marseille.as6453.net (195.219.87.34)
759513 523.10 ms 80.231.200.146
759614 523.14 ms 87.101.255.133
759715 ...
759816 523.15 ms 87.101.184.50
759917 523.27 ms ofw.shabakah.net.sa (212.102.0.66)
760018 523.16 ms AxPri.shabakah.net.sa (212.102.11.4)
7601
7602NSE: Script Post-scanning.
7603Initiating NSE at 17:36
7604Completed NSE at 17:36, 0.00s elapsed
7605Initiating NSE at 17:36
7606Completed NSE at 17:36, 0.00s elapsed
7607#######################################################################################################################################
7608Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 17:37 EST
7609NSE: Loaded 163 scripts for scanning.
7610NSE: Script Pre-scanning.
7611Initiating NSE at 17:37
7612Completed NSE at 17:37, 0.00s elapsed
7613Initiating NSE at 17:37
7614Completed NSE at 17:37, 0.00s elapsed
7615Initiating Parallel DNS resolution of 1 host. at 17:37
7616Completed Parallel DNS resolution of 1 host. at 17:37, 0.02s elapsed
7617Initiating SYN Stealth Scan at 17:37
7618Scanning AxPri.shabakah.net.sa (212.102.11.4) [1 port]
7619Discovered open port 443/tcp on 212.102.11.4
7620Completed SYN Stealth Scan at 17:37, 0.38s elapsed (1 total ports)
7621Initiating Service scan at 17:37
7622Scanning 1 service on AxPri.shabakah.net.sa (212.102.11.4)
7623Completed Service scan at 17:37, 15.54s elapsed (1 service on 1 host)
7624Initiating OS detection (try #1) against AxPri.shabakah.net.sa (212.102.11.4)
7625Retrying OS detection (try #2) against AxPri.shabakah.net.sa (212.102.11.4)
7626Initiating Traceroute at 17:37
7627Completed Traceroute at 17:37, 3.24s elapsed
7628Initiating Parallel DNS resolution of 15 hosts. at 17:37
7629Completed Parallel DNS resolution of 15 hosts. at 17:37, 0.60s elapsed
7630NSE: Script scanning 212.102.11.4.
7631Initiating NSE at 17:37
7632Completed NSE at 17:43, 330.07s elapsed
7633Initiating NSE at 17:43
7634Completed NSE at 17:43, 4.24s elapsed
7635Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
7636Host is up (0.39s latency).
7637
7638PORT STATE SERVICE VERSION
7639443/tcp open ssl/http Apache httpd
7640|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
7641| http-brute:
7642|_ Path "/" does not require authentication
7643|_http-chrono: Request times for /; avg: 1953.85ms; min: 831.50ms; max: 2844.12ms
7644|_http-csrf: Couldn't find any CSRF vulnerabilities.
7645|_http-date: Sat, 30 Nov 2019 22:38:20 GMT; -1s from local time.
7646|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
7647|_http-dombased-xss: Couldn't find any DOM based XSS.
7648|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
7649|_http-errors: ERROR: Script execution failed (use -d to debug)
7650|_http-feed: Couldn't find any feeds.
7651|_http-fetch: Please enter the complete path of the directory to save data in.
7652| http-headers:
7653| Date: Sat, 30 Nov 2019 22:39:04 GMT
7654| Server: Apache
7655| Content-Length: 362
7656| Connection: close
7657| Content-Type: text/html; charset=iso-8859-1
7658|
7659|_ (Request type: GET)
7660|_http-jsonp-detection: Couldn't find any JSONP endpoints.
7661| http-methods:
7662|_ Supported Methods: GET HEAD POST
7663|_http-mobileversion-checker: No mobile version detected.
7664| http-security-headers:
7665| Strict_Transport_Security:
7666|_ HSTS not configured in HTTPS Server
7667|_http-server-header: Apache
7668| http-sitemap-generator:
7669| Directory structure:
7670| Longest directory structure:
7671| Depth: 0
7672| Dir: /
7673| Total files found (by extension):
7674|_
7675|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
7676|_http-title: 403 Forbidden
7677| http-vhosts:
7678| 59 names had status 403
7679|_68 names had status 400
7680|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
7681|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
7682|_http-xssed: No previously reported XSS vuln.
7683| vulscan: VulDB - https://vuldb.com:
7684| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7685| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7686| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7687| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7688| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7689| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7690| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7691| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7692| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7693| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7694| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7695| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7696| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7697| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7698| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7699| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7700| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7701| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7702| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7703| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7704| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7705| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7706| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7707| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7708| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7709| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7710| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7711| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7712| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7713| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7714| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7715| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7716| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7717| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7718| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7719| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7720| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7721| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7722| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7723| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7724| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7725| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7726| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7727| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7728| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7729| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7730| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7731| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7732| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7733| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7734| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7735| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7736| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7737| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7738| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7739| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7740| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7741| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7742| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7743| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7744| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7745| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7746| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7747| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7748| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7749| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7750| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7751| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7752| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7753| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7754| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7755| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7756| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7757| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7758| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7759| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7760| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7761| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7762| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7763| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7764| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7765| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7766| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7767| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7768| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7769| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7770| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7771| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7772| [136370] Apache Fineract up to 1.2.x sql injection
7773| [136369] Apache Fineract up to 1.2.x sql injection
7774| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7775| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7776| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7777| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7778| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7779| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7780| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7781| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7782| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7783| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7784| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7785| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7786| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7787| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7788| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7789| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7790| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7791| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7792| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7793| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7794| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7795| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7796| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7797| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7798| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7799| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7800| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7801| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7802| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7803| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7804| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7805| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7806| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7807| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7808| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7809| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7810| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7811| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7812| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7813| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7814| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7815| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7816| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7817| [130629] Apache Guacamole Cookie Flag weak encryption
7818| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7819| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7820| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7821| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7822| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7823| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7824| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7825| [130123] Apache Airflow up to 1.8.2 information disclosure
7826| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7827| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7828| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7829| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7830| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7831| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7832| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7833| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7834| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7835| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7836| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7837| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7838| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7839| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7840| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7841| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7842| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7843| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7844| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7845| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7846| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7847| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7848| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7849| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7850| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7851| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7852| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7853| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7854| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7855| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7856| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7857| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7858| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7859| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7860| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7861| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7862| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7863| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7864| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7865| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7866| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7867| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7868| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7869| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7870| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7871| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7872| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7873| [127007] Apache Spark Request Code Execution
7874| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7875| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7876| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7877| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7878| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7879| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7880| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7881| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7882| [126346] Apache Tomcat Path privilege escalation
7883| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7884| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7885| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7886| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7887| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7888| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7889| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7890| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7891| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7892| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7893| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7894| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7895| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7896| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7897| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7898| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7899| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7900| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7901| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7902| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7903| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7904| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7905| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7906| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7907| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7908| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7909| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7910| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7911| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7912| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7913| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7914| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7915| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7916| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7917| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7918| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7919| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7920| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7921| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7922| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7923| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7924| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7925| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7926| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7927| [123197] Apache Sentry up to 2.0.0 privilege escalation
7928| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7929| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7930| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7931| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7932| [122800] Apache Spark 1.3.0 REST API weak authentication
7933| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7934| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7935| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7936| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7937| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7938| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7939| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7940| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7941| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7942| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7943| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7944| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7945| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7946| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7947| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7948| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7949| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7950| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7951| [121354] Apache CouchDB HTTP API Code Execution
7952| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7953| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7954| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7955| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7956| [120168] Apache CXF weak authentication
7957| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7958| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7959| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7960| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7961| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7962| [119306] Apache MXNet Network Interface privilege escalation
7963| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7964| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7965| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7966| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7967| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7968| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7969| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7970| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7971| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7972| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7973| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7974| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7975| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7976| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7977| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7978| [117115] Apache Tika up to 1.17 tika-server command injection
7979| [116929] Apache Fineract getReportType Parameter privilege escalation
7980| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7981| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7982| [116926] Apache Fineract REST Parameter privilege escalation
7983| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7984| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7985| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7986| [115883] Apache Hive up to 2.3.2 privilege escalation
7987| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7988| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7989| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7990| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7991| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7992| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7993| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7994| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7995| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7996| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7997| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7998| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7999| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8000| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8001| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8002| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8003| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8004| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8005| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8006| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8007| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8008| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8009| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8010| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8011| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8012| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8013| [113895] Apache Geode up to 1.3.x Code Execution
8014| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8015| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8016| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8017| [113747] Apache Tomcat Servlets privilege escalation
8018| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8019| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8020| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8021| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8022| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8023| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8024| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8025| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8026| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8027| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8028| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8029| [112885] Apache Allura up to 1.8.0 File information disclosure
8030| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8031| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8032| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8033| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8034| [112625] Apache POI up to 3.16 Loop denial of service
8035| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8036| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8037| [112339] Apache NiFi 1.5.0 Header privilege escalation
8038| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8039| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8040| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8041| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8042| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8043| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8044| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8045| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8046| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8047| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8048| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8049| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8050| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8051| [112114] Oracle 9.1 Apache Log4j privilege escalation
8052| [112113] Oracle 9.1 Apache Log4j privilege escalation
8053| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8054| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8055| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8056| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8057| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8058| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8059| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8060| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8061| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8062| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8063| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8064| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8065| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8066| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8067| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8068| [110701] Apache Fineract Query Parameter sql injection
8069| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8070| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8071| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8072| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8073| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8074| [110106] Apache CXF Fediz Spring cross site request forgery
8075| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8076| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8077| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8078| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8079| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8080| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8081| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8082| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8083| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8084| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8085| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8086| [108938] Apple macOS up to 10.13.1 apache denial of service
8087| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8088| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8089| [108935] Apple macOS up to 10.13.1 apache denial of service
8090| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8091| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8092| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8093| [108931] Apple macOS up to 10.13.1 apache denial of service
8094| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8095| [108929] Apple macOS up to 10.13.1 apache denial of service
8096| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8097| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8098| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8099| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8100| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8101| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8102| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8103| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8104| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8105| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8106| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8107| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8108| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8109| [108782] Apache Xerces2 XML Service denial of service
8110| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8111| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8112| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8113| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8114| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8115| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8116| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8117| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8118| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8119| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8120| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8121| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8122| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8123| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8124| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8125| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8126| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8127| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8128| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8129| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8130| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8131| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8132| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8133| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8134| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8135| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8136| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8137| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8138| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8139| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8140| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8141| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8142| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8143| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8144| [107639] Apache NiFi 1.4.0 XML External Entity
8145| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8146| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8147| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8148| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8149| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8150| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8151| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8152| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8153| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8154| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8155| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8156| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8157| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8158| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8159| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8160| [107084] Apache Struts up to 2.3.19 cross site scripting
8161| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8162| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8163| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8164| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8165| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8166| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8167| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8168| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8169| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8170| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8171| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8172| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8173| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8174| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8175| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8176| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8177| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8178| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8179| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8180| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8181| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8182| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8183| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8184| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8185| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8186| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8187| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8188| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8189| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8190| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8191| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8192| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8193| [105643] Apache Pony Mail up to 0.8b weak authentication
8194| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8195| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8196| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8197| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8198| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8199| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8200| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8201| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8202| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8203| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8204| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8205| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8206| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8207| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8208| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8209| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8210| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8211| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8212| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8213| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8214| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8215| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8216| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8217| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8218| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8219| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8220| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8221| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8222| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8223| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8224| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8225| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8226| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8227| [103690] Apache OpenMeetings 1.0.0 sql injection
8228| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8229| [103688] Apache OpenMeetings 1.0.0 weak encryption
8230| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8231| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8232| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8233| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8234| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8235| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8236| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8237| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8238| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8239| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8240| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8241| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8242| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8243| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8244| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8245| [103352] Apache Solr Node weak authentication
8246| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8247| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8248| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8249| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8250| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8251| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8252| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8253| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8254| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8255| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8256| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8257| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8258| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8259| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8260| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8261| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8262| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8263| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8264| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8265| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8266| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8267| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8268| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8269| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8270| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8271| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8272| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8273| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8274| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8275| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8276| [99937] Apache Batik up to 1.8 privilege escalation
8277| [99936] Apache FOP up to 2.1 privilege escalation
8278| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8279| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8280| [99930] Apache Traffic Server up to 6.2.0 denial of service
8281| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8282| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8283| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8284| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8285| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8286| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8287| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8288| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8289| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8290| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8291| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8292| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8293| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8294| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8295| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8296| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8297| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8298| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8299| [98605] Apple macOS up to 10.12.3 Apache denial of service
8300| [98604] Apple macOS up to 10.12.3 Apache denial of service
8301| [98603] Apple macOS up to 10.12.3 Apache denial of service
8302| [98602] Apple macOS up to 10.12.3 Apache denial of service
8303| [98601] Apple macOS up to 10.12.3 Apache denial of service
8304| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8305| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8306| [98199] Apache Camel Validation XML External Entity
8307| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8308| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8309| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8310| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8311| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8312| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8313| [97081] Apache Tomcat HTTPS Request denial of service
8314| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8315| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8316| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8317| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8318| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8319| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8320| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8321| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8322| [95311] Apache Storm UI Daemon privilege escalation
8323| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8324| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8325| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8326| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8327| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8328| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8329| [94540] Apache Tika 1.9 tika-server File information disclosure
8330| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8331| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8332| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8333| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8334| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8335| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8336| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8337| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8338| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8339| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8340| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8341| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8342| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8343| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8344| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8345| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8346| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8347| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8348| [93532] Apache Commons Collections Library Java privilege escalation
8349| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8350| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8351| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8352| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8353| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8354| [93098] Apache Commons FileUpload privilege escalation
8355| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8356| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8357| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8358| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8359| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8360| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8361| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8362| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8363| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8364| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8365| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8366| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8367| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8368| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8369| [92549] Apache Tomcat on Red Hat privilege escalation
8370| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8371| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8372| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8373| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8374| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8375| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8376| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8377| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8378| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8379| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8380| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8381| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8382| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8383| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8384| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8385| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8386| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8387| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8388| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8389| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8390| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8391| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8392| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8393| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8394| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8395| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8396| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8397| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8398| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8399| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8400| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8401| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8402| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8403| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8404| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8405| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8406| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8407| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8408| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8409| [90263] Apache Archiva Header denial of service
8410| [90262] Apache Archiva Deserialize privilege escalation
8411| [90261] Apache Archiva XML DTD Connection privilege escalation
8412| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8413| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8414| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8415| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8416| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8417| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8418| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8419| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8420| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8421| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8422| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8423| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8424| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8425| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8426| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8427| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8428| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8429| [87765] Apache James Server 2.3.2 Command privilege escalation
8430| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8431| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8432| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8433| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8434| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8435| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8436| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8437| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8438| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8439| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8440| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8441| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8442| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8443| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8444| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8445| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8446| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8447| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8448| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8449| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8450| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8451| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8452| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8453| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8454| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8455| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8456| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8457| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8458| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8459| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8460| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8461| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8462| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8463| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8464| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8465| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8466| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8467| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8468| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8469| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8470| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8471| [82076] Apache Ranger up to 0.5.1 privilege escalation
8472| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8473| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8474| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8475| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8476| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8477| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8478| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8479| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8480| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8481| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8482| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8483| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8484| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8485| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8486| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8487| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8488| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8489| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8490| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8491| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8492| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8493| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8494| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8495| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8496| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8497| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8498| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8499| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8500| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8501| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8502| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8503| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8504| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8505| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8506| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8507| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8508| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8509| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8510| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8511| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8512| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8513| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8514| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8515| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8516| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8517| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8518| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8519| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8520| [78989] Apache Ambari up to 2.1.1 Open Redirect
8521| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8522| [78987] Apache Ambari up to 2.0.x cross site scripting
8523| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8524| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8525| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8526| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8527| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8528| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8529| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8530| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8531| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8532| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8533| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8534| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8535| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8536| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8537| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8538| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8539| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8540| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8541| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8542| [76567] Apache Struts 2.3.20 unknown vulnerability
8543| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8544| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8545| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8546| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8547| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8548| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8549| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8550| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8551| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8552| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8553| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8554| [74793] Apache Tomcat File Upload denial of service
8555| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8556| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8557| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8558| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8559| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8560| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8561| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8562| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8563| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8564| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8565| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8566| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8567| [74468] Apache Batik up to 1.6 denial of service
8568| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8569| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8570| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8571| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8572| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8573| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8574| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8575| [73731] Apache XML Security unknown vulnerability
8576| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8577| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8578| [73593] Apache Traffic Server up to 5.1.0 denial of service
8579| [73511] Apache POI up to 3.10 Deadlock denial of service
8580| [73510] Apache Solr up to 4.3.0 cross site scripting
8581| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8582| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8583| [73173] Apache CloudStack Stack-Based unknown vulnerability
8584| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8585| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8586| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8587| [72890] Apache Qpid 0.30 unknown vulnerability
8588| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8589| [72878] Apache Cordova 3.5.0 cross site request forgery
8590| [72877] Apache Cordova 3.5.0 cross site request forgery
8591| [72876] Apache Cordova 3.5.0 cross site request forgery
8592| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8593| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8594| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8595| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8596| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8597| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8598| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8599| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8600| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8601| [71629] Apache Axis2/C spoofing
8602| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8603| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8604| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8605| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8606| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8607| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8608| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8609| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8610| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8611| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8612| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8613| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8614| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8615| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8616| [70809] Apache POI up to 3.11 Crash denial of service
8617| [70808] Apache POI up to 3.10 unknown vulnerability
8618| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8619| [70749] Apache Axis up to 1.4 getCN spoofing
8620| [70701] Apache Traffic Server up to 3.3.5 denial of service
8621| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8622| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8623| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8624| [70661] Apache Subversion up to 1.6.17 denial of service
8625| [70660] Apache Subversion up to 1.6.17 spoofing
8626| [70659] Apache Subversion up to 1.6.17 spoofing
8627| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8628| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8629| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8630| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8631| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8632| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8633| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8634| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8635| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8636| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8637| [69846] Apache HBase up to 0.94.8 information disclosure
8638| [69783] Apache CouchDB up to 1.2.0 memory corruption
8639| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8640| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8641| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8642| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8643| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8644| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8645| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8646| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8647| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8648| [69431] Apache Archiva up to 1.3.6 cross site scripting
8649| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8650| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8651| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8652| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8653| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8654| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8655| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8656| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8657| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8658| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8659| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8660| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8661| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8662| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8663| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8664| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8665| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8666| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8667| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8668| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8669| [66356] Apache Wicket up to 6.8.0 information disclosure
8670| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8671| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8672| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8673| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8674| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8675| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8676| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8677| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8678| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8679| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8680| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8681| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8682| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8683| [65668] Apache Solr 4.0.0 Updater denial of service
8684| [65665] Apache Solr up to 4.3.0 denial of service
8685| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8686| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8687| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8688| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8689| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8690| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8691| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8692| [65410] Apache Struts 2.3.15.3 cross site scripting
8693| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8694| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8695| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8696| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8697| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8698| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8699| [65340] Apache Shindig 2.5.0 information disclosure
8700| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8701| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8702| [10826] Apache Struts 2 File privilege escalation
8703| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8704| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8705| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8706| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8707| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8708| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8709| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8710| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8711| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8712| [64722] Apache XML Security for C++ Heap-based memory corruption
8713| [64719] Apache XML Security for C++ Heap-based memory corruption
8714| [64718] Apache XML Security for C++ verify denial of service
8715| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8716| [64716] Apache XML Security for C++ spoofing
8717| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8718| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8719| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8720| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8721| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8722| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8723| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8724| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8725| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8726| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8727| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8728| [64467] Apache Geronimo 3.0 memory corruption
8729| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8730| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8731| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8732| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8733| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8734| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8735| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8736| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8737| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8738| [8873] Apache Struts 2.3.14 privilege escalation
8739| [8872] Apache Struts 2.3.14 privilege escalation
8740| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8741| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8742| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8743| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8744| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8745| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8746| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8747| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8748| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8749| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8750| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8751| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8752| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8753| [8427] Apache Tomcat Session Transaction weak authentication
8754| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8755| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8756| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8757| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8758| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8759| [63747] Apache Rave up to 0.20 User Account information disclosure
8760| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8761| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8762| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8763| [7687] Apache CXF up to 2.7.2 Token weak authentication
8764| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8765| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8766| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8767| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8768| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8769| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8770| [63090] Apache Tomcat up to 4.1.24 denial of service
8771| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8772| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8773| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8774| [62833] Apache CXF -/2.6.0 spoofing
8775| [62832] Apache Axis2 up to 1.6.2 spoofing
8776| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8777| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8778| [62826] Apache Libcloud up to 0.11.0 spoofing
8779| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8780| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8781| [62661] Apache Axis2 unknown vulnerability
8782| [62658] Apache Axis2 unknown vulnerability
8783| [62467] Apache Qpid up to 0.17 denial of service
8784| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8785| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8786| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8787| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8788| [62035] Apache Struts up to 2.3.4 denial of service
8789| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8790| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8791| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8792| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8793| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8794| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8795| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8796| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8797| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8798| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8799| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8800| [61229] Apache Sling up to 2.1.1 denial of service
8801| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8802| [61094] Apache Roller up to 5.0 cross site scripting
8803| [61093] Apache Roller up to 5.0 cross site request forgery
8804| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8805| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8806| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8807| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8808| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8809| [60708] Apache Qpid 0.12 unknown vulnerability
8810| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8811| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8812| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8813| [4882] Apache Wicket up to 1.5.4 directory traversal
8814| [4881] Apache Wicket up to 1.4.19 cross site scripting
8815| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8816| [60352] Apache Struts up to 2.2.3 memory corruption
8817| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8818| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8819| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8820| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8821| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8822| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8823| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8824| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8825| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8826| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8827| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8828| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8829| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8830| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8831| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8832| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8833| [59888] Apache Tomcat up to 6.0.6 denial of service
8834| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8835| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8836| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8837| [59850] Apache Geronimo up to 2.2.1 denial of service
8838| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8839| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8840| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8841| [58413] Apache Tomcat up to 6.0.10 spoofing
8842| [58381] Apache Wicket up to 1.4.17 cross site scripting
8843| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8844| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8845| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8846| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8847| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8848| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8849| [57568] Apache Archiva up to 1.3.4 cross site scripting
8850| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8851| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8852| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8853| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8854| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8855| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8856| [57025] Apache Tomcat up to 7.0.11 information disclosure
8857| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8858| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8859| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8860| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8861| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8862| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8863| [56512] Apache Continuum up to 1.4.0 cross site scripting
8864| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8865| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8866| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8867| [56441] Apache Tomcat up to 7.0.6 denial of service
8868| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8869| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8870| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8871| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8872| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8873| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8874| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8875| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8876| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8877| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8878| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8879| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8880| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8881| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8882| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8883| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8884| [54012] Apache Tomcat up to 6.0.10 denial of service
8885| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8886| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8887| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8888| [52894] Apache Tomcat up to 6.0.7 information disclosure
8889| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8890| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8891| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8892| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8893| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8894| [52584] Apache CouchDB up to 0.10.1 information disclosure
8895| [51757] Apache HTTP Server 2.0.44 cross site scripting
8896| [51756] Apache HTTP Server 2.0.44 spoofing
8897| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8898| [51690] Apache Tomcat up to 6.0 directory traversal
8899| [51689] Apache Tomcat up to 6.0 information disclosure
8900| [51688] Apache Tomcat up to 6.0 directory traversal
8901| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8902| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8903| [50626] Apache Solr 1.0.0 cross site scripting
8904| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8905| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8906| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8907| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8908| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8909| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8910| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8911| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8912| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8913| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8914| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8915| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8916| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8917| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8918| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8919| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8920| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8921| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8922| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8923| [47214] Apachefriends xampp 1.6.8 spoofing
8924| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8925| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8926| [47065] Apache Tomcat 4.1.23 cross site scripting
8927| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8928| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8929| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8930| [86625] Apache Struts directory traversal
8931| [44461] Apache Tomcat up to 5.5.0 information disclosure
8932| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8933| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8934| [43663] Apache Tomcat up to 6.0.16 directory traversal
8935| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8936| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8937| [43516] Apache Tomcat up to 4.1.20 directory traversal
8938| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8939| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8940| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8941| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8942| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8943| [40924] Apache Tomcat up to 6.0.15 information disclosure
8944| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8945| [40922] Apache Tomcat up to 6.0 information disclosure
8946| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8947| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8948| [40656] Apache Tomcat 5.5.20 information disclosure
8949| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8950| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8951| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8952| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8953| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8954| [40234] Apache Tomcat up to 6.0.15 directory traversal
8955| [40221] Apache HTTP Server 2.2.6 information disclosure
8956| [40027] David Castro Apache Authcas 0.4 sql injection
8957| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8958| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8959| [3414] Apache Tomcat WebDAV Stored privilege escalation
8960| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8961| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8962| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8963| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8964| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8965| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8966| [38524] Apache Geronimo 2.0 unknown vulnerability
8967| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8968| [38331] Apache Tomcat 4.1.24 information disclosure
8969| [38330] Apache Tomcat 4.1.24 information disclosure
8970| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8971| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8972| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8973| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8974| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8975| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8976| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8977| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8978| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8979| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8980| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8981| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8982| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8983| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8984| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8985| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8986| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8987| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8988| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8989| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8990| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8991| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8992| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8993| [34252] Apache HTTP Server denial of service
8994| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8995| [33877] Apache Opentaps 0.9.3 cross site scripting
8996| [33876] Apache Open For Business Project unknown vulnerability
8997| [33875] Apache Open For Business Project cross site scripting
8998| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8999| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9000|
9001| MITRE CVE - https://cve.mitre.org:
9002| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9003| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9004| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9005| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9006| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9007| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9008| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9009| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9010| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9011| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9012| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9013| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9014| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9015| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9016| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9017| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9018| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9019| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9020| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9021| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9022| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9023| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9024| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9025| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9026| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9027| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9028| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9029| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9030| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9031| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9032| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9033| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9034| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9035| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9036| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9037| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9038| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9039| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9040| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9041| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9042| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9043| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9044| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9045| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9046| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9047| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9048| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9049| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9050| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9051| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9052| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9053| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9054| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9055| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9056| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9057| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9058| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9059| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9060| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9061| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9062| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9063| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9064| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9065| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9066| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9067| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9068| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9069| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9070| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9071| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9072| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9073| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9074| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9075| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9076| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9077| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9078| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9079| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9080| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9081| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9082| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9083| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9084| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9085| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9086| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9087| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9088| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9089| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9090| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9091| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9092| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9093| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9094| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9095| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9096| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9097| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9098| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9099| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9100| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9101| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9102| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9103| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9104| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9105| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9106| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9107| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9108| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9109| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9110| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9111| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9112| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9113| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9114| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9115| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9116| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9117| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9118| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9119| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9120| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9121| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9122| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9123| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9124| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9125| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9126| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9127| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9128| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9129| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9130| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9131| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9132| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9133| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9134| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9135| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9136| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9137| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9138| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9139| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9140| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9141| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9142| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9143| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9144| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9145| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9146| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9147| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9148| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9149| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9150| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9151| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9152| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9153| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9154| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9155| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9156| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9157| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9158| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9159| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9160| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9161| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9162| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9163| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9164| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9165| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9166| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9167| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9168| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9169| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9170| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9171| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9172| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9173| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9174| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9175| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9176| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9177| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9178| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9179| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9180| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9181| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9182| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9183| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9184| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9185| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9186| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9187| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9188| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9189| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9190| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9191| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9192| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9193| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9194| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9195| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9196| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9197| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9198| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9199| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9200| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9201| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9202| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9203| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9204| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9205| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9206| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9207| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9208| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9209| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9210| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9211| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9212| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9213| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9214| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9215| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9216| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9217| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9218| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9219| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9220| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9221| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9222| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9223| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9224| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9225| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9226| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9227| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9228| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9229| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9230| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9231| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9232| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9233| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9234| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9235| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9236| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9237| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9238| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9239| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9240| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9241| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9242| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9243| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9244| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9245| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9246| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9247| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9248| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9249| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9250| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9251| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9252| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9253| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9254| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9255| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9256| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9257| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9258| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9259| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9260| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9261| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9262| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9263| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9264| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9265| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9266| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9267| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9268| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9269| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9270| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9271| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9272| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9273| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9274| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9275| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9276| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9277| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9278| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9279| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9280| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9281| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9282| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9283| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9284| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9285| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9286| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9287| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9288| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9289| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9290| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9291| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9292| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9293| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9294| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9295| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9296| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9297| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9298| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9299| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9300| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9301| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9302| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9303| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9304| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9305| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9306| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9307| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9308| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9309| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9310| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9311| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9312| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9313| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9314| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9315| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9316| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9317| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9318| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9319| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9320| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9321| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9322| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9323| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9324| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9325| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9326| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9327| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9328| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9329| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9330| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9331| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9332| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9333| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9334| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9335| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9336| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9337| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9338| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9339| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9340| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9341| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9342| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9343| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9344| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9345| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9346| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9347| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9348| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9349| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9350| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9351| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9352| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9353| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9354| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9355| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9356| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9357| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9358| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9359| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9360| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9361| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9362| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9363| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9364| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9365| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9366| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9367| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9368| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9369| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9370| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9371| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9372| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9373| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9374| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9375| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9376| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9377| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9378| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9379| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9380| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9381| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9382| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9383| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9384| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9385| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9386| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9387| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9388| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9389| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9390| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9391| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9392| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9393| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9394| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9395| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9396| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9397| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9398| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9399| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9400| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9401| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9402| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9403| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9404| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9405| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9406| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9407| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9408| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9409| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9410| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9411| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9412| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9413| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9414| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9415| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9416| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9417| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9418| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9419| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9420| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9421| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9422| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9423| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9424| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9425| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9426| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9427| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9428| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9429| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9430| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9431| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9432| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9433| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9434| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9435| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9436| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9437| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9438| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9439| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9440| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9441| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9442| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9443| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9444| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9445| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9446| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9447| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9448| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9449| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9450| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9451| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9452| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9453| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9454| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9455| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9456| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9457| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9458| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9459| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9460| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9461| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9462| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9463| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9464| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9465| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9466| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9467| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9468| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9469| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9470| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9471| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9472| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9473| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9474| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9475| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9476| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9477| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9478| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9479| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9480| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9481| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9482| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9483| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9484| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9485| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9486| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9487| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9488| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9489| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9490| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9491| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9492| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9493| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9494| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9495| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9496| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9497| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9498| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9499| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9500| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9501| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9502| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9503| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9504| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9505| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9506| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9507| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9508| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9509| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9510| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9511| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9512| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9513| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9514| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9515| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9516| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9517| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9518| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9519| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9520| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9521| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9522| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9523| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9524| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9525| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9526| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9527| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9528| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9529| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9530| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9531| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9532| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9533| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9534| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9535| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9536| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9537| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9538| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9539| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9540| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9541| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9542| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9543| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9544| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9545| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9546| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9547| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9548| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9549| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9550| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9551| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9552| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9553| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9554| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9555| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9556| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9557| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9558| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9559| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9560| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9561| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9562| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9563| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9564| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9565| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9566| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9567| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9568| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9569| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9570| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9571| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9572| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9573| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9574| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9575| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9576| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9577| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9578| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9579| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9580| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9581| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9582| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9583| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9584| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9585| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9586| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9587| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9588| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9589| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9590| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9591| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9592| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9593| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9594| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9595| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9596| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9597| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9598| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9599| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9600| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9601| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9602| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9603| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9604| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9605| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9606| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9607| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9608| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9609| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9610| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9611|
9612| SecurityFocus - https://www.securityfocus.com/bid/:
9613| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9614| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9615| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9616| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9617| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9618| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9619| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9620| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9621| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9622| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9623| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9624| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9625| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9626| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9627| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9628| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9629| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9630| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9631| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9632| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9633| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9634| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9635| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9636| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9637| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9638| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9639| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9640| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9641| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9642| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9643| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9644| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9645| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9646| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9647| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9648| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9649| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9650| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9651| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9652| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9653| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9654| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9655| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9656| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9657| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9658| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9659| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9660| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9661| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9662| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9663| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9664| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9665| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9666| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9667| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9668| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9669| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9670| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9671| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9672| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9673| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9674| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9675| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9676| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9677| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9678| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9679| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9680| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9681| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9682| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9683| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9684| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9685| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9686| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9687| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9688| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9689| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9690| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9691| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9692| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9693| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9694| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9695| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9696| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9697| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9698| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9699| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9700| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9701| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9702| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9703| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9704| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9705| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9706| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9707| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9708| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9709| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9710| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9711| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9712| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9713| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9714| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9715| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9716| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9717| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9718| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9719| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9720| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9721| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9722| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9723| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9724| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9725| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9726| [100447] Apache2Triad Multiple Security Vulnerabilities
9727| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9728| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9729| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9730| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9731| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9732| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9733| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9734| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9735| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9736| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9737| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9738| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9739| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9740| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9741| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9742| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9743| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9744| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9745| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9746| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9747| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9748| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9749| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9750| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9751| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9752| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9753| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9754| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9755| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9756| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9757| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9758| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9759| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9760| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9761| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9762| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9763| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9764| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9765| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9766| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9767| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9768| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9769| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9770| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9771| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9772| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9773| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9774| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9775| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9776| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9777| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9778| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9779| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9780| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9781| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9782| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9783| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9784| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9785| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9786| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9787| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9788| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9789| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9790| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9791| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9792| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9793| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9794| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9795| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9796| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9797| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9798| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9799| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9800| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9801| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9802| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9803| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9804| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9805| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9806| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9807| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9808| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9809| [95675] Apache Struts Remote Code Execution Vulnerability
9810| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9811| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9812| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9813| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9814| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9815| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9816| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9817| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9818| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9819| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9820| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9821| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9822| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9823| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9824| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9825| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9826| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9827| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9828| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9829| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9830| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9831| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9832| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9833| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9834| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9835| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9836| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9837| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9838| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9839| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9840| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9841| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9842| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9843| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9844| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9845| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9846| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9847| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9848| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9849| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9850| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9851| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9852| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9853| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9854| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9855| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9856| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9857| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9858| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9859| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9860| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9861| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9862| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9863| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9864| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9865| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9866| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9867| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9868| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9869| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9870| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9871| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9872| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9873| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9874| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9875| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9876| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9877| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9878| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9879| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9880| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9881| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9882| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9883| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9884| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9885| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9886| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9887| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9888| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9889| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9890| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9891| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9892| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9893| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9894| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9895| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9896| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9897| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9898| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9899| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9900| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9901| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9902| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9903| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9904| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9905| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9906| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9907| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9908| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9909| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9910| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9911| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9912| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9913| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9914| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9915| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9916| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9917| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9918| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9919| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9920| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9921| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9922| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9923| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9924| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9925| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9926| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9927| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9928| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9929| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9930| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9931| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9932| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9933| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9934| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9935| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9936| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9937| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9938| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9939| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9940| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9941| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9942| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9943| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9944| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9945| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9946| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9947| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9948| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9949| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9950| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9951| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9952| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9953| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9954| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9955| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9956| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9957| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9958| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9959| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9960| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9961| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9962| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9963| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9964| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9965| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9966| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9967| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9968| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9969| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9970| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9971| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9972| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9973| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9974| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9975| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9976| [76933] Apache James Server Unspecified Command Execution Vulnerability
9977| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9978| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9979| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9980| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9981| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9982| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9983| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9984| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9985| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9986| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9987| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9988| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9989| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9990| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9991| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9992| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9993| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9994| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9995| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9996| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9997| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9998| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9999| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10000| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10001| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10002| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10003| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10004| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10005| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10006| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10007| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10008| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10009| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10010| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10011| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10012| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10013| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10014| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10015| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10016| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10017| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10018| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10019| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10020| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10021| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10022| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10023| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10024| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10025| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10026| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10027| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10028| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10029| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10030| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10031| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10032| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10033| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10034| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10035| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10036| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10037| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10038| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10039| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10040| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10041| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10042| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10043| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10044| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10045| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10046| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10047| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10048| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10049| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10050| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10051| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10052| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10053| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10054| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10055| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10056| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10057| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10058| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10059| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10060| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10061| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10062| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10063| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10064| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10065| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10066| [68229] Apache Harmony PRNG Entropy Weakness
10067| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10068| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10069| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10070| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10071| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10072| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10073| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10074| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10075| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10076| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10077| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10078| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10079| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10080| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10081| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10082| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10083| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10084| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10085| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10086| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10087| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10088| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10089| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10090| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10091| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10092| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10093| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10094| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10095| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10096| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10097| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10098| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10099| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10100| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10101| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10102| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10103| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10104| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10105| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10106| [64780] Apache CloudStack Unauthorized Access Vulnerability
10107| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10108| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10109| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10110| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10111| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10112| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10113| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10114| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10115| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10116| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10117| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10118| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10119| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10120| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10121| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10122| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10123| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10124| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10125| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10126| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10127| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10128| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10129| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10130| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10131| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10132| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10133| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10134| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10135| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10136| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10137| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10138| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10139| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10140| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10141| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10142| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10143| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10144| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10145| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10146| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10147| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10148| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10149| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10150| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10151| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10152| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10153| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10154| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10155| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10156| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10157| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10158| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10159| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10160| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10161| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10162| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10163| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10164| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10165| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10166| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10167| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10168| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10169| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10170| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10171| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10172| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10173| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10174| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10175| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10176| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10177| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10178| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10179| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10180| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10181| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10182| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10183| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10184| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10185| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10186| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10187| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10188| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10189| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10190| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10191| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10192| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10193| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10194| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10195| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10196| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10197| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10198| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10199| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10200| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10201| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10202| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10203| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10204| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10205| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10206| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10207| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10208| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10209| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10210| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10211| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10212| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10213| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10214| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10215| [54798] Apache Libcloud Man In The Middle Vulnerability
10216| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10217| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10218| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10219| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10220| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10221| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10222| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10223| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10224| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10225| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10226| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10227| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10228| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10229| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10230| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10231| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10232| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10233| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10234| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10235| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10236| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10237| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10238| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10239| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10240| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10241| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10242| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10243| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10244| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10245| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10246| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10247| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10248| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10249| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10250| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10251| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10252| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10253| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10254| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10255| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10256| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10257| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10258| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10259| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10260| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10261| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10262| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10263| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10264| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10265| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10266| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10267| [49290] Apache Wicket Cross Site Scripting Vulnerability
10268| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10269| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10270| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10271| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10272| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10273| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10274| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10275| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10276| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10277| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10278| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10279| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10280| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10281| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10282| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10283| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10284| [46953] Apache MPM-ITK Module Security Weakness
10285| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10286| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10287| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10288| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10289| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10290| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10291| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10292| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10293| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10294| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10295| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10296| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10297| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10298| [44616] Apache Shiro Directory Traversal Vulnerability
10299| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10300| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10301| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10302| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10303| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10304| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10305| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10306| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10307| [42492] Apache CXF XML DTD Processing Security Vulnerability
10308| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10309| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10310| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10311| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10312| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10313| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10314| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10315| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10316| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10317| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10318| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10319| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10320| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10321| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10322| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10323| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10324| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10325| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10326| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10327| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10328| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10329| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10330| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10331| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10332| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10333| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10334| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10335| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10336| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10337| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10338| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10339| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10340| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10341| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10342| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10343| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10344| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10345| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10346| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10347| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10348| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10349| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10350| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10351| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10352| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10353| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10354| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10355| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10356| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10357| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10358| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10359| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10360| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10361| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10362| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10363| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10364| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10365| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10366| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10367| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10368| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10369| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10370| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10371| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10372| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10373| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10374| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10375| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10376| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10377| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10378| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10379| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10380| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10381| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10382| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10383| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10384| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10385| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10386| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10387| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10388| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10389| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10390| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10391| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10392| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10393| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10394| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10395| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10396| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10397| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10398| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10399| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10400| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10401| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10402| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10403| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10404| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10405| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10406| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10407| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10408| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10409| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10410| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10411| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10412| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10413| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10414| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10415| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10416| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10417| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10418| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10419| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10420| [20527] Apache Mod_TCL Remote Format String Vulnerability
10421| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10422| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10423| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10424| [19106] Apache Tomcat Information Disclosure Vulnerability
10425| [18138] Apache James SMTP Denial Of Service Vulnerability
10426| [17342] Apache Struts Multiple Remote Vulnerabilities
10427| [17095] Apache Log4Net Denial Of Service Vulnerability
10428| [16916] Apache mod_python FileSession Code Execution Vulnerability
10429| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10430| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10431| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10432| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10433| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10434| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10435| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10436| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10437| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10438| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10439| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10440| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10441| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10442| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10443| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10444| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10445| [14106] Apache HTTP Request Smuggling Vulnerability
10446| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10447| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10448| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10449| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10450| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10451| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10452| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10453| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10454| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10455| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10456| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10457| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10458| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10459| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10460| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10461| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10462| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10463| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10464| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10465| [11094] Apache mod_ssl Denial Of Service Vulnerability
10466| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10467| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10468| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10469| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10470| [10478] ClueCentral Apache Suexec Patch Security Weakness
10471| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10472| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10473| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10474| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10475| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10476| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10477| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10478| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10479| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10480| [9733] Apache Cygwin Directory Traversal Vulnerability
10481| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10482| [9590] Apache-SSL Client Certificate Forging Vulnerability
10483| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10484| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10485| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10486| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10487| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10488| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10489| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10490| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10491| [8898] Red Hat Apache Directory Index Default Configuration Error
10492| [8883] Apache Cocoon Directory Traversal Vulnerability
10493| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10494| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10495| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10496| [8707] Apache htpasswd Password Entropy Weakness
10497| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10498| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10499| [8226] Apache HTTP Server Multiple Vulnerabilities
10500| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10501| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10502| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10503| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10504| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10505| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10506| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10507| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10508| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10509| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10510| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10511| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10512| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10513| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10514| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10515| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10516| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10517| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10518| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10519| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10520| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10521| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10522| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10523| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10524| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10525| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10526| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10527| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10528| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10529| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10530| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10531| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10532| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10533| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10534| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10535| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10536| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10537| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10538| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10539| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10540| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10541| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10542| [5485] Apache 2.0 Path Disclosure Vulnerability
10543| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10544| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10545| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10546| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10547| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10548| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10549| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10550| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10551| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10552| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10553| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10554| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10555| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10556| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10557| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10558| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10559| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10560| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10561| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10562| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10563| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10564| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10565| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10566| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10567| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10568| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10569| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10570| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10571| [3596] Apache Split-Logfile File Append Vulnerability
10572| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10573| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10574| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10575| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10576| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10577| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10578| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10579| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10580| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10581| [3169] Apache Server Address Disclosure Vulnerability
10582| [3009] Apache Possible Directory Index Disclosure Vulnerability
10583| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10584| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10585| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10586| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10587| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10588| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10589| [2216] Apache Web Server DoS Vulnerability
10590| [2182] Apache /tmp File Race Vulnerability
10591| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10592| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10593| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10594| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10595| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10596| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10597| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10598| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10599| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10600| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10601| [1457] Apache::ASP source.asp Example Script Vulnerability
10602| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10603| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10604|
10605| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10606| [86258] Apache CloudStack text fields cross-site scripting
10607| [85983] Apache Subversion mod_dav_svn module denial of service
10608| [85875] Apache OFBiz UEL code execution
10609| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10610| [85871] Apache HTTP Server mod_session_dbd unspecified
10611| [85756] Apache Struts OGNL expression command execution
10612| [85755] Apache Struts DefaultActionMapper class open redirect
10613| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10614| [85574] Apache HTTP Server mod_dav denial of service
10615| [85573] Apache Struts Showcase App OGNL code execution
10616| [85496] Apache CXF denial of service
10617| [85423] Apache Geronimo RMI classloader code execution
10618| [85326] Apache Santuario XML Security for C++ buffer overflow
10619| [85323] Apache Santuario XML Security for Java spoofing
10620| [85319] Apache Qpid Python client SSL spoofing
10621| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10622| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10623| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10624| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10625| [84952] Apache Tomcat CVE-2012-3544 denial of service
10626| [84763] Apache Struts CVE-2013-2135 security bypass
10627| [84762] Apache Struts CVE-2013-2134 security bypass
10628| [84719] Apache Subversion CVE-2013-2088 command execution
10629| [84718] Apache Subversion CVE-2013-2112 denial of service
10630| [84717] Apache Subversion CVE-2013-1968 denial of service
10631| [84577] Apache Tomcat security bypass
10632| [84576] Apache Tomcat symlink
10633| [84543] Apache Struts CVE-2013-2115 security bypass
10634| [84542] Apache Struts CVE-2013-1966 security bypass
10635| [84154] Apache Tomcat session hijacking
10636| [84144] Apache Tomcat denial of service
10637| [84143] Apache Tomcat information disclosure
10638| [84111] Apache HTTP Server command execution
10639| [84043] Apache Virtual Computing Lab cross-site scripting
10640| [84042] Apache Virtual Computing Lab cross-site scripting
10641| [83782] Apache CloudStack information disclosure
10642| [83781] Apache CloudStack security bypass
10643| [83720] Apache ActiveMQ cross-site scripting
10644| [83719] Apache ActiveMQ denial of service
10645| [83718] Apache ActiveMQ denial of service
10646| [83263] Apache Subversion denial of service
10647| [83262] Apache Subversion denial of service
10648| [83261] Apache Subversion denial of service
10649| [83259] Apache Subversion denial of service
10650| [83035] Apache mod_ruid2 security bypass
10651| [82852] Apache Qpid federation_tag security bypass
10652| [82851] Apache Qpid qpid::framing::Buffer denial of service
10653| [82758] Apache Rave User RPC API information disclosure
10654| [82663] Apache Subversion svn_fs_file_length() denial of service
10655| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10656| [82641] Apache Qpid AMQP denial of service
10657| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10658| [82618] Apache Commons FileUpload symlink
10659| [82360] Apache HTTP Server manager interface cross-site scripting
10660| [82359] Apache HTTP Server hostnames cross-site scripting
10661| [82338] Apache Tomcat log/logdir information disclosure
10662| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10663| [82268] Apache OpenJPA deserialization command execution
10664| [81981] Apache CXF UsernameTokens security bypass
10665| [81980] Apache CXF WS-Security security bypass
10666| [81398] Apache OFBiz cross-site scripting
10667| [81240] Apache CouchDB directory traversal
10668| [81226] Apache CouchDB JSONP code execution
10669| [81225] Apache CouchDB Futon user interface cross-site scripting
10670| [81211] Apache Axis2/C SSL spoofing
10671| [81167] Apache CloudStack DeployVM information disclosure
10672| [81166] Apache CloudStack AddHost API information disclosure
10673| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10674| [80518] Apache Tomcat cross-site request forgery security bypass
10675| [80517] Apache Tomcat FormAuthenticator security bypass
10676| [80516] Apache Tomcat NIO denial of service
10677| [80408] Apache Tomcat replay-countermeasure security bypass
10678| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10679| [80317] Apache Tomcat slowloris denial of service
10680| [79984] Apache Commons HttpClient SSL spoofing
10681| [79983] Apache CXF SSL spoofing
10682| [79830] Apache Axis2/Java SSL spoofing
10683| [79829] Apache Axis SSL spoofing
10684| [79809] Apache Tomcat DIGEST security bypass
10685| [79806] Apache Tomcat parseHeaders() denial of service
10686| [79540] Apache OFBiz unspecified
10687| [79487] Apache Axis2 SAML security bypass
10688| [79212] Apache Cloudstack code execution
10689| [78734] Apache CXF SOAP Action security bypass
10690| [78730] Apache Qpid broker denial of service
10691| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10692| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10693| [78562] Apache mod_pagespeed module security bypass
10694| [78454] Apache Axis2 security bypass
10695| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10696| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10697| [78321] Apache Wicket unspecified cross-site scripting
10698| [78183] Apache Struts parameters denial of service
10699| [78182] Apache Struts cross-site request forgery
10700| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10701| [77987] mod_rpaf module for Apache denial of service
10702| [77958] Apache Struts skill name code execution
10703| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10704| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10705| [77568] Apache Qpid broker security bypass
10706| [77421] Apache Libcloud spoofing
10707| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10708| [77046] Oracle Solaris Apache HTTP Server information disclosure
10709| [76837] Apache Hadoop information disclosure
10710| [76802] Apache Sling CopyFrom denial of service
10711| [76692] Apache Hadoop symlink
10712| [76535] Apache Roller console cross-site request forgery
10713| [76534] Apache Roller weblog cross-site scripting
10714| [76152] Apache CXF elements security bypass
10715| [76151] Apache CXF child policies security bypass
10716| [75983] MapServer for Windows Apache file include
10717| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10718| [75558] Apache POI denial of service
10719| [75545] PHP apache_request_headers() buffer overflow
10720| [75302] Apache Qpid SASL security bypass
10721| [75211] Debian GNU/Linux apache 2 cross-site scripting
10722| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10723| [74871] Apache OFBiz FlexibleStringExpander code execution
10724| [74870] Apache OFBiz multiple cross-site scripting
10725| [74750] Apache Hadoop unspecified spoofing
10726| [74319] Apache Struts XSLTResult.java file upload
10727| [74313] Apache Traffic Server header buffer overflow
10728| [74276] Apache Wicket directory traversal
10729| [74273] Apache Wicket unspecified cross-site scripting
10730| [74181] Apache HTTP Server mod_fcgid module denial of service
10731| [73690] Apache Struts OGNL code execution
10732| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10733| [73100] Apache MyFaces in directory traversal
10734| [73096] Apache APR hash denial of service
10735| [73052] Apache Struts name cross-site scripting
10736| [73030] Apache CXF UsernameToken security bypass
10737| [72888] Apache Struts lastName cross-site scripting
10738| [72758] Apache HTTP Server httpOnly information disclosure
10739| [72757] Apache HTTP Server MPM denial of service
10740| [72585] Apache Struts ParameterInterceptor security bypass
10741| [72438] Apache Tomcat Digest security bypass
10742| [72437] Apache Tomcat Digest security bypass
10743| [72436] Apache Tomcat DIGEST security bypass
10744| [72425] Apache Tomcat parameter denial of service
10745| [72422] Apache Tomcat request object information disclosure
10746| [72377] Apache HTTP Server scoreboard security bypass
10747| [72345] Apache HTTP Server HTTP request denial of service
10748| [72229] Apache Struts ExceptionDelegator command execution
10749| [72089] Apache Struts ParameterInterceptor directory traversal
10750| [72088] Apache Struts CookieInterceptor command execution
10751| [72047] Apache Geronimo hash denial of service
10752| [72016] Apache Tomcat hash denial of service
10753| [71711] Apache Struts OGNL expression code execution
10754| [71654] Apache Struts interfaces security bypass
10755| [71620] Apache ActiveMQ failover denial of service
10756| [71617] Apache HTTP Server mod_proxy module information disclosure
10757| [71508] Apache MyFaces EL security bypass
10758| [71445] Apache HTTP Server mod_proxy security bypass
10759| [71203] Apache Tomcat servlets privilege escalation
10760| [71181] Apache HTTP Server ap_pregsub() denial of service
10761| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10762| [70336] Apache HTTP Server mod_proxy information disclosure
10763| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10764| [69472] Apache Tomcat AJP security bypass
10765| [69396] Apache HTTP Server ByteRange filter denial of service
10766| [69394] Apache Wicket multi window support cross-site scripting
10767| [69176] Apache Tomcat XML information disclosure
10768| [69161] Apache Tomcat jsvc information disclosure
10769| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10770| [68541] Apache Tomcat sendfile information disclosure
10771| [68420] Apache XML Security denial of service
10772| [68238] Apache Tomcat JMX information disclosure
10773| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10774| [67804] Apache Subversion control rules information disclosure
10775| [67803] Apache Subversion control rules denial of service
10776| [67802] Apache Subversion baselined denial of service
10777| [67672] Apache Archiva multiple cross-site scripting
10778| [67671] Apache Archiva multiple cross-site request forgery
10779| [67564] Apache APR apr_fnmatch() denial of service
10780| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10781| [67515] Apache Tomcat annotations security bypass
10782| [67480] Apache Struts s:submit information disclosure
10783| [67414] Apache APR apr_fnmatch() denial of service
10784| [67356] Apache Struts javatemplates cross-site scripting
10785| [67354] Apache Struts Xwork cross-site scripting
10786| [66676] Apache Tomcat HTTP BIO information disclosure
10787| [66675] Apache Tomcat web.xml security bypass
10788| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10789| [66241] Apache HttpComponents information disclosure
10790| [66154] Apache Tomcat ServletSecurity security bypass
10791| [65971] Apache Tomcat ServletSecurity security bypass
10792| [65876] Apache Subversion mod_dav_svn denial of service
10793| [65343] Apache Continuum unspecified cross-site scripting
10794| [65162] Apache Tomcat NIO connector denial of service
10795| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10796| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10797| [65159] Apache Tomcat ServletContect security bypass
10798| [65050] Apache CouchDB web-based administration UI cross-site scripting
10799| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10800| [64473] Apache Subversion blame -g denial of service
10801| [64472] Apache Subversion walk() denial of service
10802| [64407] Apache Axis2 CVE-2010-0219 code execution
10803| [63926] Apache Archiva password privilege escalation
10804| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10805| [63493] Apache Archiva credentials cross-site request forgery
10806| [63477] Apache Tomcat HttpOnly session hijacking
10807| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10808| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10809| [62959] Apache Shiro filters security bypass
10810| [62790] Apache Perl cgi module denial of service
10811| [62576] Apache Qpid exchange denial of service
10812| [62575] Apache Qpid AMQP denial of service
10813| [62354] Apache Qpid SSL denial of service
10814| [62235] Apache APR-util apr_brigade_split_line() denial of service
10815| [62181] Apache XML-RPC SAX Parser information disclosure
10816| [61721] Apache Traffic Server cache poisoning
10817| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10818| [61186] Apache CouchDB Futon cross-site request forgery
10819| [61169] Apache CXF DTD denial of service
10820| [61070] Apache Jackrabbit search.jsp SQL injection
10821| [61006] Apache SLMS Quoting cross-site request forgery
10822| [60962] Apache Tomcat time cross-site scripting
10823| [60883] Apache mod_proxy_http information disclosure
10824| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10825| [60264] Apache Tomcat Transfer-Encoding denial of service
10826| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10827| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10828| [59413] Apache mod_proxy_http timeout information disclosure
10829| [59058] Apache MyFaces unencrypted view state cross-site scripting
10830| [58827] Apache Axis2 xsd file include
10831| [58790] Apache Axis2 modules cross-site scripting
10832| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10833| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10834| [58056] Apache ActiveMQ .jsp source code disclosure
10835| [58055] Apache Tomcat realm name information disclosure
10836| [58046] Apache HTTP Server mod_auth_shadow security bypass
10837| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10838| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10839| [57429] Apache CouchDB algorithms information disclosure
10840| [57398] Apache ActiveMQ Web console cross-site request forgery
10841| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10842| [56653] Apache HTTP Server DNS spoofing
10843| [56652] Apache HTTP Server DNS cross-site scripting
10844| [56625] Apache HTTP Server request header information disclosure
10845| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10846| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10847| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10848| [55857] Apache Tomcat WAR files directory traversal
10849| [55856] Apache Tomcat autoDeploy attribute security bypass
10850| [55855] Apache Tomcat WAR directory traversal
10851| [55210] Intuit component for Joomla! Apache information disclosure
10852| [54533] Apache Tomcat 404 error page cross-site scripting
10853| [54182] Apache Tomcat admin default password
10854| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10855| [53666] Apache HTTP Server Solaris pollset support denial of service
10856| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10857| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10858| [53041] mod_proxy_ftp module for Apache denial of service
10859| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10860| [51953] Apache Tomcat Path Disclosure
10861| [51952] Apache Tomcat Path Traversal
10862| [51951] Apache stronghold-status Information Disclosure
10863| [51950] Apache stronghold-info Information Disclosure
10864| [51949] Apache PHP Source Code Disclosure
10865| [51948] Apache Multiviews Attack
10866| [51946] Apache JServ Environment Status Information Disclosure
10867| [51945] Apache error_log Information Disclosure
10868| [51944] Apache Default Installation Page Pattern Found
10869| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10870| [51942] Apache AXIS XML External Entity File Retrieval
10871| [51941] Apache AXIS Sample Servlet Information Leak
10872| [51940] Apache access_log Information Disclosure
10873| [51626] Apache mod_deflate denial of service
10874| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10875| [51365] Apache Tomcat RequestDispatcher security bypass
10876| [51273] Apache HTTP Server Incomplete Request denial of service
10877| [51195] Apache Tomcat XML information disclosure
10878| [50994] Apache APR-util xml/apr_xml.c denial of service
10879| [50993] Apache APR-util apr_brigade_vprintf denial of service
10880| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10881| [50930] Apache Tomcat j_security_check information disclosure
10882| [50928] Apache Tomcat AJP denial of service
10883| [50884] Apache HTTP Server XML ENTITY denial of service
10884| [50808] Apache HTTP Server AllowOverride privilege escalation
10885| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10886| [50059] Apache mod_proxy_ajp information disclosure
10887| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10888| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10889| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10890| [49921] Apache ActiveMQ Web interface cross-site scripting
10891| [49898] Apache Geronimo Services/Repository directory traversal
10892| [49725] Apache Tomcat mod_jk module information disclosure
10893| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10894| [49712] Apache Struts unspecified cross-site scripting
10895| [49213] Apache Tomcat cal2.jsp cross-site scripting
10896| [48934] Apache Tomcat POST doRead method information disclosure
10897| [48211] Apache Tomcat header HTTP request smuggling
10898| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10899| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10900| [47709] Apache Roller "
10901| [47104] Novell Netware ApacheAdmin console security bypass
10902| [47086] Apache HTTP Server OS fingerprinting unspecified
10903| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10904| [45791] Apache Tomcat RemoteFilterValve security bypass
10905| [44435] Oracle WebLogic Apache Connector buffer overflow
10906| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10907| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10908| [44156] Apache Tomcat RequestDispatcher directory traversal
10909| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10910| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10911| [42987] Apache HTTP Server mod_proxy module denial of service
10912| [42915] Apache Tomcat JSP files path disclosure
10913| [42914] Apache Tomcat MS-DOS path disclosure
10914| [42892] Apache Tomcat unspecified unauthorized access
10915| [42816] Apache Tomcat Host Manager cross-site scripting
10916| [42303] Apache 403 error cross-site scripting
10917| [41618] Apache-SSL ExpandCert() authentication bypass
10918| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10919| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10920| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10921| [40562] Apache Geronimo init information disclosure
10922| [40478] Novell Web Manager webadmin-apache.conf security bypass
10923| [40411] Apache Tomcat exception handling information disclosure
10924| [40409] Apache Tomcat native (APR based) connector weak security
10925| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10926| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10927| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10928| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10929| [39804] Apache Tomcat SingleSignOn information disclosure
10930| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10931| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10932| [39608] Apache HTTP Server balancer manager cross-site request forgery
10933| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10934| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10935| [39472] Apache HTTP Server mod_status cross-site scripting
10936| [39201] Apache Tomcat JULI logging weak security
10937| [39158] Apache HTTP Server Windows SMB shares information disclosure
10938| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10939| [38951] Apache::AuthCAS Perl module cookie SQL injection
10940| [38800] Apache HTTP Server 413 error page cross-site scripting
10941| [38211] Apache Geronimo SQLLoginModule authentication bypass
10942| [37243] Apache Tomcat WebDAV directory traversal
10943| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10944| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10945| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10946| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10947| [36782] Apache Geronimo MEJB unauthorized access
10948| [36586] Apache HTTP Server UTF-7 cross-site scripting
10949| [36468] Apache Geronimo LoginModule security bypass
10950| [36467] Apache Tomcat functions.jsp cross-site scripting
10951| [36402] Apache Tomcat calendar cross-site request forgery
10952| [36354] Apache HTTP Server mod_proxy module denial of service
10953| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10954| [36336] Apache Derby lock table privilege escalation
10955| [36335] Apache Derby schema privilege escalation
10956| [36006] Apache Tomcat "
10957| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10958| [35999] Apache Tomcat \"
10959| [35795] Apache Tomcat CookieExample cross-site scripting
10960| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10961| [35384] Apache HTTP Server mod_cache module denial of service
10962| [35097] Apache HTTP Server mod_status module cross-site scripting
10963| [35095] Apache HTTP Server Prefork MPM module denial of service
10964| [34984] Apache HTTP Server recall_headers information disclosure
10965| [34966] Apache HTTP Server MPM content spoofing
10966| [34965] Apache HTTP Server MPM information disclosure
10967| [34963] Apache HTTP Server MPM multiple denial of service
10968| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10969| [34869] Apache Tomcat JSP example Web application cross-site scripting
10970| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10971| [34496] Apache Tomcat JK Connector security bypass
10972| [34377] Apache Tomcat hello.jsp cross-site scripting
10973| [34212] Apache Tomcat SSL configuration security bypass
10974| [34210] Apache Tomcat Accept-Language cross-site scripting
10975| [34209] Apache Tomcat calendar application cross-site scripting
10976| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10977| [34167] Apache Axis WSDL file path disclosure
10978| [34068] Apache Tomcat AJP connector information disclosure
10979| [33584] Apache HTTP Server suEXEC privilege escalation
10980| [32988] Apache Tomcat proxy module directory traversal
10981| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10982| [32708] Debian Apache tty privilege escalation
10983| [32441] ApacheStats extract() PHP call unspecified
10984| [32128] Apache Tomcat default account
10985| [31680] Apache Tomcat RequestParamExample cross-site scripting
10986| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10987| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10988| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10989| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10990| [29550] Apache mod_tcl set_var() format string
10991| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10992| [28357] Apache HTTP Server mod_alias script source information disclosure
10993| [28063] Apache mod_rewrite off-by-one buffer overflow
10994| [27902] Apache Tomcat URL information disclosure
10995| [26786] Apache James SMTP server denial of service
10996| [25680] libapache2 /tmp/svn file upload
10997| [25614] Apache Struts lookupMap cross-site scripting
10998| [25613] Apache Struts ActionForm denial of service
10999| [25612] Apache Struts isCancelled() security bypass
11000| [24965] Apache mod_python FileSession command execution
11001| [24716] Apache James spooler memory leak denial of service
11002| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11003| [24158] Apache Geronimo jsp-examples cross-site scripting
11004| [24030] Apache auth_ldap module multiple format strings
11005| [24008] Apache mod_ssl custom error message denial of service
11006| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11007| [23612] Apache mod_imap referer field cross-site scripting
11008| [23173] Apache Struts error message cross-site scripting
11009| [22942] Apache Tomcat directory listing denial of service
11010| [22858] Apache Multi-Processing Module code allows denial of service
11011| [22602] RHSA-2005:582 updates for Apache httpd not installed
11012| [22520] Apache mod-auth-shadow "
11013| [22466] ApacheTop symlink
11014| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11015| [22006] Apache HTTP Server byte-range filter denial of service
11016| [21567] Apache mod_ssl off-by-one buffer overflow
11017| [21195] Apache HTTP Server header HTTP request smuggling
11018| [20383] Apache HTTP Server htdigest buffer overflow
11019| [19681] Apache Tomcat AJP12 request denial of service
11020| [18993] Apache HTTP server check_forensic symlink attack
11021| [18790] Apache Tomcat Manager cross-site scripting
11022| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11023| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11024| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11025| [17961] Apache Web server ServerTokens has not been set
11026| [17930] Apache HTTP Server HTTP GET request denial of service
11027| [17785] Apache mod_include module buffer overflow
11028| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11029| [17473] Apache HTTP Server Satisfy directive allows access to resources
11030| [17413] Apache htpasswd buffer overflow
11031| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11032| [17382] Apache HTTP Server IPv6 apr_util denial of service
11033| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11034| [17273] Apache HTTP Server speculative mode denial of service
11035| [17200] Apache HTTP Server mod_ssl denial of service
11036| [16890] Apache HTTP Server server-info request has been detected
11037| [16889] Apache HTTP Server server-status request has been detected
11038| [16705] Apache mod_ssl format string attack
11039| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11040| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11041| [16230] Apache HTTP Server PHP denial of service
11042| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11043| [15958] Apache HTTP Server authentication modules memory corruption
11044| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11045| [15540] Apache HTTP Server socket starvation denial of service
11046| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11047| [15422] Apache HTTP Server mod_access information disclosure
11048| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11049| [15293] Apache for Cygwin "
11050| [15065] Apache-SSL has a default password
11051| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11052| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11053| [14751] Apache Mod_python output filter information disclosure
11054| [14125] Apache HTTP Server mod_userdir module information disclosure
11055| [14075] Apache HTTP Server mod_php file descriptor leak
11056| [13703] Apache HTTP Server account
11057| [13689] Apache HTTP Server configuration allows symlinks
11058| [13688] Apache HTTP Server configuration allows SSI
11059| [13687] Apache HTTP Server Server: header value
11060| [13685] Apache HTTP Server ServerTokens value
11061| [13684] Apache HTTP Server ServerSignature value
11062| [13672] Apache HTTP Server config allows directory autoindexing
11063| [13671] Apache HTTP Server default content
11064| [13670] Apache HTTP Server config file directive references outside content root
11065| [13668] Apache HTTP Server httpd not running in chroot environment
11066| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11067| [13664] Apache HTTP Server config file contains ScriptAlias entry
11068| [13663] Apache HTTP Server CGI support modules loaded
11069| [13661] Apache HTTP Server config file contains AddHandler entry
11070| [13660] Apache HTTP Server 500 error page not CGI script
11071| [13659] Apache HTTP Server 413 error page not CGI script
11072| [13658] Apache HTTP Server 403 error page not CGI script
11073| [13657] Apache HTTP Server 401 error page not CGI script
11074| [13552] Apache HTTP Server mod_cgid module information disclosure
11075| [13550] Apache GET request directory traversal
11076| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11077| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11078| [13429] Apache Tomcat non-HTTP request denial of service
11079| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11080| [13295] Apache weak password encryption
11081| [13254] Apache Tomcat .jsp cross-site scripting
11082| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11083| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11084| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11085| [12662] Apache HTTP Server rotatelogs denial of service
11086| [12554] Apache Tomcat stores password in plain text
11087| [12553] Apache HTTP Server redirects and subrequests denial of service
11088| [12552] Apache HTTP Server FTP proxy server denial of service
11089| [12551] Apache HTTP Server prefork MPM denial of service
11090| [12550] Apache HTTP Server weaker than expected encryption
11091| [12549] Apache HTTP Server type-map file denial of service
11092| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11093| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11094| [12091] Apache HTTP Server apr_password_validate denial of service
11095| [12090] Apache HTTP Server apr_psprintf code execution
11096| [11804] Apache HTTP Server mod_access_referer denial of service
11097| [11750] Apache HTTP Server could leak sensitive file descriptors
11098| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11099| [11703] Apache long slash path allows directory listing
11100| [11695] Apache HTTP Server LF (Line Feed) denial of service
11101| [11694] Apache HTTP Server filestat.c denial of service
11102| [11438] Apache HTTP Server MIME message boundaries information disclosure
11103| [11412] Apache HTTP Server error log terminal escape sequence injection
11104| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11105| [11195] Apache Tomcat web.xml could be used to read files
11106| [11194] Apache Tomcat URL appended with a null character could list directories
11107| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11108| [11126] Apache HTTP Server illegal character file disclosure
11109| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11110| [11124] Apache HTTP Server DOS device name denial of service
11111| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11112| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11113| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11114| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11115| [10499] Apache HTTP Server WebDAV HTTP POST view source
11116| [10457] Apache HTTP Server mod_ssl "
11117| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11118| [10414] Apache HTTP Server htdigest multiple buffer overflows
11119| [10413] Apache HTTP Server htdigest temporary file race condition
11120| [10412] Apache HTTP Server htpasswd temporary file race condition
11121| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11122| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11123| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11124| [10280] Apache HTTP Server shared memory scorecard overwrite
11125| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11126| [10241] Apache HTTP Server Host: header cross-site scripting
11127| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11128| [10208] Apache HTTP Server mod_dav denial of service
11129| [10206] HP VVOS Apache mod_ssl denial of service
11130| [10200] Apache HTTP Server stderr denial of service
11131| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11132| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11133| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11134| [10098] Slapper worm targets OpenSSL/Apache systems
11135| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11136| [9875] Apache HTTP Server .var file request could disclose installation path
11137| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11138| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11139| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11140| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11141| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11142| [9396] Apache Tomcat null character to threads denial of service
11143| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11144| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11145| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11146| [8932] Apache Tomcat example class information disclosure
11147| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11148| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11149| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11150| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11151| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11152| [8400] Apache HTTP Server mod_frontpage buffer overflows
11153| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11154| [8308] Apache "
11155| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11156| [8119] Apache and PHP OPTIONS request reveals "
11157| [8054] Apache is running on the system
11158| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11159| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11160| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11161| [7836] Apache HTTP Server log directory denial of service
11162| [7815] Apache for Windows "
11163| [7810] Apache HTTP request could result in unexpected behavior
11164| [7599] Apache Tomcat reveals installation path
11165| [7494] Apache "
11166| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11167| [7363] Apache Web Server hidden HTTP requests
11168| [7249] Apache mod_proxy denial of service
11169| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11170| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11171| [7059] Apache "
11172| [7057] Apache "
11173| [7056] Apache "
11174| [7055] Apache "
11175| [7054] Apache "
11176| [6997] Apache Jakarta Tomcat error message may reveal information
11177| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11178| [6970] Apache crafted HTTP request could reveal the internal IP address
11179| [6921] Apache long slash path allows directory listing
11180| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11181| [6527] Apache Web Server for Windows and OS2 denial of service
11182| [6316] Apache Jakarta Tomcat may reveal JSP source code
11183| [6305] Apache Jakarta Tomcat directory traversal
11184| [5926] Linux Apache symbolic link
11185| [5659] Apache Web server discloses files when used with php script
11186| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11187| [5204] Apache WebDAV directory listings
11188| [5197] Apache Web server reveals CGI script source code
11189| [5160] Apache Jakarta Tomcat default installation
11190| [5099] Trustix Secure Linux installs Apache with world writable access
11191| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11192| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11193| [4931] Apache source.asp example file allows users to write to files
11194| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11195| [4205] Apache Jakarta Tomcat delivers file contents
11196| [2084] Apache on Debian by default serves the /usr/doc directory
11197| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11198| [697] Apache HTTP server beck exploit
11199| [331] Apache cookies buffer overflow
11200|
11201| Exploit-DB - https://www.exploit-db.com:
11202| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11203| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11204| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11205| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11206| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11207| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11208| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11209| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11210| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11211| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11212| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11213| [29859] Apache Roller OGNL Injection
11214| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11215| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11216| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11217| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11218| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11219| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11220| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11221| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11222| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11223| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11224| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11225| [27096] Apache Geronimo 1.0 Error Page XSS
11226| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11227| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11228| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11229| [25986] Plesk Apache Zeroday Remote Exploit
11230| [25980] Apache Struts includeParams Remote Code Execution
11231| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11232| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11233| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11234| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11235| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11236| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11237| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11238| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11239| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11240| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11241| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11242| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11243| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11244| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11245| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11246| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11247| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11248| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11249| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11250| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11251| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11252| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11253| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11254| [21719] Apache 2.0 Path Disclosure Vulnerability
11255| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11256| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11257| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11258| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11259| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11260| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11261| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11262| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11263| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11264| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11265| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11266| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11267| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11268| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11269| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11270| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11271| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11272| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11273| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11274| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11275| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11276| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11277| [20558] Apache 1.2 Web Server DoS Vulnerability
11278| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11279| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11280| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11281| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11282| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11283| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11284| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11285| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11286| [19231] PHP apache_request_headers Function Buffer Overflow
11287| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11288| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11289| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11290| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11291| [18442] Apache httpOnly Cookie Disclosure
11292| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11293| [18221] Apache HTTP Server Denial of Service
11294| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11295| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11296| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11297| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11298| [16782] Apache Win32 Chunked Encoding
11299| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11300| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11301| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11302| [15319] Apache 2.2 (Windows) Local Denial of Service
11303| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11304| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11305| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11306| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11307| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11308| [12330] Apache OFBiz - Multiple XSS
11309| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11310| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11311| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11312| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11313| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11314| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11315| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11316| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11317| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11318| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11319| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11320| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11321| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11322| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11323| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11324| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11325| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11326| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11327| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11328| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11329| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11330| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11331| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11332| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11333| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11334| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11335| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11336| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11337| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11338| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11339| [466] htpasswd Apache 1.3.31 - Local Exploit
11340| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11341| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11342| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11343| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11344| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11345| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11346| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11347| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11348| [9] Apache HTTP Server 2.x Memory Leak Exploit
11349|
11350| OpenVAS (Nessus) - http://www.openvas.org:
11351| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11352| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11353| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11354| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11355| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11356| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11357| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11358| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11359| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11360| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11361| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11362| [900571] Apache APR-Utils Version Detection
11363| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11364| [900496] Apache Tiles Multiple XSS Vulnerability
11365| [900493] Apache Tiles Version Detection
11366| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11367| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11368| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11369| [870175] RedHat Update for apache RHSA-2008:0004-01
11370| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11371| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11372| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11373| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11374| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11375| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11376| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11377| [855821] Solaris Update for Apache 1.3 122912-19
11378| [855812] Solaris Update for Apache 1.3 122911-19
11379| [855737] Solaris Update for Apache 1.3 122911-17
11380| [855731] Solaris Update for Apache 1.3 122912-17
11381| [855695] Solaris Update for Apache 1.3 122911-16
11382| [855645] Solaris Update for Apache 1.3 122912-16
11383| [855587] Solaris Update for kernel update and Apache 108529-29
11384| [855566] Solaris Update for Apache 116973-07
11385| [855531] Solaris Update for Apache 116974-07
11386| [855524] Solaris Update for Apache 2 120544-14
11387| [855494] Solaris Update for Apache 1.3 122911-15
11388| [855478] Solaris Update for Apache Security 114145-11
11389| [855472] Solaris Update for Apache Security 113146-12
11390| [855179] Solaris Update for Apache 1.3 122912-15
11391| [855147] Solaris Update for kernel update and Apache 108528-29
11392| [855077] Solaris Update for Apache 2 120543-14
11393| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11394| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11395| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11396| [841209] Ubuntu Update for apache2 USN-1627-1
11397| [840900] Ubuntu Update for apache2 USN-1368-1
11398| [840798] Ubuntu Update for apache2 USN-1259-1
11399| [840734] Ubuntu Update for apache2 USN-1199-1
11400| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11401| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11402| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11403| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11404| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11405| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11406| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11407| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11408| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11409| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11410| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11411| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11412| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11413| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11414| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11415| [835188] HP-UX Update for Apache HPSBUX02308
11416| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11417| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11418| [835172] HP-UX Update for Apache HPSBUX02365
11419| [835168] HP-UX Update for Apache HPSBUX02313
11420| [835148] HP-UX Update for Apache HPSBUX01064
11421| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11422| [835131] HP-UX Update for Apache HPSBUX00256
11423| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11424| [835104] HP-UX Update for Apache HPSBUX00224
11425| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11426| [835101] HP-UX Update for Apache HPSBUX01232
11427| [835080] HP-UX Update for Apache HPSBUX02273
11428| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11429| [835044] HP-UX Update for Apache HPSBUX01019
11430| [835040] HP-UX Update for Apache PHP HPSBUX00207
11431| [835025] HP-UX Update for Apache HPSBUX00197
11432| [835023] HP-UX Update for Apache HPSBUX01022
11433| [835022] HP-UX Update for Apache HPSBUX02292
11434| [835005] HP-UX Update for Apache HPSBUX02262
11435| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11436| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11437| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11438| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11439| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11440| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11441| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11442| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11443| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11444| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11445| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11446| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11447| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11448| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11449| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11450| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11451| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11452| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11453| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11454| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11455| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11456| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11457| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11458| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11459| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11460| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11461| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11462| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11463| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11464| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11465| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11466| [801942] Apache Archiva Multiple Vulnerabilities
11467| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11468| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11469| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11470| [801284] Apache Derby Information Disclosure Vulnerability
11471| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11472| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11473| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11474| [800680] Apache APR Version Detection
11475| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11476| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11477| [800677] Apache Roller Version Detection
11478| [800279] Apache mod_jk Module Version Detection
11479| [800278] Apache Struts Cross Site Scripting Vulnerability
11480| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11481| [800276] Apache Struts Version Detection
11482| [800271] Apache Struts Directory Traversal Vulnerability
11483| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11484| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11485| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11486| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11487| [103074] Apache Continuum Cross Site Scripting Vulnerability
11488| [103073] Apache Continuum Detection
11489| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11490| [101023] Apache Open For Business Weak Password security check
11491| [101020] Apache Open For Business HTML injection vulnerability
11492| [101019] Apache Open For Business service detection
11493| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11494| [100923] Apache Archiva Detection
11495| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11496| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11497| [100813] Apache Axis2 Detection
11498| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11499| [100795] Apache Derby Detection
11500| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11501| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11502| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11503| [100514] Apache Multiple Security Vulnerabilities
11504| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11505| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11506| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11507| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11508| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11509| [72612] FreeBSD Ports: apache22
11510| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11511| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11512| [71512] FreeBSD Ports: apache
11513| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11514| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11515| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11516| [70737] FreeBSD Ports: apache
11517| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11518| [70600] FreeBSD Ports: apache
11519| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11520| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11521| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11522| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11523| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11524| [67868] FreeBSD Ports: apache
11525| [66816] FreeBSD Ports: apache
11526| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11527| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11528| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11529| [66081] SLES11: Security update for Apache 2
11530| [66074] SLES10: Security update for Apache 2
11531| [66070] SLES9: Security update for Apache 2
11532| [65998] SLES10: Security update for apache2-mod_python
11533| [65893] SLES10: Security update for Apache 2
11534| [65888] SLES10: Security update for Apache 2
11535| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11536| [65510] SLES9: Security update for Apache 2
11537| [65472] SLES9: Security update for Apache
11538| [65467] SLES9: Security update for Apache
11539| [65450] SLES9: Security update for apache2
11540| [65390] SLES9: Security update for Apache2
11541| [65363] SLES9: Security update for Apache2
11542| [65309] SLES9: Security update for Apache and mod_ssl
11543| [65296] SLES9: Security update for webdav apache module
11544| [65283] SLES9: Security update for Apache2
11545| [65249] SLES9: Security update for Apache 2
11546| [65230] SLES9: Security update for Apache 2
11547| [65228] SLES9: Security update for Apache 2
11548| [65212] SLES9: Security update for apache2-mod_python
11549| [65209] SLES9: Security update for apache2-worker
11550| [65207] SLES9: Security update for Apache 2
11551| [65168] SLES9: Security update for apache2-mod_python
11552| [65142] SLES9: Security update for Apache2
11553| [65136] SLES9: Security update for Apache 2
11554| [65132] SLES9: Security update for apache
11555| [65131] SLES9: Security update for Apache 2 oes/CORE
11556| [65113] SLES9: Security update for apache2
11557| [65072] SLES9: Security update for apache and mod_ssl
11558| [65017] SLES9: Security update for Apache 2
11559| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11560| [64783] FreeBSD Ports: apache
11561| [64774] Ubuntu USN-802-2 (apache2)
11562| [64653] Ubuntu USN-813-2 (apache2)
11563| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11564| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11565| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11566| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11567| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11568| [64443] Ubuntu USN-802-1 (apache2)
11569| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11570| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11571| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11572| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11573| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11574| [64201] Ubuntu USN-787-1 (apache2)
11575| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11576| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11577| [63565] FreeBSD Ports: apache
11578| [63562] Ubuntu USN-731-1 (apache2)
11579| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11580| [61185] FreeBSD Ports: apache
11581| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11582| [60387] Slackware Advisory SSA:2008-045-02 apache
11583| [58826] FreeBSD Ports: apache-tomcat
11584| [58825] FreeBSD Ports: apache-tomcat
11585| [58804] FreeBSD Ports: apache
11586| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11587| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11588| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11589| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11590| [57335] Debian Security Advisory DSA 1167-1 (apache)
11591| [57201] Debian Security Advisory DSA 1131-1 (apache)
11592| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11593| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11594| [57145] FreeBSD Ports: apache
11595| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11596| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11597| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11598| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11599| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11600| [56067] FreeBSD Ports: apache
11601| [55803] Slackware Advisory SSA:2005-310-04 apache
11602| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11603| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11604| [55355] FreeBSD Ports: apache
11605| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11606| [55261] Debian Security Advisory DSA 805-1 (apache2)
11607| [55259] Debian Security Advisory DSA 803-1 (apache)
11608| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11609| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11610| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11611| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11612| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11613| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11614| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11615| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11616| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11617| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11618| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11619| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11620| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11621| [54439] FreeBSD Ports: apache
11622| [53931] Slackware Advisory SSA:2004-133-01 apache
11623| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11624| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11625| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11626| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11627| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11628| [53848] Debian Security Advisory DSA 131-1 (apache)
11629| [53784] Debian Security Advisory DSA 021-1 (apache)
11630| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11631| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11632| [53735] Debian Security Advisory DSA 187-1 (apache)
11633| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11634| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11635| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11636| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11637| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11638| [53282] Debian Security Advisory DSA 594-1 (apache)
11639| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11640| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11641| [53215] Debian Security Advisory DSA 525-1 (apache)
11642| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11643| [52529] FreeBSD Ports: apache+ssl
11644| [52501] FreeBSD Ports: apache
11645| [52461] FreeBSD Ports: apache
11646| [52390] FreeBSD Ports: apache
11647| [52389] FreeBSD Ports: apache
11648| [52388] FreeBSD Ports: apache
11649| [52383] FreeBSD Ports: apache
11650| [52339] FreeBSD Ports: apache+mod_ssl
11651| [52331] FreeBSD Ports: apache
11652| [52329] FreeBSD Ports: ru-apache+mod_ssl
11653| [52314] FreeBSD Ports: apache
11654| [52310] FreeBSD Ports: apache
11655| [15588] Detect Apache HTTPS
11656| [15555] Apache mod_proxy content-length buffer overflow
11657| [15554] Apache mod_include priviledge escalation
11658| [14771] Apache <= 1.3.33 htpasswd local overflow
11659| [14177] Apache mod_access rule bypass
11660| [13644] Apache mod_rootme Backdoor
11661| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11662| [12280] Apache Connection Blocking Denial of Service
11663| [12239] Apache Error Log Escape Sequence Injection
11664| [12123] Apache Tomcat source.jsp malformed request information disclosure
11665| [12085] Apache Tomcat servlet/JSP container default files
11666| [11438] Apache Tomcat Directory Listing and File disclosure
11667| [11204] Apache Tomcat Default Accounts
11668| [11092] Apache 2.0.39 Win32 directory traversal
11669| [11046] Apache Tomcat TroubleShooter Servlet Installed
11670| [11042] Apache Tomcat DOS Device Name XSS
11671| [11041] Apache Tomcat /servlet Cross Site Scripting
11672| [10938] Apache Remote Command Execution via .bat files
11673| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11674| [10773] MacOS X Finder reveals contents of Apache Web files
11675| [10766] Apache UserDir Sensitive Information Disclosure
11676| [10756] MacOS X Finder reveals contents of Apache Web directories
11677| [10752] Apache Auth Module SQL Insertion Attack
11678| [10704] Apache Directory Listing
11679| [10678] Apache /server-info accessible
11680| [10677] Apache /server-status accessible
11681| [10440] Check for Apache Multiple / vulnerability
11682|
11683| SecurityTracker - https://www.securitytracker.com:
11684| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11685| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11686| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11687| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11688| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11689| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11690| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11691| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11692| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11693| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11694| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11695| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11696| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11697| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11698| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11699| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11700| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11701| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11702| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11703| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11704| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11705| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11706| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11707| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11708| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11709| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11710| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11711| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11712| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11713| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11714| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11715| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11716| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11717| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11718| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11719| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11720| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11721| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11722| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11723| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11724| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11725| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11726| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11727| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11728| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11729| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11730| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11731| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11732| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11733| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11734| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11735| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11736| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11737| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11738| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11739| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11740| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11741| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11742| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11743| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11744| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11745| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11746| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11747| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11748| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11749| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11750| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11751| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11752| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11753| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11754| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11755| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11756| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11757| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11758| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11759| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11760| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11761| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11762| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11763| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11764| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11765| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11766| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11767| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11768| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11769| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11770| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11771| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11772| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11773| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11774| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11775| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11776| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11777| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11778| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11779| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11780| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11781| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11782| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11783| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11784| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11785| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11786| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11787| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11788| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11789| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11790| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11791| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11792| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11793| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11794| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11795| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11796| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11797| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11798| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11799| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11800| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11801| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11802| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11803| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11804| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11805| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11806| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11807| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11808| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11809| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11810| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11811| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11812| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11813| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11814| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11815| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11816| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11817| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11818| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11819| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11820| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11821| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11822| [1008920] Apache mod_digest May Validate Replayed Client Responses
11823| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11824| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11825| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11826| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11827| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11828| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11829| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11830| [1008029] Apache mod_alias Contains a Buffer Overflow
11831| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11832| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11833| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11834| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11835| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11836| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11837| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11838| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11839| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11840| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11841| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11842| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11843| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11844| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11845| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11846| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11847| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11848| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11849| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11850| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11851| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11852| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11853| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11854| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11855| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11856| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11857| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11858| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11859| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11860| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11861| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11862| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11863| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11864| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11865| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11866| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11867| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11868| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11869| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11870| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11871| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11872| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11873| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11874| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11875| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11876| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11877| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11878| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11879| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11880| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11881| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11882| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11883| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11884| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11885| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11886| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11887|
11888| OSVDB - http://www.osvdb.org:
11889| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11890| [96077] Apache CloudStack Global Settings Multiple Field XSS
11891| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11892| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11893| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11894| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11895| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11896| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11897| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11898| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11899| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11900| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11901| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11902| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11903| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11904| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11905| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11906| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11907| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11908| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11909| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11910| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11911| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11912| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11913| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11914| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11915| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11916| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11917| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11918| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11919| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11920| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11921| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11922| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11923| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11924| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11925| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11926| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11927| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11928| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11929| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11930| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11931| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11932| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11933| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11934| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11935| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11936| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11937| [94279] Apache Qpid CA Certificate Validation Bypass
11938| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11939| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11940| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11941| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11942| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11943| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11944| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11945| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11946| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11947| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11948| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11949| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11950| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11951| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11952| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11953| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11954| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11955| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11956| [93541] Apache Solr json.wrf Callback XSS
11957| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11958| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11959| [93520] Apache CloudStack Default SSL Key Weakness
11960| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11961| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11962| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11963| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11964| [93515] Apache HBase table.jsp name Parameter XSS
11965| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11966| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11967| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11968| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11969| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11970| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11971| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11972| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11973| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11974| [93252] Apache Tomcat FORM Authenticator Session Fixation
11975| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11976| [93171] Apache Sling HtmlResponse Error Message XSS
11977| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11978| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11979| [93168] Apache Click ErrorReport.java id Parameter XSS
11980| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11981| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11982| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11983| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11984| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11985| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11986| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11987| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11988| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11989| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11990| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11991| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11992| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11993| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11994| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11995| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11996| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11997| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11998| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11999| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12000| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12001| [93144] Apache Solr Admin Command Execution CSRF
12002| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12003| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12004| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12005| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12006| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12007| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12008| [92748] Apache CloudStack VM Console Access Restriction Bypass
12009| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12010| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12011| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12012| [92706] Apache ActiveMQ Debug Log Rendering XSS
12013| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12014| [92270] Apache Tomcat Unspecified CSRF
12015| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12016| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12017| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12018| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12019| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12020| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12021| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12022| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12023| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12024| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12025| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12026| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12027| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12028| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12029| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12030| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12031| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12032| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12033| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12034| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12035| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12036| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12037| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12038| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12039| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12040| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12041| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12042| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12043| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12044| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12045| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12046| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12047| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12048| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12049| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12050| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12051| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12052| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12053| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12054| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12055| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12056| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12057| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12058| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12059| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12060| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12061| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12062| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12063| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12064| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12065| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12066| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12067| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12068| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12069| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12070| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12071| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12072| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12073| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12074| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12075| [86901] Apache Tomcat Error Message Path Disclosure
12076| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12077| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12078| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12079| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12080| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12081| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12082| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12083| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12084| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12085| [85430] Apache mod_pagespeed Module Unspecified XSS
12086| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12087| [85249] Apache Wicket Unspecified XSS
12088| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12089| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12090| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12091| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12092| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12093| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12094| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12095| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12096| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12097| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12098| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12099| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12100| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12101| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12102| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12103| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12104| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12105| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12106| [83339] Apache Roller Blogger Roll Unspecified XSS
12107| [83270] Apache Roller Unspecified Admin Action CSRF
12108| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12109| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12110| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12111| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12112| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12113| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12114| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12115| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12116| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12117| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12118| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12119| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12120| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12121| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12122| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12123| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12124| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12125| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12126| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12127| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12128| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12129| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12130| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12131| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12132| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12133| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12134| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12135| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12136| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12137| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12138| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12139| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12140| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12141| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12142| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12143| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12144| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12145| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12146| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12147| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12148| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12149| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12150| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12151| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12152| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12153| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12154| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12155| [77593] Apache Struts Conversion Error OGNL Expression Injection
12156| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12157| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12158| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12159| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12160| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12161| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12162| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12163| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12164| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12165| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12166| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12167| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12168| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12169| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12170| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12171| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12172| [74725] Apache Wicket Multi Window Support Unspecified XSS
12173| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12174| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12175| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12176| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12177| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12178| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12179| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12180| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12181| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12182| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12183| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12184| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12185| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12186| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12187| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12188| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12189| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12190| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12191| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12192| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12193| [73154] Apache Archiva Multiple Unspecified CSRF
12194| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12195| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12196| [72238] Apache Struts Action / Method Names <
12197| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12198| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12199| [71557] Apache Tomcat HTML Manager Multiple XSS
12200| [71075] Apache Archiva User Management Page XSS
12201| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12202| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12203| [70924] Apache Continuum Multiple Admin Function CSRF
12204| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12205| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12206| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12207| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12208| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12209| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12210| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12211| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12212| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12213| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12214| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12215| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12216| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12217| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12218| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12219| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12220| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12221| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12222| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12223| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12224| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12225| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12226| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12227| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12228| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12229| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12230| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12231| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12232| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12233| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12234| [65054] Apache ActiveMQ Jetty Error Handler XSS
12235| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12236| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12237| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12238| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12239| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12240| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12241| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12242| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12243| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12244| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12245| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12246| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12247| [63895] Apache HTTP Server mod_headers Unspecified Issue
12248| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12249| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12250| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12251| [63140] Apache Thrift Service Malformed Data Remote DoS
12252| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12253| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12254| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12255| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12256| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12257| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12258| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12259| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12260| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12261| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12262| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12263| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12264| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12265| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12266| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12267| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12268| [60678] Apache Roller Comment Email Notification Manipulation DoS
12269| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12270| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12271| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12272| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12273| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12274| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12275| [60232] PHP on Apache php.exe Direct Request Remote DoS
12276| [60176] Apache Tomcat Windows Installer Admin Default Password
12277| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12278| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12279| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12280| [59944] Apache Hadoop jobhistory.jsp XSS
12281| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12282| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12283| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12284| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12285| [59019] Apache mod_python Cookie Salting Weakness
12286| [59018] Apache Harmony Error Message Handling Overflow
12287| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12288| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12289| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12290| [59010] Apache Solr get-file.jsp XSS
12291| [59009] Apache Solr action.jsp XSS
12292| [59008] Apache Solr analysis.jsp XSS
12293| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12294| [59006] Apache Beehive select / checkbox Tag XSS
12295| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12296| [59004] Apache Beehive Error Message XSS
12297| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12298| [59002] Apache Jetspeed default-page.psml URI XSS
12299| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12300| [59000] Apache CXF Unsigned Message Policy Bypass
12301| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12302| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12303| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12304| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12305| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12306| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12307| [58993] Apache Hadoop browseBlock.jsp XSS
12308| [58991] Apache Hadoop browseDirectory.jsp XSS
12309| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12310| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12311| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12312| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12313| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12314| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12315| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12316| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12317| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12318| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12319| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12320| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12321| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12322| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12323| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12324| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12325| [58974] Apache Sling /apps Script User Session Management Access Weakness
12326| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12327| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12328| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12329| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12330| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12331| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12332| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12333| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12334| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12335| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12336| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12337| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12338| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12339| [58805] Apache Derby Unauthenticated Database / Admin Access
12340| [58804] Apache Wicket Header Contribution Unspecified Issue
12341| [58803] Apache Wicket Session Fixation
12342| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12343| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12344| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12345| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12346| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12347| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12348| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12349| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12350| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12351| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12352| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12353| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12354| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12355| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12356| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12357| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12358| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12359| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12360| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12361| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12362| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12363| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12364| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12365| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12366| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12367| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12368| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12369| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12370| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12371| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12372| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12373| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12374| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12375| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12376| [58755] Apache Harmony DRLVM Non-public Class Member Access
12377| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12378| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12379| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12380| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12381| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12382| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12383| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12384| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12385| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12386| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12387| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12388| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12389| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12390| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12391| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12392| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12393| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12394| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12395| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12396| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12397| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12398| [58724] Apache Roller Logout Functionality Failure Session Persistence
12399| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12400| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12401| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12402| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12403| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12404| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12405| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12406| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12407| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12408| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12409| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12410| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12411| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12412| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12413| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12414| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12415| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12416| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12417| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12418| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12419| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12420| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12421| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12422| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12423| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12424| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12425| [58687] Apache Axis Invalid wsdl Request XSS
12426| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12427| [58685] Apache Velocity Template Designer Privileged Code Execution
12428| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12429| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12430| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12431| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12432| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12433| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12434| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12435| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12436| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12437| [58667] Apache Roller Database Cleartext Passwords Disclosure
12438| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12439| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12440| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12441| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12442| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12443| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12444| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12445| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12446| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12447| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12448| [56984] Apache Xerces2 Java Malformed XML Input DoS
12449| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12450| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12451| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12452| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12453| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12454| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12455| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12456| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12457| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12458| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12459| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12460| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12461| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12462| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12463| [55056] Apache Tomcat Cross-application TLD File Manipulation
12464| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12465| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12466| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12467| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12468| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12469| [54589] Apache Jserv Nonexistent JSP Request XSS
12470| [54122] Apache Struts s:a / s:url Tag href Element XSS
12471| [54093] Apache ActiveMQ Web Console JMS Message XSS
12472| [53932] Apache Geronimo Multiple Admin Function CSRF
12473| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12474| [53930] Apache Geronimo /console/portal/ URI XSS
12475| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12476| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12477| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12478| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12479| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12480| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12481| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12482| [53380] Apache Struts Unspecified XSS
12483| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12484| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12485| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12486| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12487| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12488| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12489| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12490| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12491| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12492| [51151] Apache Roller Search Function q Parameter XSS
12493| [50482] PHP with Apache php_value Order Unspecified Issue
12494| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12495| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12496| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12497| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12498| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12499| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12500| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12501| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12502| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12503| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12504| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12505| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12506| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12507| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12508| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12509| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12510| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12511| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12512| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12513| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12514| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12515| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12516| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12517| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12518| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12519| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12520| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12521| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12522| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12523| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12524| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12525| [43452] Apache Tomcat HTTP Request Smuggling
12526| [43309] Apache Geronimo LoginModule Login Method Bypass
12527| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12528| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12529| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12530| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12531| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12532| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12533| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12534| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12535| [42091] Apache Maven Site Plugin Installation Permission Weakness
12536| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12537| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12538| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12539| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12540| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12541| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12542| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12543| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12544| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12545| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12546| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12547| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12548| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12549| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12550| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12551| [40262] Apache HTTP Server mod_status refresh XSS
12552| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12553| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12554| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12555| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12556| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12557| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12558| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12559| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12560| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12561| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12562| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12563| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12564| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12565| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12566| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12567| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12568| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12569| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12570| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12571| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12572| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12573| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12574| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12575| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12576| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12577| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12578| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12579| [36079] Apache Tomcat Manager Uploaded Filename XSS
12580| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12581| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12582| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12583| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12584| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12585| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12586| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12587| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12588| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12589| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12590| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12591| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12592| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12593| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12594| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12595| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12596| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12597| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12598| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12599| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12600| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12601| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12602| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12603| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12604| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12605| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12606| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12607| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12608| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12609| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12610| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12611| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12612| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12613| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12614| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12615| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12616| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12617| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12618| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12619| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12620| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12621| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12622| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12623| [24365] Apache Struts Multiple Function Error Message XSS
12624| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12625| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12626| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12627| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12628| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12629| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12630| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12631| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12632| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12633| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12634| [22459] Apache Geronimo Error Page XSS
12635| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12636| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12637| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12638| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12639| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12640| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12641| [21021] Apache Struts Error Message XSS
12642| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12643| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12644| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12645| [20439] Apache Tomcat Directory Listing Saturation DoS
12646| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12647| [20285] Apache HTTP Server Log File Control Character Injection
12648| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12649| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12650| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12651| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12652| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12653| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12654| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12655| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12656| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12657| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12658| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12659| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12660| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12661| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12662| [18233] Apache HTTP Server htdigest user Variable Overfow
12663| [17738] Apache HTTP Server HTTP Request Smuggling
12664| [16586] Apache HTTP Server Win32 GET Overflow DoS
12665| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12666| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12667| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12668| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12669| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12670| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12671| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12672| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12673| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12674| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12675| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12676| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12677| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12678| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12679| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12680| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12681| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12682| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12683| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12684| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12685| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12686| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12687| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12688| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12689| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12690| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12691| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12692| [13304] Apache Tomcat realPath.jsp Path Disclosure
12693| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12694| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12695| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12696| [12848] Apache HTTP Server htdigest realm Variable Overflow
12697| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12698| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12699| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12700| [12557] Apache HTTP Server prefork MPM accept Error DoS
12701| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12702| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12703| [12231] Apache Tomcat web.xml Arbitrary File Access
12704| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12705| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12706| [12178] Apache Jakarta Lucene results.jsp XSS
12707| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12708| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12709| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12710| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12711| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12712| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12713| [10471] Apache Xerces-C++ XML Parser DoS
12714| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12715| [10068] Apache HTTP Server htpasswd Local Overflow
12716| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12717| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12718| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12719| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12720| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12721| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12722| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12723| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12724| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12725| [9714] Apache Authentication Module Threaded MPM DoS
12726| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12727| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12728| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12729| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12730| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12731| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12732| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12733| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12734| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12735| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12736| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12737| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12738| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12739| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12740| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12741| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12742| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12743| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12744| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12745| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12746| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12747| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12748| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12749| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12750| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12751| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12752| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12753| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12754| [9208] Apache Tomcat .jsp Encoded Newline XSS
12755| [9204] Apache Tomcat ROOT Application XSS
12756| [9203] Apache Tomcat examples Application XSS
12757| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12758| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12759| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12760| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12761| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12762| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12763| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12764| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12765| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12766| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12767| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12768| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12769| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12770| [7611] Apache HTTP Server mod_alias Local Overflow
12771| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12772| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12773| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12774| [6882] Apache mod_python Malformed Query String Variant DoS
12775| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12776| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12777| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12778| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12779| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12780| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12781| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12782| [5278] Apache Tomcat web.xml Restriction Bypass
12783| [5051] Apache Tomcat Null Character DoS
12784| [4973] Apache Tomcat servlet Mapping XSS
12785| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12786| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12787| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12788| [4568] mod_survey For Apache ENV Tags SQL Injection
12789| [4553] Apache HTTP Server ApacheBench Overflow DoS
12790| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12791| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12792| [4383] Apache HTTP Server Socket Race Condition DoS
12793| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12794| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12795| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12796| [4231] Apache Cocoon Error Page Server Path Disclosure
12797| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12798| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12799| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12800| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12801| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12802| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12803| [3322] mod_php for Apache HTTP Server Process Hijack
12804| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12805| [2885] Apache mod_python Malformed Query String DoS
12806| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12807| [2733] Apache HTTP Server mod_rewrite Local Overflow
12808| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12809| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12810| [2149] Apache::Gallery Privilege Escalation
12811| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12812| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12813| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12814| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12815| [872] Apache Tomcat Multiple Default Accounts
12816| [862] Apache HTTP Server SSI Error Page XSS
12817| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12818| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12819| [845] Apache Tomcat MSDOS Device XSS
12820| [844] Apache Tomcat Java Servlet Error Page XSS
12821| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12822| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12823| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12824| [775] Apache mod_python Module Importing Privilege Function Execution
12825| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12826| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12827| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12828| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12829| [637] Apache HTTP Server UserDir Directive Username Enumeration
12830| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12831| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12832| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12833| [561] Apache Web Servers mod_status /server-status Information Disclosure
12834| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12835| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12836| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12837| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12838| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12839| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12840| [376] Apache Tomcat contextAdmin Arbitrary File Access
12841| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12842| [222] Apache HTTP Server test-cgi Arbitrary File Access
12843| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12844| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12845|_
12846Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
12847Device type: general purpose
12848Running (JUST GUESSING): Linux 3.X|4.X (90%)
12849OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
12850Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.13 (86%), Linux 3.16 (86%)
12851No exact OS matches for host (test conditions non-ideal).
12852Uptime guess: 114.540 days (since Thu Aug 8 05:45:36 2019)
12853Network Distance: 18 hops
12854TCP Sequence Prediction: Difficulty=260 (Good luck!)
12855IP ID Sequence Generation: All zeros
12856
12857TRACEROUTE (using port 443/tcp)
12858HOP RTT ADDRESS
128591 207.79 ms 10.244.204.1
128602 207.83 ms 213.184.122.97
128613 207.82 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
128624 229.81 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
128635 229.71 ms bzq-219-189-17.dsl.bezeqint.net (62.219.189.17)
128646 229.77 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
128657 229.80 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
128668 349.83 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
128679 349.98 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
1286810 229.87 ms if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17)
1286911 444.08 ms if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194)
1287012 444.09 ms 80.231.200.146
1287113 444.08 ms 87.101.255.133
1287214 ... 15
1287316 423.79 ms 87.101.184.50
1287417 423.80 ms ofw.shabakah.net.sa (212.102.0.66)
1287518 423.80 ms AxPri.shabakah.net.sa (212.102.11.4)
12876
12877NSE: Script Post-scanning.
12878Initiating NSE at 17:43
12879Completed NSE at 17:43, 0.00s elapsed
12880Initiating NSE at 17:43
12881Completed NSE at 17:43, 0.00s elapsed
12882#######################################################################################################################################
12883Version: 1.11.13-static
12884OpenSSL 1.0.2-chacha (1.0.2g-dev)
12885
12886Connected to 212.102.11.4
12887
12888Testing SSL server 212.102.11.4 on port 443 using SNI name 212.102.11.4
12889
12890 TLS Fallback SCSV:
12891Server supports TLS Fallback SCSV
12892
12893 TLS renegotiation:
12894Session renegotiation not supported
12895
12896 TLS Compression:
12897Compression disabled
12898
12899 Heartbleed:
12900TLS 1.2 not vulnerable to heartbleed
12901TLS 1.1 not vulnerable to heartbleed
12902TLS 1.0 not vulnerable to heartbleed
12903
12904 Supported Server Cipher(s):
12905Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
12906Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
12907Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
12908Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
12909Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
12910Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12911Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
12912Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12913Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
12914Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12915Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
12916Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12917Accepted TLSv1.2 256 bits AES256-GCM-SHA384
12918Accepted TLSv1.2 128 bits AES128-GCM-SHA256
12919Accepted TLSv1.2 256 bits AES256-SHA256
12920Accepted TLSv1.2 256 bits AES256-SHA
12921Accepted TLSv1.2 128 bits AES128-SHA256
12922Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12923Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12924Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12925
12926 SSL Certificate:
12927Signature Algorithm: sha256WithRSAEncryption
12928RSA Key Strength: 2048
12929
12930Subject: *.mawani.gov.sa
12931Altnames: DNS:*.mawani.gov.sa, DNS:*.ports.gov.sa, DNS:ports.gov.sa, DNS:mawani.gov.sa
12932Issuer: DigiCert SHA2 Secure Server CA
12933
12934Not valid before: Sep 11 00:00:00 2019 GMT
12935Not valid after: Dec 9 12:00:00 2020 GMT
12936#######################################################################################################################################
12937Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 17:51 EST
12938NSE: Loaded 47 scripts for scanning.
12939NSE: Script Pre-scanning.
12940Initiating NSE at 17:51
12941Completed NSE at 17:51, 0.00s elapsed
12942Initiating NSE at 17:51
12943Completed NSE at 17:51, 0.00s elapsed
12944Initiating Parallel DNS resolution of 1 host. at 17:51
12945Completed Parallel DNS resolution of 1 host. at 17:51, 0.02s elapsed
12946Initiating SYN Stealth Scan at 17:51
12947Scanning AxPri.shabakah.net.sa (212.102.11.4) [65535 ports]
12948Discovered open port 80/tcp on 212.102.11.4
12949Discovered open port 443/tcp on 212.102.11.4
12950SYN Stealth Scan Timing: About 2.57% done; ETC: 18:11 (0:19:33 remaining)
12951SYN Stealth Scan Timing: About 8.30% done; ETC: 18:03 (0:11:14 remaining)
12952SYN Stealth Scan Timing: About 15.57% done; ETC: 18:00 (0:08:14 remaining)
12953SYN Stealth Scan Timing: About 23.66% done; ETC: 17:59 (0:06:30 remaining)
12954SYN Stealth Scan Timing: About 31.08% done; ETC: 17:59 (0:05:35 remaining)
12955SYN Stealth Scan Timing: About 45.00% done; ETC: 18:00 (0:05:09 remaining)
12956SYN Stealth Scan Timing: About 50.37% done; ETC: 18:00 (0:04:39 remaining)
12957SYN Stealth Scan Timing: About 56.13% done; ETC: 18:00 (0:04:05 remaining)
12958SYN Stealth Scan Timing: About 62.66% done; ETC: 18:00 (0:03:24 remaining)
12959SYN Stealth Scan Timing: About 70.34% done; ETC: 17:59 (0:02:37 remaining)
12960SYN Stealth Scan Timing: About 78.77% done; ETC: 17:59 (0:01:49 remaining)
12961SYN Stealth Scan Timing: About 89.04% done; ETC: 17:59 (0:00:53 remaining)
12962Discovered open port 8008/tcp on 212.102.11.4
12963Completed SYN Stealth Scan at 17:58, 460.25s elapsed (65535 total ports)
12964Initiating Service scan at 17:58
12965Scanning 3 services on AxPri.shabakah.net.sa (212.102.11.4)
12966Completed Service scan at 18:01, 161.88s elapsed (3 services on 1 host)
12967Initiating OS detection (try #1) against AxPri.shabakah.net.sa (212.102.11.4)
12968Retrying OS detection (try #2) against AxPri.shabakah.net.sa (212.102.11.4)
12969Initiating Traceroute at 18:01
12970Completed Traceroute at 18:01, 0.34s elapsed
12971Initiating Parallel DNS resolution of 2 hosts. at 18:01
12972Completed Parallel DNS resolution of 2 hosts. at 18:01, 0.00s elapsed
12973NSE: Script scanning 212.102.11.4.
12974Initiating NSE at 18:01
12975Completed NSE at 18:01, 11.81s elapsed
12976Initiating NSE at 18:01
12977Completed NSE at 18:01, 3.95s elapsed
12978Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
12979Host is up (0.34s latency).
12980Not shown: 65528 filtered ports
12981PORT STATE SERVICE VERSION
1298225/tcp closed smtp
1298380/tcp open http Apache httpd (ASP.NET)
12984|_http-server-header: Apache
12985| vulscan: VulDB - https://vuldb.com:
12986| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12987| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12988| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12989| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12990| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12991| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12992| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12993| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12994| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12995| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12996| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12997| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12998| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12999| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
13000| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
13001| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
13002| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
13003| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
13004| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
13005| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
13006| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
13007| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
13008| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
13009| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
13010| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
13011| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
13012| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
13013| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
13014| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
13015| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
13016| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
13017| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
13018| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13019| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13020| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
13021| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13022| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
13023| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
13024| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
13025| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
13026| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13027| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13028| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
13029| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
13030| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
13031| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13032| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13033| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
13034| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
13035| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13036| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13037| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
13038| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
13039| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
13040| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
13041| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
13042| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
13043| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
13044| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
13045| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
13046| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
13047| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13048| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13049| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
13050| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
13051| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13052| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
13053| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
13054| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
13055| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
13056| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
13057| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
13058| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
13059| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
13060| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
13061| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
13062| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
13063| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
13064| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
13065| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
13066| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
13067| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
13068| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
13069| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
13070| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
13071| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
13072| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
13073| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
13074| [136370] Apache Fineract up to 1.2.x sql injection
13075| [136369] Apache Fineract up to 1.2.x sql injection
13076| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
13077| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
13078| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
13079| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
13080| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
13081| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
13082| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
13083| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
13084| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
13085| [134416] Apache Sanselan 0.97-incubator Loop denial of service
13086| [134415] Apache Sanselan 0.97-incubator Hang denial of service
13087| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
13088| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
13089| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13090| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13091| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
13092| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
13093| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
13094| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
13095| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
13096| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
13097| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
13098| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
13099| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
13100| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
13101| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
13102| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
13103| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
13104| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
13105| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
13106| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
13107| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
13108| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
13109| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
13110| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
13111| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
13112| [131859] Apache Hadoop up to 2.9.1 privilege escalation
13113| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
13114| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
13115| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
13116| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
13117| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
13118| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
13119| [130629] Apache Guacamole Cookie Flag weak encryption
13120| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
13121| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
13122| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
13123| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
13124| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
13125| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
13126| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
13127| [130123] Apache Airflow up to 1.8.2 information disclosure
13128| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
13129| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
13130| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
13131| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
13132| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13133| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13134| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13135| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
13136| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
13137| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
13138| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
13139| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
13140| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13141| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
13142| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
13143| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
13144| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
13145| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
13146| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13147| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
13148| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13149| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
13150| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
13151| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
13152| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
13153| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
13154| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
13155| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
13156| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
13157| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
13158| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
13159| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
13160| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
13161| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
13162| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
13163| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
13164| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
13165| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
13166| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
13167| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
13168| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
13169| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
13170| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
13171| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
13172| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
13173| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
13174| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
13175| [127007] Apache Spark Request Code Execution
13176| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
13177| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
13178| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
13179| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
13180| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
13181| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
13182| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
13183| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
13184| [126346] Apache Tomcat Path privilege escalation
13185| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
13186| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
13187| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
13188| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
13189| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
13190| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
13191| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
13192| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
13193| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
13194| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
13195| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
13196| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13197| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
13198| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
13199| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
13200| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
13201| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
13202| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
13203| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
13204| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
13205| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
13206| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
13207| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
13208| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
13209| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
13210| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
13211| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
13212| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
13213| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
13214| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
13215| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
13216| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
13217| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
13218| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
13219| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
13220| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
13221| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
13222| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
13223| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
13224| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
13225| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
13226| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
13227| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
13228| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
13229| [123197] Apache Sentry up to 2.0.0 privilege escalation
13230| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
13231| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
13232| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
13233| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
13234| [122800] Apache Spark 1.3.0 REST API weak authentication
13235| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
13236| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
13237| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
13238| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
13239| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
13240| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
13241| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
13242| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
13243| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
13244| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
13245| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
13246| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
13247| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
13248| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
13249| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
13250| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
13251| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
13252| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
13253| [121354] Apache CouchDB HTTP API Code Execution
13254| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
13255| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
13256| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
13257| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
13258| [120168] Apache CXF weak authentication
13259| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
13260| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
13261| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
13262| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
13263| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
13264| [119306] Apache MXNet Network Interface privilege escalation
13265| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
13266| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
13267| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
13268| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
13269| [118143] Apache NiFi activemq-client Library Deserialization denial of service
13270| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
13271| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
13272| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
13273| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
13274| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
13275| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
13276| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
13277| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
13278| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
13279| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
13280| [117115] Apache Tika up to 1.17 tika-server command injection
13281| [116929] Apache Fineract getReportType Parameter privilege escalation
13282| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
13283| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
13284| [116926] Apache Fineract REST Parameter privilege escalation
13285| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
13286| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
13287| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
13288| [115883] Apache Hive up to 2.3.2 privilege escalation
13289| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
13290| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
13291| [115518] Apache Ignite 2.3 Deserialization privilege escalation
13292| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
13293| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
13294| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
13295| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
13296| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
13297| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
13298| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
13299| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
13300| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
13301| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
13302| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
13303| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
13304| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
13305| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
13306| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
13307| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
13308| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
13309| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
13310| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
13311| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
13312| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
13313| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
13314| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
13315| [113895] Apache Geode up to 1.3.x Code Execution
13316| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
13317| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
13318| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
13319| [113747] Apache Tomcat Servlets privilege escalation
13320| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
13321| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
13322| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
13323| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
13324| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
13325| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13326| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
13327| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13328| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
13329| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
13330| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
13331| [112885] Apache Allura up to 1.8.0 File information disclosure
13332| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
13333| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
13334| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
13335| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
13336| [112625] Apache POI up to 3.16 Loop denial of service
13337| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
13338| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
13339| [112339] Apache NiFi 1.5.0 Header privilege escalation
13340| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
13341| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
13342| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
13343| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
13344| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
13345| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
13346| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
13347| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
13348| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
13349| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
13350| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
13351| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
13352| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
13353| [112114] Oracle 9.1 Apache Log4j privilege escalation
13354| [112113] Oracle 9.1 Apache Log4j privilege escalation
13355| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
13356| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
13357| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
13358| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
13359| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
13360| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
13361| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
13362| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
13363| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
13364| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
13365| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
13366| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
13367| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
13368| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13369| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13370| [110701] Apache Fineract Query Parameter sql injection
13371| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13372| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13373| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13374| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13375| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13376| [110106] Apache CXF Fediz Spring cross site request forgery
13377| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13378| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13379| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13380| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13381| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13382| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13383| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13384| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13385| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13386| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13387| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13388| [108938] Apple macOS up to 10.13.1 apache denial of service
13389| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13390| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13391| [108935] Apple macOS up to 10.13.1 apache denial of service
13392| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13393| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13394| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13395| [108931] Apple macOS up to 10.13.1 apache denial of service
13396| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13397| [108929] Apple macOS up to 10.13.1 apache denial of service
13398| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13399| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13400| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13401| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13402| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13403| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13404| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13405| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13406| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13407| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13408| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13409| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13410| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13411| [108782] Apache Xerces2 XML Service denial of service
13412| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13413| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13414| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13415| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13416| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13417| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13418| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13419| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13420| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13421| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13422| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13423| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13424| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13425| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13426| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13427| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13428| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13429| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13430| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13431| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13432| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13433| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13434| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13435| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13436| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13437| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13438| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13439| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13440| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13441| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13442| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13443| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13444| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13445| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13446| [107639] Apache NiFi 1.4.0 XML External Entity
13447| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13448| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13449| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13450| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13451| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13452| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13453| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13454| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13455| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13456| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13457| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13458| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13459| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13460| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13461| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13462| [107084] Apache Struts up to 2.3.19 cross site scripting
13463| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13464| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13465| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13466| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13467| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13468| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13469| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13470| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13471| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13472| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13473| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13474| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13475| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13476| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13477| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13478| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13479| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13480| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13481| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13482| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13483| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13484| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13485| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13486| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13487| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13488| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13489| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13490| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13491| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13492| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13493| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13494| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13495| [105643] Apache Pony Mail up to 0.8b weak authentication
13496| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13497| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13498| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13499| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13500| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13501| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13502| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13503| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13504| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13505| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13506| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13507| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13508| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13509| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13510| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13511| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13512| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13513| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13514| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13515| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13516| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13517| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13518| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13519| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13520| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13521| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13522| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13523| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13524| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13525| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13526| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13527| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13528| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13529| [103690] Apache OpenMeetings 1.0.0 sql injection
13530| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13531| [103688] Apache OpenMeetings 1.0.0 weak encryption
13532| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13533| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13534| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13535| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13536| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13537| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13538| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13539| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13540| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13541| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13542| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13543| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13544| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13545| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13546| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13547| [103352] Apache Solr Node weak authentication
13548| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13549| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13550| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13551| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13552| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13553| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13554| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13555| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13556| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13557| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13558| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13559| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13560| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13561| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13562| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13563| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13564| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13565| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13566| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13567| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13568| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13569| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13570| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13571| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13572| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13573| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13574| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13575| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13576| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13577| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13578| [99937] Apache Batik up to 1.8 privilege escalation
13579| [99936] Apache FOP up to 2.1 privilege escalation
13580| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13581| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13582| [99930] Apache Traffic Server up to 6.2.0 denial of service
13583| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13584| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13585| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13586| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13587| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13588| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13589| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13590| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13591| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13592| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13593| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13594| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13595| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13596| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13597| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13598| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13599| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13600| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13601| [98605] Apple macOS up to 10.12.3 Apache denial of service
13602| [98604] Apple macOS up to 10.12.3 Apache denial of service
13603| [98603] Apple macOS up to 10.12.3 Apache denial of service
13604| [98602] Apple macOS up to 10.12.3 Apache denial of service
13605| [98601] Apple macOS up to 10.12.3 Apache denial of service
13606| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13607| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13608| [98199] Apache Camel Validation XML External Entity
13609| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13610| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13611| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13612| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13613| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13614| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13615| [97081] Apache Tomcat HTTPS Request denial of service
13616| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13617| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13618| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13619| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13620| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13621| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13622| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13623| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13624| [95311] Apache Storm UI Daemon privilege escalation
13625| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13626| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13627| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13628| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13629| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13630| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13631| [94540] Apache Tika 1.9 tika-server File information disclosure
13632| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13633| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13634| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13635| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13636| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13637| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13638| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13639| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13640| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13641| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13642| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13643| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13644| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13645| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13646| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13647| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13648| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13649| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13650| [93532] Apache Commons Collections Library Java privilege escalation
13651| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13652| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13653| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13654| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13655| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13656| [93098] Apache Commons FileUpload privilege escalation
13657| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13658| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13659| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13660| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13661| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13662| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13663| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13664| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13665| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13666| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13667| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13668| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13669| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13670| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13671| [92549] Apache Tomcat on Red Hat privilege escalation
13672| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13673| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13674| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13675| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13676| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13677| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13678| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13679| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13680| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13681| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13682| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13683| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13684| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13685| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13686| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13687| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13688| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13689| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13690| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13691| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13692| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13693| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13694| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13695| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13696| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13697| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13698| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13699| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13700| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13701| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13702| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13703| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13704| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13705| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13706| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13707| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13708| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13709| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13710| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13711| [90263] Apache Archiva Header denial of service
13712| [90262] Apache Archiva Deserialize privilege escalation
13713| [90261] Apache Archiva XML DTD Connection privilege escalation
13714| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13715| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13716| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13717| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13718| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13719| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13720| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13721| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13722| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13723| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13724| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13725| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13726| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13727| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13728| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13729| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13730| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13731| [87765] Apache James Server 2.3.2 Command privilege escalation
13732| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13733| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13734| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13735| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13736| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13737| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13738| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13739| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13740| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13741| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13742| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13743| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13744| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13745| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13746| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13747| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13748| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13749| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13750| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13751| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13752| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13753| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13754| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13755| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13756| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13757| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13758| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13759| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13760| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13761| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13762| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13763| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13764| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13765| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13766| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13767| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13768| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13769| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13770| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13771| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13772| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13773| [82076] Apache Ranger up to 0.5.1 privilege escalation
13774| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13775| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13776| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13777| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13778| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13779| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13780| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13781| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13782| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13783| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13784| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13785| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13786| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13787| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13788| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13789| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13790| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13791| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13792| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13793| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13794| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13795| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13796| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13797| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13798| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13799| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13800| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13801| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13802| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13803| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13804| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13805| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13806| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13807| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13808| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13809| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13810| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13811| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13812| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13813| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13814| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13815| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13816| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13817| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13818| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13819| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13820| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13821| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13822| [78989] Apache Ambari up to 2.1.1 Open Redirect
13823| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13824| [78987] Apache Ambari up to 2.0.x cross site scripting
13825| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13826| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13827| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13828| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13829| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13830| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13831| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13832| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13833| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13834| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13835| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13836| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13837| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13838| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13839| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13840| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13841| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13842| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13843| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13844| [76567] Apache Struts 2.3.20 unknown vulnerability
13845| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13846| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13847| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13848| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13849| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13850| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13851| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13852| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13853| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13854| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13855| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13856| [74793] Apache Tomcat File Upload denial of service
13857| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13858| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13859| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13860| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13861| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13862| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13863| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13864| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13865| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13866| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13867| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13868| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13869| [74468] Apache Batik up to 1.6 denial of service
13870| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13871| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13872| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13873| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13874| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13875| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13876| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13877| [73731] Apache XML Security unknown vulnerability
13878| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13879| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13880| [73593] Apache Traffic Server up to 5.1.0 denial of service
13881| [73511] Apache POI up to 3.10 Deadlock denial of service
13882| [73510] Apache Solr up to 4.3.0 cross site scripting
13883| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13884| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13885| [73173] Apache CloudStack Stack-Based unknown vulnerability
13886| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13887| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13888| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13889| [72890] Apache Qpid 0.30 unknown vulnerability
13890| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13891| [72878] Apache Cordova 3.5.0 cross site request forgery
13892| [72877] Apache Cordova 3.5.0 cross site request forgery
13893| [72876] Apache Cordova 3.5.0 cross site request forgery
13894| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13895| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13896| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13897| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13898| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13899| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13900| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13901| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13902| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13903| [71629] Apache Axis2/C spoofing
13904| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13905| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13906| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13907| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13908| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13909| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13910| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13911| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13912| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13913| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13914| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13915| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13916| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13917| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13918| [70809] Apache POI up to 3.11 Crash denial of service
13919| [70808] Apache POI up to 3.10 unknown vulnerability
13920| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13921| [70749] Apache Axis up to 1.4 getCN spoofing
13922| [70701] Apache Traffic Server up to 3.3.5 denial of service
13923| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13924| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13925| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13926| [70661] Apache Subversion up to 1.6.17 denial of service
13927| [70660] Apache Subversion up to 1.6.17 spoofing
13928| [70659] Apache Subversion up to 1.6.17 spoofing
13929| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13930| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13931| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13932| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13933| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13934| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13935| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13936| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13937| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13938| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13939| [69846] Apache HBase up to 0.94.8 information disclosure
13940| [69783] Apache CouchDB up to 1.2.0 memory corruption
13941| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13942| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13943| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13944| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13945| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13946| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13947| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13948| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13949| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13950| [69431] Apache Archiva up to 1.3.6 cross site scripting
13951| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13952| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13953| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13954| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13955| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13956| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13957| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13958| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13959| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13960| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13961| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13962| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13963| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13964| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13965| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13966| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13967| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13968| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13969| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13970| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13971| [66356] Apache Wicket up to 6.8.0 information disclosure
13972| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13973| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13974| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13975| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13976| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13977| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13978| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13979| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13980| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13981| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13982| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13983| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13984| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13985| [65668] Apache Solr 4.0.0 Updater denial of service
13986| [65665] Apache Solr up to 4.3.0 denial of service
13987| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13988| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13989| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13990| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13991| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13992| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13993| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13994| [65410] Apache Struts 2.3.15.3 cross site scripting
13995| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13996| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13997| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13998| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13999| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
14000| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
14001| [65340] Apache Shindig 2.5.0 information disclosure
14002| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
14003| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
14004| [10826] Apache Struts 2 File privilege escalation
14005| [65204] Apache Camel up to 2.10.1 unknown vulnerability
14006| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
14007| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
14008| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
14009| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
14010| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
14011| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
14012| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
14013| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
14014| [64722] Apache XML Security for C++ Heap-based memory corruption
14015| [64719] Apache XML Security for C++ Heap-based memory corruption
14016| [64718] Apache XML Security for C++ verify denial of service
14017| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
14018| [64716] Apache XML Security for C++ spoofing
14019| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
14020| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
14021| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
14022| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
14023| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
14024| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
14025| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
14026| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
14027| [64485] Apache Struts up to 2.2.3.0 privilege escalation
14028| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
14029| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
14030| [64467] Apache Geronimo 3.0 memory corruption
14031| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
14032| [64457] Apache Struts up to 2.2.3.0 cross site scripting
14033| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
14034| [9184] Apache Qpid up to 0.20 SSL misconfiguration
14035| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
14036| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
14037| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
14038| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
14039| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
14040| [8873] Apache Struts 2.3.14 privilege escalation
14041| [8872] Apache Struts 2.3.14 privilege escalation
14042| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
14043| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
14044| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
14045| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
14046| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
14047| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14048| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14049| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
14050| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
14051| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
14052| [64006] Apache ActiveMQ up to 5.7.0 denial of service
14053| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
14054| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
14055| [8427] Apache Tomcat Session Transaction weak authentication
14056| [63960] Apache Maven 3.0.4 Default Configuration spoofing
14057| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
14058| [63750] Apache qpid up to 0.20 checkAvailable denial of service
14059| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
14060| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
14061| [63747] Apache Rave up to 0.20 User Account information disclosure
14062| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
14063| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
14064| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
14065| [7687] Apache CXF up to 2.7.2 Token weak authentication
14066| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14067| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14068| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
14069| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
14070| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
14071| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
14072| [63090] Apache Tomcat up to 4.1.24 denial of service
14073| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
14074| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
14075| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
14076| [62833] Apache CXF -/2.6.0 spoofing
14077| [62832] Apache Axis2 up to 1.6.2 spoofing
14078| [62831] Apache Axis up to 1.4 Java Message Service spoofing
14079| [62830] Apache Commons-httpclient 3.0 Payments spoofing
14080| [62826] Apache Libcloud up to 0.11.0 spoofing
14081| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
14082| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
14083| [62661] Apache Axis2 unknown vulnerability
14084| [62658] Apache Axis2 unknown vulnerability
14085| [62467] Apache Qpid up to 0.17 denial of service
14086| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
14087| [6301] Apache HTTP Server mod_pagespeed cross site scripting
14088| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
14089| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
14090| [62035] Apache Struts up to 2.3.4 denial of service
14091| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
14092| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
14093| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
14094| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
14095| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
14096| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
14097| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
14098| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
14099| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
14100| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
14101| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
14102| [61229] Apache Sling up to 2.1.1 denial of service
14103| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
14104| [61094] Apache Roller up to 5.0 cross site scripting
14105| [61093] Apache Roller up to 5.0 cross site request forgery
14106| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
14107| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
14108| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
14109| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
14110| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
14111| [60708] Apache Qpid 0.12 unknown vulnerability
14112| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
14113| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
14114| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
14115| [4882] Apache Wicket up to 1.5.4 directory traversal
14116| [4881] Apache Wicket up to 1.4.19 cross site scripting
14117| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
14118| [60352] Apache Struts up to 2.2.3 memory corruption
14119| [60153] Apache Portable Runtime up to 1.4.3 denial of service
14120| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
14121| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
14122| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
14123| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
14124| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
14125| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
14126| [4571] Apache Struts up to 2.3.1.2 privilege escalation
14127| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
14128| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
14129| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
14130| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
14131| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
14132| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
14133| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14134| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
14135| [59888] Apache Tomcat up to 6.0.6 denial of service
14136| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
14137| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
14138| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
14139| [59850] Apache Geronimo up to 2.2.1 denial of service
14140| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
14141| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
14142| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
14143| [58413] Apache Tomcat up to 6.0.10 spoofing
14144| [58381] Apache Wicket up to 1.4.17 cross site scripting
14145| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
14146| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
14147| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
14148| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
14149| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14150| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
14151| [57568] Apache Archiva up to 1.3.4 cross site scripting
14152| [57567] Apache Archiva up to 1.3.4 cross site request forgery
14153| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
14154| [4355] Apache HTTP Server APR apr_fnmatch denial of service
14155| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
14156| [57425] Apache Struts up to 2.2.1.1 cross site scripting
14157| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
14158| [57025] Apache Tomcat up to 7.0.11 information disclosure
14159| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
14160| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
14161| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14162| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
14163| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
14164| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
14165| [56512] Apache Continuum up to 1.4.0 cross site scripting
14166| [4285] Apache Tomcat 5.x JVM getLocale denial of service
14167| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
14168| [4283] Apache Tomcat 5.x ServletContect privilege escalation
14169| [56441] Apache Tomcat up to 7.0.6 denial of service
14170| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
14171| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
14172| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
14173| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
14174| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
14175| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
14176| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
14177| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
14178| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
14179| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
14180| [54693] Apache Traffic Server DNS Cache unknown vulnerability
14181| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
14182| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
14183| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
14184| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
14185| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
14186| [54012] Apache Tomcat up to 6.0.10 denial of service
14187| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
14188| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
14189| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
14190| [52894] Apache Tomcat up to 6.0.7 information disclosure
14191| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
14192| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
14193| [52786] Apache Open For Business Project up to 09.04 cross site scripting
14194| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
14195| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
14196| [52584] Apache CouchDB up to 0.10.1 information disclosure
14197| [51757] Apache HTTP Server 2.0.44 cross site scripting
14198| [51756] Apache HTTP Server 2.0.44 spoofing
14199| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
14200| [51690] Apache Tomcat up to 6.0 directory traversal
14201| [51689] Apache Tomcat up to 6.0 information disclosure
14202| [51688] Apache Tomcat up to 6.0 directory traversal
14203| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
14204| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
14205| [50626] Apache Solr 1.0.0 cross site scripting
14206| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
14207| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
14208| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
14209| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
14210| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
14211| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
14212| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
14213| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
14214| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
14215| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
14216| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
14217| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
14218| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
14219| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
14220| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
14221| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
14222| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
14223| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
14224| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
14225| [47214] Apachefriends xampp 1.6.8 spoofing
14226| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
14227| [47162] Apachefriends XAMPP 1.4.4 weak authentication
14228| [47065] Apache Tomcat 4.1.23 cross site scripting
14229| [46834] Apache Tomcat up to 5.5.20 cross site scripting
14230| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
14231| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
14232| [86625] Apache Struts directory traversal
14233| [44461] Apache Tomcat up to 5.5.0 information disclosure
14234| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
14235| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
14236| [43663] Apache Tomcat up to 6.0.16 directory traversal
14237| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
14238| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
14239| [43516] Apache Tomcat up to 4.1.20 directory traversal
14240| [43509] Apache Tomcat up to 6.0.13 cross site scripting
14241| [42637] Apache Tomcat up to 6.0.16 cross site scripting
14242| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
14243| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
14244| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
14245| [40924] Apache Tomcat up to 6.0.15 information disclosure
14246| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
14247| [40922] Apache Tomcat up to 6.0 information disclosure
14248| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
14249| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
14250| [40656] Apache Tomcat 5.5.20 information disclosure
14251| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
14252| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
14253| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
14254| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
14255| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
14256| [40234] Apache Tomcat up to 6.0.15 directory traversal
14257| [40221] Apache HTTP Server 2.2.6 information disclosure
14258| [40027] David Castro Apache Authcas 0.4 sql injection
14259| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
14260| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
14261| [3414] Apache Tomcat WebDAV Stored privilege escalation
14262| [39489] Apache Jakarta Slide up to 2.1 directory traversal
14263| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
14264| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
14265| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
14266| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
14267| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
14268| [38524] Apache Geronimo 2.0 unknown vulnerability
14269| [3256] Apache Tomcat up to 6.0.13 cross site scripting
14270| [38331] Apache Tomcat 4.1.24 information disclosure
14271| [38330] Apache Tomcat 4.1.24 information disclosure
14272| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
14273| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
14274| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
14275| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
14276| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
14277| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
14278| [37292] Apache Tomcat up to 5.5.1 cross site scripting
14279| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
14280| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
14281| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
14282| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
14283| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
14284| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
14285| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
14286| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
14287| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
14288| [36225] XAMPP Apache Distribution 1.6.0a sql injection
14289| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
14290| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
14291| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
14292| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
14293| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
14294| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
14295| [34252] Apache HTTP Server denial of service
14296| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
14297| [33877] Apache Opentaps 0.9.3 cross site scripting
14298| [33876] Apache Open For Business Project unknown vulnerability
14299| [33875] Apache Open For Business Project cross site scripting
14300| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
14301| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
14302|
14303| MITRE CVE - https://cve.mitre.org:
14304| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
14305| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
14306| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
14307| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
14308| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
14309| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
14310| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
14311| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
14312| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
14313| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
14314| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
14315| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
14316| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
14317| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
14318| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
14319| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
14320| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
14321| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
14322| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
14323| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
14324| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
14325| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
14326| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
14327| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
14328| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
14329| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
14330| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
14331| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
14332| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
14333| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
14334| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14335| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
14336| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
14337| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
14338| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
14339| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
14340| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
14341| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
14342| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
14343| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
14344| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
14345| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14346| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14347| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14348| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14349| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
14350| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
14351| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
14352| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
14353| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
14354| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
14355| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
14356| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
14357| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
14358| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
14359| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
14360| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
14361| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
14362| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
14363| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
14364| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
14365| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
14366| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
14367| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
14368| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14369| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14370| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14371| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14372| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14373| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14374| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14375| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14376| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14377| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14378| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14379| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14380| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14381| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14382| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14383| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14384| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14385| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14386| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14387| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14388| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14389| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14390| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14391| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14392| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14393| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14394| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14395| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14396| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14397| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14398| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14399| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14400| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14401| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14402| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14403| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14404| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14405| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14406| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14407| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14408| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14409| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14410| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14411| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14412| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14413| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14414| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14415| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14416| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14417| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14418| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14419| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14420| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14421| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14422| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14423| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14424| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14425| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14426| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14427| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14428| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14429| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14430| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14431| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14432| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14433| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14434| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14435| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14436| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14437| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14438| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14439| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14440| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14441| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14442| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14443| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14444| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14445| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14446| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14447| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14448| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14449| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14450| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14451| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14452| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14453| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14454| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14455| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14456| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14457| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14458| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14459| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14460| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14461| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14462| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14463| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14464| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14465| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14466| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14467| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14468| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14469| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14470| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14471| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14472| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14473| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14474| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14475| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14476| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14477| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14478| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14479| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14480| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14481| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14482| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14483| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14484| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14485| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14486| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14487| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14488| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14489| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14490| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14491| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14492| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14493| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14494| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14495| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14496| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14497| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14498| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14499| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14500| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14501| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14502| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14503| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14504| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14505| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14506| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14507| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14508| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14509| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14510| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14511| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14512| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14513| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14514| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14515| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14516| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14517| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14518| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14519| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14520| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14521| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14522| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14523| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14524| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14525| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14526| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14527| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14528| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14529| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14530| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14531| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14532| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14533| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14534| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14535| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14536| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14537| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14538| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14539| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14540| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14541| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14542| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14543| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14544| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14545| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14546| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14547| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14548| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14549| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14550| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14551| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14552| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14553| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14554| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14555| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14556| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14557| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14558| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14559| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14560| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14561| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14562| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14563| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14564| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14565| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14566| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14567| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14568| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14569| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14570| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14571| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14572| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14573| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14574| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14575| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14576| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14577| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14578| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14579| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14580| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14581| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14582| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14583| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14584| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14585| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14586| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14587| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14588| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14589| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14590| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14591| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14592| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14593| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14594| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14595| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14596| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14597| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14598| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14599| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14600| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14601| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14602| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14603| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14604| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14605| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14606| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14607| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14608| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14609| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14610| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14611| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14612| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14613| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14614| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14615| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14616| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14617| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14618| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14619| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14620| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14621| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14622| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14623| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14624| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14625| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14626| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14627| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14628| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14629| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14630| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14631| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14632| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14633| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14634| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14635| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14636| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14637| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14638| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14639| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14640| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14641| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14642| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14643| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14644| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14645| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14646| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14647| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14648| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14649| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14650| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14651| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14652| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14653| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14654| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14655| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14656| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14657| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14658| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14659| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14660| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14661| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14662| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14663| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14664| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14665| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14666| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14667| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14668| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14669| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14670| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14671| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14672| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14673| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14674| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14675| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14676| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14677| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14678| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14679| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14680| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14681| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14682| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14683| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14684| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14685| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14686| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14687| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14688| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14689| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14690| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14691| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14692| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14693| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14694| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14695| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14696| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14697| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14698| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14699| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14700| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14701| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14702| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14703| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14704| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14705| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14706| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14707| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14708| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14709| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14710| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14711| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14712| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14713| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14714| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14715| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14716| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14717| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14718| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14719| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14720| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14721| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14722| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14723| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14724| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14725| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14726| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14727| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14728| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14729| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14730| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14731| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14732| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14733| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14734| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14735| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14736| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14737| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14738| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14739| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14740| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14741| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14742| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14743| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14744| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14745| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14746| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14747| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14748| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14749| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14750| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14751| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14752| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14753| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14754| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14755| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14756| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14757| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14758| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14759| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14760| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14761| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14762| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14763| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14764| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14765| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14766| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14767| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14768| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14769| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14770| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14771| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14772| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14773| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14774| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14775| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14776| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14777| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14778| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14779| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14780| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14781| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14782| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14783| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14784| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14785| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14786| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14787| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14788| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14789| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14790| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14791| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14792| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14793| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14794| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14795| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14796| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14797| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14798| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14799| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14800| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14801| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14802| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14803| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14804| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14805| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14806| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14807| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14808| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14809| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14810| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14811| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14812| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14813| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14814| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14815| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14816| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14817| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14818| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14819| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14820| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14821| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14822| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14823| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14824| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14825| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14826| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14827| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14828| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14829| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14830| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14831| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14832| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14833| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14834| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14835| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14836| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14837| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14838| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14839| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14840| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14841| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14842| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14843| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14844| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14845| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14846| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14847| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14848| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14849| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14850| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14851| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14852| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14853| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14854| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14855| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14856| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14857| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14858| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14859| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14860| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14861| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14862| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14863| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14864| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14865| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14866| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14867| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14868| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14869| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14870| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14871| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14872| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14873| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14874| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14875| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14876| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14877| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14878| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14879| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14880| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14881| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14882| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14883| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14884| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14885| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14886| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14887| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14888| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14889| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14890| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14891| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14892| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14893| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14894| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14895| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14896| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14897| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14898| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14899| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14900| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14901| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14902| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14903| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14904| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14905| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14906| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14907| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14908| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14909| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14910| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14911| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14912| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14913|
14914| SecurityFocus - https://www.securityfocus.com/bid/:
14915| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14916| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14917| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14918| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14919| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14920| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14921| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14922| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14923| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14924| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14925| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14926| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14927| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14928| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14929| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14930| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14931| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14932| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14933| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14934| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14935| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14936| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14937| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14938| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14939| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14940| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14941| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14942| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14943| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14944| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14945| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14946| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14947| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14948| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14949| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14950| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14951| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14952| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14953| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14954| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14955| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14956| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14957| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14958| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14959| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14960| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14961| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14962| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14963| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14964| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14965| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14966| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14967| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14968| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14969| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14970| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14971| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14972| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14973| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14974| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14975| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14976| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14977| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14978| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14979| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14980| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14981| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14982| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14983| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14984| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14985| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14986| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14987| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14988| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14989| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14990| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14991| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14992| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14993| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14994| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14995| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14996| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14997| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14998| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14999| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
15000| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
15001| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
15002| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
15003| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
15004| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
15005| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
15006| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
15007| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
15008| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
15009| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
15010| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
15011| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
15012| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
15013| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
15014| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
15015| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
15016| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
15017| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
15018| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
15019| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
15020| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
15021| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
15022| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
15023| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
15024| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
15025| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
15026| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
15027| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
15028| [100447] Apache2Triad Multiple Security Vulnerabilities
15029| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
15030| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
15031| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
15032| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
15033| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
15034| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
15035| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
15036| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
15037| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
15038| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
15039| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
15040| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
15041| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
15042| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
15043| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
15044| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
15045| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
15046| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
15047| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
15048| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
15049| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
15050| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
15051| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
15052| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
15053| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
15054| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
15055| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
15056| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
15057| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
15058| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
15059| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
15060| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
15061| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
15062| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
15063| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
15064| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
15065| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
15066| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
15067| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
15068| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
15069| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
15070| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
15071| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
15072| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
15073| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
15074| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
15075| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
15076| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
15077| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
15078| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
15079| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
15080| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
15081| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
15082| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
15083| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
15084| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
15085| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
15086| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
15087| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
15088| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
15089| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
15090| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
15091| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
15092| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
15093| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
15094| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
15095| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
15096| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
15097| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
15098| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
15099| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
15100| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
15101| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
15102| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
15103| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
15104| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
15105| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
15106| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
15107| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
15108| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
15109| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
15110| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
15111| [95675] Apache Struts Remote Code Execution Vulnerability
15112| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
15113| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
15114| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
15115| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
15116| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
15117| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
15118| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
15119| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
15120| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
15121| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
15122| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
15123| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
15124| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
15125| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
15126| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
15127| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
15128| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
15129| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
15130| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
15131| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
15132| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
15133| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
15134| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
15135| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
15136| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
15137| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
15138| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
15139| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
15140| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
15141| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
15142| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
15143| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
15144| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
15145| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
15146| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
15147| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
15148| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
15149| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
15150| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
15151| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
15152| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
15153| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
15154| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
15155| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
15156| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
15157| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
15158| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
15159| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
15160| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
15161| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
15162| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
15163| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
15164| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
15165| [91736] Apache XML-RPC Multiple Security Vulnerabilities
15166| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
15167| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
15168| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
15169| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
15170| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
15171| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
15172| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
15173| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
15174| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
15175| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
15176| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
15177| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
15178| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
15179| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
15180| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
15181| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
15182| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
15183| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
15184| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
15185| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
15186| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
15187| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
15188| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
15189| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
15190| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
15191| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
15192| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
15193| [90482] Apache CVE-2004-1387 Local Security Vulnerability
15194| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
15195| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
15196| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
15197| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
15198| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
15199| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
15200| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
15201| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
15202| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
15203| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
15204| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
15205| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
15206| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
15207| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
15208| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
15209| [86399] Apache CVE-2007-1743 Local Security Vulnerability
15210| [86397] Apache CVE-2007-1742 Local Security Vulnerability
15211| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
15212| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
15213| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
15214| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
15215| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
15216| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
15217| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
15218| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
15219| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
15220| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
15221| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
15222| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
15223| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
15224| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
15225| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
15226| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
15227| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
15228| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
15229| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
15230| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
15231| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
15232| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
15233| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
15234| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
15235| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
15236| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
15237| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
15238| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
15239| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
15240| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
15241| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
15242| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
15243| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
15244| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
15245| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
15246| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
15247| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
15248| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
15249| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
15250| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
15251| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
15252| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
15253| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
15254| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
15255| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
15256| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
15257| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
15258| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
15259| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
15260| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
15261| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
15262| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
15263| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
15264| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
15265| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
15266| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
15267| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
15268| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
15269| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
15270| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
15271| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
15272| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
15273| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
15274| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
15275| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
15276| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
15277| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
15278| [76933] Apache James Server Unspecified Command Execution Vulnerability
15279| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
15280| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
15281| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
15282| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
15283| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
15284| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
15285| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
15286| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
15287| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
15288| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
15289| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
15290| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
15291| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
15292| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
15293| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
15294| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
15295| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
15296| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
15297| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
15298| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
15299| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
15300| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
15301| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
15302| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
15303| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
15304| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
15305| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
15306| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
15307| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
15308| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
15309| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
15310| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
15311| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
15312| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
15313| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
15314| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
15315| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
15316| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
15317| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
15318| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
15319| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
15320| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
15321| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
15322| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
15323| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
15324| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
15325| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
15326| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
15327| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
15328| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
15329| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
15330| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
15331| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
15332| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
15333| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
15334| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
15335| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
15336| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
15337| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
15338| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
15339| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
15340| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
15341| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
15342| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
15343| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
15344| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
15345| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
15346| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
15347| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
15348| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
15349| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
15350| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
15351| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
15352| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
15353| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
15354| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
15355| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
15356| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
15357| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
15358| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
15359| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
15360| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
15361| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
15362| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
15363| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
15364| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
15365| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
15366| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
15367| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
15368| [68229] Apache Harmony PRNG Entropy Weakness
15369| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15370| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15371| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15372| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15373| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15374| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15375| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15376| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15377| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15378| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15379| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15380| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15381| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15382| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15383| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15384| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15385| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15386| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15387| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15388| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15389| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15390| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15391| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15392| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15393| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15394| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15395| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15396| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15397| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15398| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15399| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15400| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15401| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15402| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15403| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15404| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15405| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15406| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15407| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15408| [64780] Apache CloudStack Unauthorized Access Vulnerability
15409| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15410| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15411| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15412| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15413| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15414| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15415| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15416| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15417| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15418| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15419| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15420| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15421| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15422| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15423| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15424| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15425| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15426| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15427| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15428| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15429| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15430| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15431| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15432| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15433| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15434| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15435| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15436| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15437| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15438| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15439| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15440| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15441| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15442| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15443| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15444| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15445| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15446| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15447| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15448| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15449| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15450| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15451| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15452| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15453| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15454| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15455| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15456| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15457| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15458| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15459| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15460| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15461| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15462| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15463| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15464| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15465| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15466| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15467| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15468| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15469| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15470| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15471| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15472| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15473| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15474| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15475| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15476| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15477| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15478| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15479| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15480| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15481| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15482| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15483| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15484| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15485| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15486| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15487| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15488| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15489| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15490| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15491| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15492| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15493| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15494| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15495| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15496| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15497| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15498| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15499| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15500| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15501| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15502| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15503| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15504| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15505| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15506| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15507| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15508| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15509| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15510| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15511| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15512| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15513| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15514| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15515| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15516| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15517| [54798] Apache Libcloud Man In The Middle Vulnerability
15518| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15519| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15520| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15521| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15522| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15523| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15524| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15525| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15526| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15527| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15528| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15529| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15530| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15531| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15532| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15533| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15534| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15535| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15536| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15537| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15538| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15539| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15540| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15541| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15542| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15543| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15544| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15545| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15546| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15547| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15548| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15549| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15550| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15551| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15552| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15553| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15554| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15555| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15556| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15557| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15558| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15559| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15560| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15561| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15562| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15563| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15564| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15565| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15566| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15567| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15568| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15569| [49290] Apache Wicket Cross Site Scripting Vulnerability
15570| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15571| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15572| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15573| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15574| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15575| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15576| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15577| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15578| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15579| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15580| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15581| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15582| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15583| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15584| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15585| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15586| [46953] Apache MPM-ITK Module Security Weakness
15587| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15588| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15589| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15590| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15591| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15592| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15593| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15594| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15595| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15596| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15597| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15598| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15599| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15600| [44616] Apache Shiro Directory Traversal Vulnerability
15601| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15602| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15603| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15604| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15605| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15606| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15607| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15608| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15609| [42492] Apache CXF XML DTD Processing Security Vulnerability
15610| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15611| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15612| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15613| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15614| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15615| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15616| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15617| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15618| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15619| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15620| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15621| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15622| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15623| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15624| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15625| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15626| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15627| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15628| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15629| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15630| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15631| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15632| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15633| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15634| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15635| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15636| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15637| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15638| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15639| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15640| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15641| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15642| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15643| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15644| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15645| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15646| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15647| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15648| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15649| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15650| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15651| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15652| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15653| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15654| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15655| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15656| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15657| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15658| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15659| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15660| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15661| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15662| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15663| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15664| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15665| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15666| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15667| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15668| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15669| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15670| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15671| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15672| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15673| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15674| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15675| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15676| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15677| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15678| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15679| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15680| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15681| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15682| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15683| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15684| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15685| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15686| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15687| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15688| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15689| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15690| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15691| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15692| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15693| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15694| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15695| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15696| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15697| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15698| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15699| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15700| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15701| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15702| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15703| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15704| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15705| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15706| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15707| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15708| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15709| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15710| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15711| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15712| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15713| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15714| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15715| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15716| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15717| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15718| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15719| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15720| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15721| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15722| [20527] Apache Mod_TCL Remote Format String Vulnerability
15723| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15724| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15725| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15726| [19106] Apache Tomcat Information Disclosure Vulnerability
15727| [18138] Apache James SMTP Denial Of Service Vulnerability
15728| [17342] Apache Struts Multiple Remote Vulnerabilities
15729| [17095] Apache Log4Net Denial Of Service Vulnerability
15730| [16916] Apache mod_python FileSession Code Execution Vulnerability
15731| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15732| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15733| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15734| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15735| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15736| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15737| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15738| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15739| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15740| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15741| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15742| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15743| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15744| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15745| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15746| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15747| [14106] Apache HTTP Request Smuggling Vulnerability
15748| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15749| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15750| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15751| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15752| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15753| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15754| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15755| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15756| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15757| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15758| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15759| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15760| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15761| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15762| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15763| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15764| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15765| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15766| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15767| [11094] Apache mod_ssl Denial Of Service Vulnerability
15768| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15769| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15770| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15771| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15772| [10478] ClueCentral Apache Suexec Patch Security Weakness
15773| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15774| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15775| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15776| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15777| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15778| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15779| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15780| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15781| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15782| [9733] Apache Cygwin Directory Traversal Vulnerability
15783| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15784| [9590] Apache-SSL Client Certificate Forging Vulnerability
15785| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15786| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15787| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15788| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15789| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15790| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15791| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15792| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15793| [8898] Red Hat Apache Directory Index Default Configuration Error
15794| [8883] Apache Cocoon Directory Traversal Vulnerability
15795| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15796| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15797| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15798| [8707] Apache htpasswd Password Entropy Weakness
15799| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15800| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15801| [8226] Apache HTTP Server Multiple Vulnerabilities
15802| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15803| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15804| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15805| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15806| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15807| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15808| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15809| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15810| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15811| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15812| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15813| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15814| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15815| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15816| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15817| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15818| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15819| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15820| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15821| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15822| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15823| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15824| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15825| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15826| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15827| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15828| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15829| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15830| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15831| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15832| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15833| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15834| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15835| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15836| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15837| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15838| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15839| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15840| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15841| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15842| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15843| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15844| [5485] Apache 2.0 Path Disclosure Vulnerability
15845| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15846| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15847| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15848| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15849| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15850| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15851| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15852| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15853| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15854| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15855| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15856| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15857| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15858| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15859| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15860| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15861| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15862| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15863| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15864| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15865| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15866| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15867| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15868| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15869| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15870| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15871| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15872| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15873| [3596] Apache Split-Logfile File Append Vulnerability
15874| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15875| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15876| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15877| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15878| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15879| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15880| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15881| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15882| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15883| [3169] Apache Server Address Disclosure Vulnerability
15884| [3009] Apache Possible Directory Index Disclosure Vulnerability
15885| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15886| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15887| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15888| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15889| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15890| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15891| [2216] Apache Web Server DoS Vulnerability
15892| [2182] Apache /tmp File Race Vulnerability
15893| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15894| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15895| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15896| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15897| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15898| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15899| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15900| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15901| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15902| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15903| [1457] Apache::ASP source.asp Example Script Vulnerability
15904| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15905| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15906|
15907| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15908| [86258] Apache CloudStack text fields cross-site scripting
15909| [85983] Apache Subversion mod_dav_svn module denial of service
15910| [85875] Apache OFBiz UEL code execution
15911| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15912| [85871] Apache HTTP Server mod_session_dbd unspecified
15913| [85756] Apache Struts OGNL expression command execution
15914| [85755] Apache Struts DefaultActionMapper class open redirect
15915| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15916| [85574] Apache HTTP Server mod_dav denial of service
15917| [85573] Apache Struts Showcase App OGNL code execution
15918| [85496] Apache CXF denial of service
15919| [85423] Apache Geronimo RMI classloader code execution
15920| [85326] Apache Santuario XML Security for C++ buffer overflow
15921| [85323] Apache Santuario XML Security for Java spoofing
15922| [85319] Apache Qpid Python client SSL spoofing
15923| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15924| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15925| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15926| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15927| [84952] Apache Tomcat CVE-2012-3544 denial of service
15928| [84763] Apache Struts CVE-2013-2135 security bypass
15929| [84762] Apache Struts CVE-2013-2134 security bypass
15930| [84719] Apache Subversion CVE-2013-2088 command execution
15931| [84718] Apache Subversion CVE-2013-2112 denial of service
15932| [84717] Apache Subversion CVE-2013-1968 denial of service
15933| [84577] Apache Tomcat security bypass
15934| [84576] Apache Tomcat symlink
15935| [84543] Apache Struts CVE-2013-2115 security bypass
15936| [84542] Apache Struts CVE-2013-1966 security bypass
15937| [84154] Apache Tomcat session hijacking
15938| [84144] Apache Tomcat denial of service
15939| [84143] Apache Tomcat information disclosure
15940| [84111] Apache HTTP Server command execution
15941| [84043] Apache Virtual Computing Lab cross-site scripting
15942| [84042] Apache Virtual Computing Lab cross-site scripting
15943| [83782] Apache CloudStack information disclosure
15944| [83781] Apache CloudStack security bypass
15945| [83720] Apache ActiveMQ cross-site scripting
15946| [83719] Apache ActiveMQ denial of service
15947| [83718] Apache ActiveMQ denial of service
15948| [83263] Apache Subversion denial of service
15949| [83262] Apache Subversion denial of service
15950| [83261] Apache Subversion denial of service
15951| [83259] Apache Subversion denial of service
15952| [83035] Apache mod_ruid2 security bypass
15953| [82852] Apache Qpid federation_tag security bypass
15954| [82851] Apache Qpid qpid::framing::Buffer denial of service
15955| [82758] Apache Rave User RPC API information disclosure
15956| [82663] Apache Subversion svn_fs_file_length() denial of service
15957| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15958| [82641] Apache Qpid AMQP denial of service
15959| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15960| [82618] Apache Commons FileUpload symlink
15961| [82360] Apache HTTP Server manager interface cross-site scripting
15962| [82359] Apache HTTP Server hostnames cross-site scripting
15963| [82338] Apache Tomcat log/logdir information disclosure
15964| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15965| [82268] Apache OpenJPA deserialization command execution
15966| [81981] Apache CXF UsernameTokens security bypass
15967| [81980] Apache CXF WS-Security security bypass
15968| [81398] Apache OFBiz cross-site scripting
15969| [81240] Apache CouchDB directory traversal
15970| [81226] Apache CouchDB JSONP code execution
15971| [81225] Apache CouchDB Futon user interface cross-site scripting
15972| [81211] Apache Axis2/C SSL spoofing
15973| [81167] Apache CloudStack DeployVM information disclosure
15974| [81166] Apache CloudStack AddHost API information disclosure
15975| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15976| [80518] Apache Tomcat cross-site request forgery security bypass
15977| [80517] Apache Tomcat FormAuthenticator security bypass
15978| [80516] Apache Tomcat NIO denial of service
15979| [80408] Apache Tomcat replay-countermeasure security bypass
15980| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15981| [80317] Apache Tomcat slowloris denial of service
15982| [79984] Apache Commons HttpClient SSL spoofing
15983| [79983] Apache CXF SSL spoofing
15984| [79830] Apache Axis2/Java SSL spoofing
15985| [79829] Apache Axis SSL spoofing
15986| [79809] Apache Tomcat DIGEST security bypass
15987| [79806] Apache Tomcat parseHeaders() denial of service
15988| [79540] Apache OFBiz unspecified
15989| [79487] Apache Axis2 SAML security bypass
15990| [79212] Apache Cloudstack code execution
15991| [78734] Apache CXF SOAP Action security bypass
15992| [78730] Apache Qpid broker denial of service
15993| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15994| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15995| [78562] Apache mod_pagespeed module security bypass
15996| [78454] Apache Axis2 security bypass
15997| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15998| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15999| [78321] Apache Wicket unspecified cross-site scripting
16000| [78183] Apache Struts parameters denial of service
16001| [78182] Apache Struts cross-site request forgery
16002| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
16003| [77987] mod_rpaf module for Apache denial of service
16004| [77958] Apache Struts skill name code execution
16005| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
16006| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
16007| [77568] Apache Qpid broker security bypass
16008| [77421] Apache Libcloud spoofing
16009| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
16010| [77046] Oracle Solaris Apache HTTP Server information disclosure
16011| [76837] Apache Hadoop information disclosure
16012| [76802] Apache Sling CopyFrom denial of service
16013| [76692] Apache Hadoop symlink
16014| [76535] Apache Roller console cross-site request forgery
16015| [76534] Apache Roller weblog cross-site scripting
16016| [76152] Apache CXF elements security bypass
16017| [76151] Apache CXF child policies security bypass
16018| [75983] MapServer for Windows Apache file include
16019| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
16020| [75558] Apache POI denial of service
16021| [75545] PHP apache_request_headers() buffer overflow
16022| [75302] Apache Qpid SASL security bypass
16023| [75211] Debian GNU/Linux apache 2 cross-site scripting
16024| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
16025| [74871] Apache OFBiz FlexibleStringExpander code execution
16026| [74870] Apache OFBiz multiple cross-site scripting
16027| [74750] Apache Hadoop unspecified spoofing
16028| [74319] Apache Struts XSLTResult.java file upload
16029| [74313] Apache Traffic Server header buffer overflow
16030| [74276] Apache Wicket directory traversal
16031| [74273] Apache Wicket unspecified cross-site scripting
16032| [74181] Apache HTTP Server mod_fcgid module denial of service
16033| [73690] Apache Struts OGNL code execution
16034| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
16035| [73100] Apache MyFaces in directory traversal
16036| [73096] Apache APR hash denial of service
16037| [73052] Apache Struts name cross-site scripting
16038| [73030] Apache CXF UsernameToken security bypass
16039| [72888] Apache Struts lastName cross-site scripting
16040| [72758] Apache HTTP Server httpOnly information disclosure
16041| [72757] Apache HTTP Server MPM denial of service
16042| [72585] Apache Struts ParameterInterceptor security bypass
16043| [72438] Apache Tomcat Digest security bypass
16044| [72437] Apache Tomcat Digest security bypass
16045| [72436] Apache Tomcat DIGEST security bypass
16046| [72425] Apache Tomcat parameter denial of service
16047| [72422] Apache Tomcat request object information disclosure
16048| [72377] Apache HTTP Server scoreboard security bypass
16049| [72345] Apache HTTP Server HTTP request denial of service
16050| [72229] Apache Struts ExceptionDelegator command execution
16051| [72089] Apache Struts ParameterInterceptor directory traversal
16052| [72088] Apache Struts CookieInterceptor command execution
16053| [72047] Apache Geronimo hash denial of service
16054| [72016] Apache Tomcat hash denial of service
16055| [71711] Apache Struts OGNL expression code execution
16056| [71654] Apache Struts interfaces security bypass
16057| [71620] Apache ActiveMQ failover denial of service
16058| [71617] Apache HTTP Server mod_proxy module information disclosure
16059| [71508] Apache MyFaces EL security bypass
16060| [71445] Apache HTTP Server mod_proxy security bypass
16061| [71203] Apache Tomcat servlets privilege escalation
16062| [71181] Apache HTTP Server ap_pregsub() denial of service
16063| [71093] Apache HTTP Server ap_pregsub() buffer overflow
16064| [70336] Apache HTTP Server mod_proxy information disclosure
16065| [69804] Apache HTTP Server mod_proxy_ajp denial of service
16066| [69472] Apache Tomcat AJP security bypass
16067| [69396] Apache HTTP Server ByteRange filter denial of service
16068| [69394] Apache Wicket multi window support cross-site scripting
16069| [69176] Apache Tomcat XML information disclosure
16070| [69161] Apache Tomcat jsvc information disclosure
16071| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
16072| [68541] Apache Tomcat sendfile information disclosure
16073| [68420] Apache XML Security denial of service
16074| [68238] Apache Tomcat JMX information disclosure
16075| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
16076| [67804] Apache Subversion control rules information disclosure
16077| [67803] Apache Subversion control rules denial of service
16078| [67802] Apache Subversion baselined denial of service
16079| [67672] Apache Archiva multiple cross-site scripting
16080| [67671] Apache Archiva multiple cross-site request forgery
16081| [67564] Apache APR apr_fnmatch() denial of service
16082| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
16083| [67515] Apache Tomcat annotations security bypass
16084| [67480] Apache Struts s:submit information disclosure
16085| [67414] Apache APR apr_fnmatch() denial of service
16086| [67356] Apache Struts javatemplates cross-site scripting
16087| [67354] Apache Struts Xwork cross-site scripting
16088| [66676] Apache Tomcat HTTP BIO information disclosure
16089| [66675] Apache Tomcat web.xml security bypass
16090| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
16091| [66241] Apache HttpComponents information disclosure
16092| [66154] Apache Tomcat ServletSecurity security bypass
16093| [65971] Apache Tomcat ServletSecurity security bypass
16094| [65876] Apache Subversion mod_dav_svn denial of service
16095| [65343] Apache Continuum unspecified cross-site scripting
16096| [65162] Apache Tomcat NIO connector denial of service
16097| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
16098| [65160] Apache Tomcat HTML Manager interface cross-site scripting
16099| [65159] Apache Tomcat ServletContect security bypass
16100| [65050] Apache CouchDB web-based administration UI cross-site scripting
16101| [64773] Oracle HTTP Server Apache Plugin unauthorized access
16102| [64473] Apache Subversion blame -g denial of service
16103| [64472] Apache Subversion walk() denial of service
16104| [64407] Apache Axis2 CVE-2010-0219 code execution
16105| [63926] Apache Archiva password privilege escalation
16106| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
16107| [63493] Apache Archiva credentials cross-site request forgery
16108| [63477] Apache Tomcat HttpOnly session hijacking
16109| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
16110| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
16111| [62959] Apache Shiro filters security bypass
16112| [62790] Apache Perl cgi module denial of service
16113| [62576] Apache Qpid exchange denial of service
16114| [62575] Apache Qpid AMQP denial of service
16115| [62354] Apache Qpid SSL denial of service
16116| [62235] Apache APR-util apr_brigade_split_line() denial of service
16117| [62181] Apache XML-RPC SAX Parser information disclosure
16118| [61721] Apache Traffic Server cache poisoning
16119| [61202] Apache Derby BUILTIN authentication functionality information disclosure
16120| [61186] Apache CouchDB Futon cross-site request forgery
16121| [61169] Apache CXF DTD denial of service
16122| [61070] Apache Jackrabbit search.jsp SQL injection
16123| [61006] Apache SLMS Quoting cross-site request forgery
16124| [60962] Apache Tomcat time cross-site scripting
16125| [60883] Apache mod_proxy_http information disclosure
16126| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
16127| [60264] Apache Tomcat Transfer-Encoding denial of service
16128| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
16129| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
16130| [59413] Apache mod_proxy_http timeout information disclosure
16131| [59058] Apache MyFaces unencrypted view state cross-site scripting
16132| [58827] Apache Axis2 xsd file include
16133| [58790] Apache Axis2 modules cross-site scripting
16134| [58299] Apache ActiveMQ queueBrowse cross-site scripting
16135| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
16136| [58056] Apache ActiveMQ .jsp source code disclosure
16137| [58055] Apache Tomcat realm name information disclosure
16138| [58046] Apache HTTP Server mod_auth_shadow security bypass
16139| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
16140| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
16141| [57429] Apache CouchDB algorithms information disclosure
16142| [57398] Apache ActiveMQ Web console cross-site request forgery
16143| [57397] Apache ActiveMQ createDestination.action cross-site scripting
16144| [56653] Apache HTTP Server DNS spoofing
16145| [56652] Apache HTTP Server DNS cross-site scripting
16146| [56625] Apache HTTP Server request header information disclosure
16147| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
16148| [56623] Apache HTTP Server mod_proxy_ajp denial of service
16149| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
16150| [55857] Apache Tomcat WAR files directory traversal
16151| [55856] Apache Tomcat autoDeploy attribute security bypass
16152| [55855] Apache Tomcat WAR directory traversal
16153| [55210] Intuit component for Joomla! Apache information disclosure
16154| [54533] Apache Tomcat 404 error page cross-site scripting
16155| [54182] Apache Tomcat admin default password
16156| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
16157| [53666] Apache HTTP Server Solaris pollset support denial of service
16158| [53650] Apache HTTP Server HTTP basic-auth module security bypass
16159| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
16160| [53041] mod_proxy_ftp module for Apache denial of service
16161| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
16162| [51953] Apache Tomcat Path Disclosure
16163| [51952] Apache Tomcat Path Traversal
16164| [51951] Apache stronghold-status Information Disclosure
16165| [51950] Apache stronghold-info Information Disclosure
16166| [51949] Apache PHP Source Code Disclosure
16167| [51948] Apache Multiviews Attack
16168| [51946] Apache JServ Environment Status Information Disclosure
16169| [51945] Apache error_log Information Disclosure
16170| [51944] Apache Default Installation Page Pattern Found
16171| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
16172| [51942] Apache AXIS XML External Entity File Retrieval
16173| [51941] Apache AXIS Sample Servlet Information Leak
16174| [51940] Apache access_log Information Disclosure
16175| [51626] Apache mod_deflate denial of service
16176| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
16177| [51365] Apache Tomcat RequestDispatcher security bypass
16178| [51273] Apache HTTP Server Incomplete Request denial of service
16179| [51195] Apache Tomcat XML information disclosure
16180| [50994] Apache APR-util xml/apr_xml.c denial of service
16181| [50993] Apache APR-util apr_brigade_vprintf denial of service
16182| [50964] Apache APR-util apr_strmatch_precompile() denial of service
16183| [50930] Apache Tomcat j_security_check information disclosure
16184| [50928] Apache Tomcat AJP denial of service
16185| [50884] Apache HTTP Server XML ENTITY denial of service
16186| [50808] Apache HTTP Server AllowOverride privilege escalation
16187| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
16188| [50059] Apache mod_proxy_ajp information disclosure
16189| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
16190| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
16191| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
16192| [49921] Apache ActiveMQ Web interface cross-site scripting
16193| [49898] Apache Geronimo Services/Repository directory traversal
16194| [49725] Apache Tomcat mod_jk module information disclosure
16195| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
16196| [49712] Apache Struts unspecified cross-site scripting
16197| [49213] Apache Tomcat cal2.jsp cross-site scripting
16198| [48934] Apache Tomcat POST doRead method information disclosure
16199| [48211] Apache Tomcat header HTTP request smuggling
16200| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
16201| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
16202| [47709] Apache Roller "
16203| [47104] Novell Netware ApacheAdmin console security bypass
16204| [47086] Apache HTTP Server OS fingerprinting unspecified
16205| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
16206| [45791] Apache Tomcat RemoteFilterValve security bypass
16207| [44435] Oracle WebLogic Apache Connector buffer overflow
16208| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
16209| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
16210| [44156] Apache Tomcat RequestDispatcher directory traversal
16211| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
16212| [43885] Oracle WebLogic Server Apache Connector buffer overflow
16213| [42987] Apache HTTP Server mod_proxy module denial of service
16214| [42915] Apache Tomcat JSP files path disclosure
16215| [42914] Apache Tomcat MS-DOS path disclosure
16216| [42892] Apache Tomcat unspecified unauthorized access
16217| [42816] Apache Tomcat Host Manager cross-site scripting
16218| [42303] Apache 403 error cross-site scripting
16219| [41618] Apache-SSL ExpandCert() authentication bypass
16220| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
16221| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
16222| [40614] Apache mod_jk2 HTTP Host header buffer overflow
16223| [40562] Apache Geronimo init information disclosure
16224| [40478] Novell Web Manager webadmin-apache.conf security bypass
16225| [40411] Apache Tomcat exception handling information disclosure
16226| [40409] Apache Tomcat native (APR based) connector weak security
16227| [40403] Apache Tomcat quotes and %5C cookie information disclosure
16228| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
16229| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
16230| [39867] Apache HTTP Server mod_negotiation cross-site scripting
16231| [39804] Apache Tomcat SingleSignOn information disclosure
16232| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
16233| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
16234| [39608] Apache HTTP Server balancer manager cross-site request forgery
16235| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
16236| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
16237| [39472] Apache HTTP Server mod_status cross-site scripting
16238| [39201] Apache Tomcat JULI logging weak security
16239| [39158] Apache HTTP Server Windows SMB shares information disclosure
16240| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
16241| [38951] Apache::AuthCAS Perl module cookie SQL injection
16242| [38800] Apache HTTP Server 413 error page cross-site scripting
16243| [38211] Apache Geronimo SQLLoginModule authentication bypass
16244| [37243] Apache Tomcat WebDAV directory traversal
16245| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
16246| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
16247| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
16248| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
16249| [36782] Apache Geronimo MEJB unauthorized access
16250| [36586] Apache HTTP Server UTF-7 cross-site scripting
16251| [36468] Apache Geronimo LoginModule security bypass
16252| [36467] Apache Tomcat functions.jsp cross-site scripting
16253| [36402] Apache Tomcat calendar cross-site request forgery
16254| [36354] Apache HTTP Server mod_proxy module denial of service
16255| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
16256| [36336] Apache Derby lock table privilege escalation
16257| [36335] Apache Derby schema privilege escalation
16258| [36006] Apache Tomcat "
16259| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
16260| [35999] Apache Tomcat \"
16261| [35795] Apache Tomcat CookieExample cross-site scripting
16262| [35536] Apache Tomcat SendMailServlet example cross-site scripting
16263| [35384] Apache HTTP Server mod_cache module denial of service
16264| [35097] Apache HTTP Server mod_status module cross-site scripting
16265| [35095] Apache HTTP Server Prefork MPM module denial of service
16266| [34984] Apache HTTP Server recall_headers information disclosure
16267| [34966] Apache HTTP Server MPM content spoofing
16268| [34965] Apache HTTP Server MPM information disclosure
16269| [34963] Apache HTTP Server MPM multiple denial of service
16270| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
16271| [34869] Apache Tomcat JSP example Web application cross-site scripting
16272| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
16273| [34496] Apache Tomcat JK Connector security bypass
16274| [34377] Apache Tomcat hello.jsp cross-site scripting
16275| [34212] Apache Tomcat SSL configuration security bypass
16276| [34210] Apache Tomcat Accept-Language cross-site scripting
16277| [34209] Apache Tomcat calendar application cross-site scripting
16278| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
16279| [34167] Apache Axis WSDL file path disclosure
16280| [34068] Apache Tomcat AJP connector information disclosure
16281| [33584] Apache HTTP Server suEXEC privilege escalation
16282| [32988] Apache Tomcat proxy module directory traversal
16283| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
16284| [32708] Debian Apache tty privilege escalation
16285| [32441] ApacheStats extract() PHP call unspecified
16286| [32128] Apache Tomcat default account
16287| [31680] Apache Tomcat RequestParamExample cross-site scripting
16288| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
16289| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
16290| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
16291| [30456] Apache mod_auth_kerb off-by-one buffer overflow
16292| [29550] Apache mod_tcl set_var() format string
16293| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
16294| [28357] Apache HTTP Server mod_alias script source information disclosure
16295| [28063] Apache mod_rewrite off-by-one buffer overflow
16296| [27902] Apache Tomcat URL information disclosure
16297| [26786] Apache James SMTP server denial of service
16298| [25680] libapache2 /tmp/svn file upload
16299| [25614] Apache Struts lookupMap cross-site scripting
16300| [25613] Apache Struts ActionForm denial of service
16301| [25612] Apache Struts isCancelled() security bypass
16302| [24965] Apache mod_python FileSession command execution
16303| [24716] Apache James spooler memory leak denial of service
16304| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
16305| [24158] Apache Geronimo jsp-examples cross-site scripting
16306| [24030] Apache auth_ldap module multiple format strings
16307| [24008] Apache mod_ssl custom error message denial of service
16308| [24003] Apache mod_auth_pgsql module multiple syslog format strings
16309| [23612] Apache mod_imap referer field cross-site scripting
16310| [23173] Apache Struts error message cross-site scripting
16311| [22942] Apache Tomcat directory listing denial of service
16312| [22858] Apache Multi-Processing Module code allows denial of service
16313| [22602] RHSA-2005:582 updates for Apache httpd not installed
16314| [22520] Apache mod-auth-shadow "
16315| [22466] ApacheTop symlink
16316| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
16317| [22006] Apache HTTP Server byte-range filter denial of service
16318| [21567] Apache mod_ssl off-by-one buffer overflow
16319| [21195] Apache HTTP Server header HTTP request smuggling
16320| [20383] Apache HTTP Server htdigest buffer overflow
16321| [19681] Apache Tomcat AJP12 request denial of service
16322| [18993] Apache HTTP server check_forensic symlink attack
16323| [18790] Apache Tomcat Manager cross-site scripting
16324| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
16325| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
16326| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
16327| [17961] Apache Web server ServerTokens has not been set
16328| [17930] Apache HTTP Server HTTP GET request denial of service
16329| [17785] Apache mod_include module buffer overflow
16330| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
16331| [17473] Apache HTTP Server Satisfy directive allows access to resources
16332| [17413] Apache htpasswd buffer overflow
16333| [17384] Apache HTTP Server environment variable configuration file buffer overflow
16334| [17382] Apache HTTP Server IPv6 apr_util denial of service
16335| [17366] Apache HTTP Server mod_dav module LOCK denial of service
16336| [17273] Apache HTTP Server speculative mode denial of service
16337| [17200] Apache HTTP Server mod_ssl denial of service
16338| [16890] Apache HTTP Server server-info request has been detected
16339| [16889] Apache HTTP Server server-status request has been detected
16340| [16705] Apache mod_ssl format string attack
16341| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
16342| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
16343| [16230] Apache HTTP Server PHP denial of service
16344| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
16345| [15958] Apache HTTP Server authentication modules memory corruption
16346| [15547] Apache HTTP Server mod_disk_cache local information disclosure
16347| [15540] Apache HTTP Server socket starvation denial of service
16348| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
16349| [15422] Apache HTTP Server mod_access information disclosure
16350| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
16351| [15293] Apache for Cygwin "
16352| [15065] Apache-SSL has a default password
16353| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
16354| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
16355| [14751] Apache Mod_python output filter information disclosure
16356| [14125] Apache HTTP Server mod_userdir module information disclosure
16357| [14075] Apache HTTP Server mod_php file descriptor leak
16358| [13703] Apache HTTP Server account
16359| [13689] Apache HTTP Server configuration allows symlinks
16360| [13688] Apache HTTP Server configuration allows SSI
16361| [13687] Apache HTTP Server Server: header value
16362| [13685] Apache HTTP Server ServerTokens value
16363| [13684] Apache HTTP Server ServerSignature value
16364| [13672] Apache HTTP Server config allows directory autoindexing
16365| [13671] Apache HTTP Server default content
16366| [13670] Apache HTTP Server config file directive references outside content root
16367| [13668] Apache HTTP Server httpd not running in chroot environment
16368| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16369| [13664] Apache HTTP Server config file contains ScriptAlias entry
16370| [13663] Apache HTTP Server CGI support modules loaded
16371| [13661] Apache HTTP Server config file contains AddHandler entry
16372| [13660] Apache HTTP Server 500 error page not CGI script
16373| [13659] Apache HTTP Server 413 error page not CGI script
16374| [13658] Apache HTTP Server 403 error page not CGI script
16375| [13657] Apache HTTP Server 401 error page not CGI script
16376| [13552] Apache HTTP Server mod_cgid module information disclosure
16377| [13550] Apache GET request directory traversal
16378| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16379| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16380| [13429] Apache Tomcat non-HTTP request denial of service
16381| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16382| [13295] Apache weak password encryption
16383| [13254] Apache Tomcat .jsp cross-site scripting
16384| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16385| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16386| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16387| [12662] Apache HTTP Server rotatelogs denial of service
16388| [12554] Apache Tomcat stores password in plain text
16389| [12553] Apache HTTP Server redirects and subrequests denial of service
16390| [12552] Apache HTTP Server FTP proxy server denial of service
16391| [12551] Apache HTTP Server prefork MPM denial of service
16392| [12550] Apache HTTP Server weaker than expected encryption
16393| [12549] Apache HTTP Server type-map file denial of service
16394| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16395| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16396| [12091] Apache HTTP Server apr_password_validate denial of service
16397| [12090] Apache HTTP Server apr_psprintf code execution
16398| [11804] Apache HTTP Server mod_access_referer denial of service
16399| [11750] Apache HTTP Server could leak sensitive file descriptors
16400| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16401| [11703] Apache long slash path allows directory listing
16402| [11695] Apache HTTP Server LF (Line Feed) denial of service
16403| [11694] Apache HTTP Server filestat.c denial of service
16404| [11438] Apache HTTP Server MIME message boundaries information disclosure
16405| [11412] Apache HTTP Server error log terminal escape sequence injection
16406| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16407| [11195] Apache Tomcat web.xml could be used to read files
16408| [11194] Apache Tomcat URL appended with a null character could list directories
16409| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16410| [11126] Apache HTTP Server illegal character file disclosure
16411| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16412| [11124] Apache HTTP Server DOS device name denial of service
16413| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16414| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16415| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16416| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16417| [10499] Apache HTTP Server WebDAV HTTP POST view source
16418| [10457] Apache HTTP Server mod_ssl "
16419| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16420| [10414] Apache HTTP Server htdigest multiple buffer overflows
16421| [10413] Apache HTTP Server htdigest temporary file race condition
16422| [10412] Apache HTTP Server htpasswd temporary file race condition
16423| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16424| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16425| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16426| [10280] Apache HTTP Server shared memory scorecard overwrite
16427| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16428| [10241] Apache HTTP Server Host: header cross-site scripting
16429| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16430| [10208] Apache HTTP Server mod_dav denial of service
16431| [10206] HP VVOS Apache mod_ssl denial of service
16432| [10200] Apache HTTP Server stderr denial of service
16433| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16434| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16435| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16436| [10098] Slapper worm targets OpenSSL/Apache systems
16437| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16438| [9875] Apache HTTP Server .var file request could disclose installation path
16439| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16440| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16441| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16442| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16443| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16444| [9396] Apache Tomcat null character to threads denial of service
16445| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16446| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16447| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16448| [8932] Apache Tomcat example class information disclosure
16449| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16450| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16451| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16452| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16453| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16454| [8400] Apache HTTP Server mod_frontpage buffer overflows
16455| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16456| [8308] Apache "
16457| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16458| [8119] Apache and PHP OPTIONS request reveals "
16459| [8054] Apache is running on the system
16460| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16461| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16462| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16463| [7836] Apache HTTP Server log directory denial of service
16464| [7815] Apache for Windows "
16465| [7810] Apache HTTP request could result in unexpected behavior
16466| [7599] Apache Tomcat reveals installation path
16467| [7494] Apache "
16468| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16469| [7363] Apache Web Server hidden HTTP requests
16470| [7249] Apache mod_proxy denial of service
16471| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16472| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16473| [7059] Apache "
16474| [7057] Apache "
16475| [7056] Apache "
16476| [7055] Apache "
16477| [7054] Apache "
16478| [6997] Apache Jakarta Tomcat error message may reveal information
16479| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16480| [6970] Apache crafted HTTP request could reveal the internal IP address
16481| [6921] Apache long slash path allows directory listing
16482| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16483| [6527] Apache Web Server for Windows and OS2 denial of service
16484| [6316] Apache Jakarta Tomcat may reveal JSP source code
16485| [6305] Apache Jakarta Tomcat directory traversal
16486| [5926] Linux Apache symbolic link
16487| [5659] Apache Web server discloses files when used with php script
16488| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16489| [5204] Apache WebDAV directory listings
16490| [5197] Apache Web server reveals CGI script source code
16491| [5160] Apache Jakarta Tomcat default installation
16492| [5099] Trustix Secure Linux installs Apache with world writable access
16493| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16494| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16495| [4931] Apache source.asp example file allows users to write to files
16496| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16497| [4205] Apache Jakarta Tomcat delivers file contents
16498| [2084] Apache on Debian by default serves the /usr/doc directory
16499| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16500| [697] Apache HTTP server beck exploit
16501| [331] Apache cookies buffer overflow
16502|
16503| Exploit-DB - https://www.exploit-db.com:
16504| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16505| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16506| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16507| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16508| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16509| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16510| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16511| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16512| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16513| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16514| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16515| [29859] Apache Roller OGNL Injection
16516| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16517| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16518| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16519| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16520| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16521| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16522| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16523| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16524| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16525| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16526| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16527| [27096] Apache Geronimo 1.0 Error Page XSS
16528| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16529| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16530| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16531| [25986] Plesk Apache Zeroday Remote Exploit
16532| [25980] Apache Struts includeParams Remote Code Execution
16533| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16534| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16535| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16536| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16537| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16538| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16539| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16540| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16541| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16542| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16543| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16544| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16545| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16546| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16547| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16548| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16549| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16550| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16551| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16552| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16553| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16554| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16555| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16556| [21719] Apache 2.0 Path Disclosure Vulnerability
16557| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16558| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16559| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16560| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16561| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16562| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16563| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16564| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16565| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16566| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16567| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16568| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16569| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16570| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16571| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16572| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16573| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16574| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16575| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16576| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16577| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16578| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16579| [20558] Apache 1.2 Web Server DoS Vulnerability
16580| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16581| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16582| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16583| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16584| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16585| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16586| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16587| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16588| [19231] PHP apache_request_headers Function Buffer Overflow
16589| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16590| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16591| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16592| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16593| [18442] Apache httpOnly Cookie Disclosure
16594| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16595| [18221] Apache HTTP Server Denial of Service
16596| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16597| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16598| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16599| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16600| [16782] Apache Win32 Chunked Encoding
16601| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16602| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16603| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16604| [15319] Apache 2.2 (Windows) Local Denial of Service
16605| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16606| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16607| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16608| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16609| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16610| [12330] Apache OFBiz - Multiple XSS
16611| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16612| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16613| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16614| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16615| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16616| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16617| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16618| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16619| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16620| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16621| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16622| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16623| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16624| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16625| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16626| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16627| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16628| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16629| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16630| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16631| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16632| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16633| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16634| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16635| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16636| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16637| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16638| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16639| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16640| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16641| [466] htpasswd Apache 1.3.31 - Local Exploit
16642| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16643| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16644| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16645| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16646| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16647| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16648| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16649| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16650| [9] Apache HTTP Server 2.x Memory Leak Exploit
16651|
16652| OpenVAS (Nessus) - http://www.openvas.org:
16653| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16654| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16655| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16656| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16657| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16658| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16659| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16660| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16661| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16662| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16663| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16664| [900571] Apache APR-Utils Version Detection
16665| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16666| [900496] Apache Tiles Multiple XSS Vulnerability
16667| [900493] Apache Tiles Version Detection
16668| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16669| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16670| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16671| [870175] RedHat Update for apache RHSA-2008:0004-01
16672| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16673| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16674| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16675| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16676| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16677| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16678| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16679| [855821] Solaris Update for Apache 1.3 122912-19
16680| [855812] Solaris Update for Apache 1.3 122911-19
16681| [855737] Solaris Update for Apache 1.3 122911-17
16682| [855731] Solaris Update for Apache 1.3 122912-17
16683| [855695] Solaris Update for Apache 1.3 122911-16
16684| [855645] Solaris Update for Apache 1.3 122912-16
16685| [855587] Solaris Update for kernel update and Apache 108529-29
16686| [855566] Solaris Update for Apache 116973-07
16687| [855531] Solaris Update for Apache 116974-07
16688| [855524] Solaris Update for Apache 2 120544-14
16689| [855494] Solaris Update for Apache 1.3 122911-15
16690| [855478] Solaris Update for Apache Security 114145-11
16691| [855472] Solaris Update for Apache Security 113146-12
16692| [855179] Solaris Update for Apache 1.3 122912-15
16693| [855147] Solaris Update for kernel update and Apache 108528-29
16694| [855077] Solaris Update for Apache 2 120543-14
16695| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16696| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16697| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16698| [841209] Ubuntu Update for apache2 USN-1627-1
16699| [840900] Ubuntu Update for apache2 USN-1368-1
16700| [840798] Ubuntu Update for apache2 USN-1259-1
16701| [840734] Ubuntu Update for apache2 USN-1199-1
16702| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16703| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16704| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16705| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16706| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16707| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16708| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16709| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16710| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16711| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16712| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16713| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16714| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16715| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16716| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16717| [835188] HP-UX Update for Apache HPSBUX02308
16718| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16719| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16720| [835172] HP-UX Update for Apache HPSBUX02365
16721| [835168] HP-UX Update for Apache HPSBUX02313
16722| [835148] HP-UX Update for Apache HPSBUX01064
16723| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16724| [835131] HP-UX Update for Apache HPSBUX00256
16725| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16726| [835104] HP-UX Update for Apache HPSBUX00224
16727| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16728| [835101] HP-UX Update for Apache HPSBUX01232
16729| [835080] HP-UX Update for Apache HPSBUX02273
16730| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16731| [835044] HP-UX Update for Apache HPSBUX01019
16732| [835040] HP-UX Update for Apache PHP HPSBUX00207
16733| [835025] HP-UX Update for Apache HPSBUX00197
16734| [835023] HP-UX Update for Apache HPSBUX01022
16735| [835022] HP-UX Update for Apache HPSBUX02292
16736| [835005] HP-UX Update for Apache HPSBUX02262
16737| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16738| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16739| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16740| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16741| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16742| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16743| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16744| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16745| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16746| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16747| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16748| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16749| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16750| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16751| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16752| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16753| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16754| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16755| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16756| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16757| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16758| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16759| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16760| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16761| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16762| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16763| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16764| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16765| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16766| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16767| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16768| [801942] Apache Archiva Multiple Vulnerabilities
16769| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16770| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16771| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16772| [801284] Apache Derby Information Disclosure Vulnerability
16773| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16774| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16775| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16776| [800680] Apache APR Version Detection
16777| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16778| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16779| [800677] Apache Roller Version Detection
16780| [800279] Apache mod_jk Module Version Detection
16781| [800278] Apache Struts Cross Site Scripting Vulnerability
16782| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16783| [800276] Apache Struts Version Detection
16784| [800271] Apache Struts Directory Traversal Vulnerability
16785| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16786| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16787| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16788| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16789| [103074] Apache Continuum Cross Site Scripting Vulnerability
16790| [103073] Apache Continuum Detection
16791| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16792| [101023] Apache Open For Business Weak Password security check
16793| [101020] Apache Open For Business HTML injection vulnerability
16794| [101019] Apache Open For Business service detection
16795| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16796| [100923] Apache Archiva Detection
16797| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16798| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16799| [100813] Apache Axis2 Detection
16800| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16801| [100795] Apache Derby Detection
16802| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16803| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16804| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16805| [100514] Apache Multiple Security Vulnerabilities
16806| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16807| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16808| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16809| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16810| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16811| [72612] FreeBSD Ports: apache22
16812| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16813| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16814| [71512] FreeBSD Ports: apache
16815| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16816| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16817| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16818| [70737] FreeBSD Ports: apache
16819| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16820| [70600] FreeBSD Ports: apache
16821| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16822| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16823| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16824| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16825| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16826| [67868] FreeBSD Ports: apache
16827| [66816] FreeBSD Ports: apache
16828| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16829| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16830| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16831| [66081] SLES11: Security update for Apache 2
16832| [66074] SLES10: Security update for Apache 2
16833| [66070] SLES9: Security update for Apache 2
16834| [65998] SLES10: Security update for apache2-mod_python
16835| [65893] SLES10: Security update for Apache 2
16836| [65888] SLES10: Security update for Apache 2
16837| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16838| [65510] SLES9: Security update for Apache 2
16839| [65472] SLES9: Security update for Apache
16840| [65467] SLES9: Security update for Apache
16841| [65450] SLES9: Security update for apache2
16842| [65390] SLES9: Security update for Apache2
16843| [65363] SLES9: Security update for Apache2
16844| [65309] SLES9: Security update for Apache and mod_ssl
16845| [65296] SLES9: Security update for webdav apache module
16846| [65283] SLES9: Security update for Apache2
16847| [65249] SLES9: Security update for Apache 2
16848| [65230] SLES9: Security update for Apache 2
16849| [65228] SLES9: Security update for Apache 2
16850| [65212] SLES9: Security update for apache2-mod_python
16851| [65209] SLES9: Security update for apache2-worker
16852| [65207] SLES9: Security update for Apache 2
16853| [65168] SLES9: Security update for apache2-mod_python
16854| [65142] SLES9: Security update for Apache2
16855| [65136] SLES9: Security update for Apache 2
16856| [65132] SLES9: Security update for apache
16857| [65131] SLES9: Security update for Apache 2 oes/CORE
16858| [65113] SLES9: Security update for apache2
16859| [65072] SLES9: Security update for apache and mod_ssl
16860| [65017] SLES9: Security update for Apache 2
16861| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16862| [64783] FreeBSD Ports: apache
16863| [64774] Ubuntu USN-802-2 (apache2)
16864| [64653] Ubuntu USN-813-2 (apache2)
16865| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16866| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16867| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16868| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16869| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16870| [64443] Ubuntu USN-802-1 (apache2)
16871| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16872| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16873| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16874| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16875| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16876| [64201] Ubuntu USN-787-1 (apache2)
16877| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16878| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16879| [63565] FreeBSD Ports: apache
16880| [63562] Ubuntu USN-731-1 (apache2)
16881| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16882| [61185] FreeBSD Ports: apache
16883| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16884| [60387] Slackware Advisory SSA:2008-045-02 apache
16885| [58826] FreeBSD Ports: apache-tomcat
16886| [58825] FreeBSD Ports: apache-tomcat
16887| [58804] FreeBSD Ports: apache
16888| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16889| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16890| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16891| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16892| [57335] Debian Security Advisory DSA 1167-1 (apache)
16893| [57201] Debian Security Advisory DSA 1131-1 (apache)
16894| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16895| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16896| [57145] FreeBSD Ports: apache
16897| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16898| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16899| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16900| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16901| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16902| [56067] FreeBSD Ports: apache
16903| [55803] Slackware Advisory SSA:2005-310-04 apache
16904| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16905| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16906| [55355] FreeBSD Ports: apache
16907| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16908| [55261] Debian Security Advisory DSA 805-1 (apache2)
16909| [55259] Debian Security Advisory DSA 803-1 (apache)
16910| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16911| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16912| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16913| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16914| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16915| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16916| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16917| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16918| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16919| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16920| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16921| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16922| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16923| [54439] FreeBSD Ports: apache
16924| [53931] Slackware Advisory SSA:2004-133-01 apache
16925| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16926| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16927| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16928| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16929| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16930| [53848] Debian Security Advisory DSA 131-1 (apache)
16931| [53784] Debian Security Advisory DSA 021-1 (apache)
16932| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16933| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16934| [53735] Debian Security Advisory DSA 187-1 (apache)
16935| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16936| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16937| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16938| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16939| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16940| [53282] Debian Security Advisory DSA 594-1 (apache)
16941| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16942| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16943| [53215] Debian Security Advisory DSA 525-1 (apache)
16944| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16945| [52529] FreeBSD Ports: apache+ssl
16946| [52501] FreeBSD Ports: apache
16947| [52461] FreeBSD Ports: apache
16948| [52390] FreeBSD Ports: apache
16949| [52389] FreeBSD Ports: apache
16950| [52388] FreeBSD Ports: apache
16951| [52383] FreeBSD Ports: apache
16952| [52339] FreeBSD Ports: apache+mod_ssl
16953| [52331] FreeBSD Ports: apache
16954| [52329] FreeBSD Ports: ru-apache+mod_ssl
16955| [52314] FreeBSD Ports: apache
16956| [52310] FreeBSD Ports: apache
16957| [15588] Detect Apache HTTPS
16958| [15555] Apache mod_proxy content-length buffer overflow
16959| [15554] Apache mod_include priviledge escalation
16960| [14771] Apache <= 1.3.33 htpasswd local overflow
16961| [14177] Apache mod_access rule bypass
16962| [13644] Apache mod_rootme Backdoor
16963| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16964| [12280] Apache Connection Blocking Denial of Service
16965| [12239] Apache Error Log Escape Sequence Injection
16966| [12123] Apache Tomcat source.jsp malformed request information disclosure
16967| [12085] Apache Tomcat servlet/JSP container default files
16968| [11438] Apache Tomcat Directory Listing and File disclosure
16969| [11204] Apache Tomcat Default Accounts
16970| [11092] Apache 2.0.39 Win32 directory traversal
16971| [11046] Apache Tomcat TroubleShooter Servlet Installed
16972| [11042] Apache Tomcat DOS Device Name XSS
16973| [11041] Apache Tomcat /servlet Cross Site Scripting
16974| [10938] Apache Remote Command Execution via .bat files
16975| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16976| [10773] MacOS X Finder reveals contents of Apache Web files
16977| [10766] Apache UserDir Sensitive Information Disclosure
16978| [10756] MacOS X Finder reveals contents of Apache Web directories
16979| [10752] Apache Auth Module SQL Insertion Attack
16980| [10704] Apache Directory Listing
16981| [10678] Apache /server-info accessible
16982| [10677] Apache /server-status accessible
16983| [10440] Check for Apache Multiple / vulnerability
16984|
16985| SecurityTracker - https://www.securitytracker.com:
16986| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16987| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16988| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16989| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16990| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16991| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16992| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16993| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16994| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16995| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16996| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16997| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16998| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16999| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17000| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
17001| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
17002| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
17003| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
17004| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
17005| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
17006| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
17007| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
17008| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
17009| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17010| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
17011| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17012| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17013| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
17014| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
17015| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17016| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
17017| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
17018| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
17019| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
17020| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
17021| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
17022| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
17023| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
17024| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
17025| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
17026| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
17027| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
17028| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
17029| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
17030| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
17031| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
17032| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17033| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
17034| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
17035| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
17036| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
17037| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
17038| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
17039| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
17040| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
17041| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
17042| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
17043| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
17044| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
17045| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
17046| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
17047| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
17048| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
17049| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
17050| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
17051| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
17052| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
17053| [1024096] Apache mod_proxy_http May Return Results for a Different Request
17054| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
17055| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
17056| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
17057| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
17058| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
17059| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
17060| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
17061| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
17062| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
17063| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
17064| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
17065| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
17066| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
17067| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17068| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
17069| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
17070| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
17071| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
17072| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
17073| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17074| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
17075| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
17076| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
17077| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
17078| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
17079| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
17080| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
17081| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
17082| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
17083| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
17084| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
17085| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
17086| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
17087| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
17088| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
17089| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
17090| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
17091| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
17092| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
17093| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
17094| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
17095| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
17096| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
17097| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
17098| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
17099| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
17100| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
17101| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
17102| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
17103| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
17104| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
17105| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
17106| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
17107| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
17108| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
17109| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
17110| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
17111| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
17112| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
17113| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
17114| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
17115| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
17116| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
17117| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
17118| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
17119| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
17120| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
17121| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
17122| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
17123| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
17124| [1008920] Apache mod_digest May Validate Replayed Client Responses
17125| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
17126| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
17127| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
17128| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
17129| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
17130| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
17131| [1008030] Apache mod_rewrite Contains a Buffer Overflow
17132| [1008029] Apache mod_alias Contains a Buffer Overflow
17133| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
17134| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
17135| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
17136| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
17137| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
17138| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
17139| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
17140| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
17141| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
17142| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
17143| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
17144| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
17145| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
17146| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
17147| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
17148| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
17149| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
17150| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
17151| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
17152| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
17153| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
17154| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
17155| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
17156| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
17157| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
17158| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
17159| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
17160| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
17161| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
17162| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
17163| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
17164| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
17165| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
17166| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
17167| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
17168| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
17169| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
17170| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
17171| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17172| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17173| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
17174| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
17175| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
17176| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
17177| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
17178| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
17179| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
17180| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
17181| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
17182| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
17183| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
17184| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
17185| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
17186| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
17187| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
17188| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
17189|
17190| OSVDB - http://www.osvdb.org:
17191| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
17192| [96077] Apache CloudStack Global Settings Multiple Field XSS
17193| [96076] Apache CloudStack Instances Menu Display Name Field XSS
17194| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
17195| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
17196| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
17197| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
17198| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
17199| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
17200| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
17201| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
17202| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
17203| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17204| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
17205| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
17206| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
17207| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
17208| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17209| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
17210| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
17211| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
17212| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
17213| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
17214| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
17215| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
17216| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
17217| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
17218| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
17219| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
17220| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
17221| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
17222| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
17223| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
17224| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
17225| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
17226| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
17227| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
17228| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
17229| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
17230| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
17231| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
17232| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
17233| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
17234| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
17235| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
17236| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
17237| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
17238| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
17239| [94279] Apache Qpid CA Certificate Validation Bypass
17240| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
17241| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
17242| [94042] Apache Axis JAX-WS Java Unspecified Exposure
17243| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
17244| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
17245| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
17246| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
17247| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
17248| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
17249| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
17250| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
17251| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
17252| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
17253| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
17254| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
17255| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
17256| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
17257| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
17258| [93541] Apache Solr json.wrf Callback XSS
17259| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
17260| [93521] Apache jUDDI Security API Token Session Persistence Weakness
17261| [93520] Apache CloudStack Default SSL Key Weakness
17262| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
17263| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
17264| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
17265| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
17266| [93515] Apache HBase table.jsp name Parameter XSS
17267| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
17268| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
17269| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
17270| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
17271| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
17272| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
17273| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
17274| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
17275| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
17276| [93252] Apache Tomcat FORM Authenticator Session Fixation
17277| [93172] Apache Camel camel/endpoints/ Endpoint XSS
17278| [93171] Apache Sling HtmlResponse Error Message XSS
17279| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
17280| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
17281| [93168] Apache Click ErrorReport.java id Parameter XSS
17282| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
17283| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
17284| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
17285| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
17286| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
17287| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
17288| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
17289| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
17290| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
17291| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
17292| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
17293| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
17294| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
17295| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
17296| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
17297| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
17298| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
17299| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
17300| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
17301| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
17302| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
17303| [93144] Apache Solr Admin Command Execution CSRF
17304| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
17305| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
17306| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
17307| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
17308| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
17309| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
17310| [92748] Apache CloudStack VM Console Access Restriction Bypass
17311| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
17312| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
17313| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
17314| [92706] Apache ActiveMQ Debug Log Rendering XSS
17315| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
17316| [92270] Apache Tomcat Unspecified CSRF
17317| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
17318| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
17319| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
17320| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
17321| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
17322| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
17323| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
17324| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
17325| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
17326| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
17327| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
17328| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
17329| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
17330| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
17331| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
17332| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
17333| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
17334| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
17335| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
17336| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
17337| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
17338| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
17339| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
17340| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
17341| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
17342| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
17343| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
17344| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
17345| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
17346| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
17347| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
17348| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
17349| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
17350| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
17351| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
17352| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
17353| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
17354| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
17355| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
17356| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
17357| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
17358| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
17359| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
17360| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
17361| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
17362| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
17363| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
17364| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
17365| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
17366| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
17367| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
17368| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17369| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17370| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17371| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17372| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17373| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17374| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17375| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17376| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17377| [86901] Apache Tomcat Error Message Path Disclosure
17378| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17379| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17380| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17381| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17382| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17383| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17384| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17385| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17386| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17387| [85430] Apache mod_pagespeed Module Unspecified XSS
17388| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17389| [85249] Apache Wicket Unspecified XSS
17390| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17391| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17392| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17393| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17394| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17395| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17396| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17397| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17398| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17399| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17400| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17401| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17402| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17403| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17404| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17405| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17406| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17407| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17408| [83339] Apache Roller Blogger Roll Unspecified XSS
17409| [83270] Apache Roller Unspecified Admin Action CSRF
17410| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17411| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17412| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17413| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17414| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17415| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17416| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17417| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17418| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17419| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17420| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17421| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17422| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17423| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17424| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17425| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17426| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17427| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17428| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17429| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17430| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17431| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17432| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17433| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17434| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17435| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17436| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17437| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17438| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17439| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17440| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17441| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17442| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17443| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17444| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17445| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17446| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17447| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17448| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17449| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17450| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17451| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17452| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17453| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17454| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17455| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17456| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17457| [77593] Apache Struts Conversion Error OGNL Expression Injection
17458| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17459| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17460| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17461| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17462| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17463| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17464| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17465| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17466| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17467| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17468| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17469| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17470| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17471| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17472| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17473| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17474| [74725] Apache Wicket Multi Window Support Unspecified XSS
17475| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17476| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17477| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17478| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17479| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17480| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17481| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17482| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17483| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17484| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17485| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17486| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17487| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17488| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17489| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17490| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17491| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17492| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17493| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17494| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17495| [73154] Apache Archiva Multiple Unspecified CSRF
17496| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17497| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17498| [72238] Apache Struts Action / Method Names <
17499| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17500| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17501| [71557] Apache Tomcat HTML Manager Multiple XSS
17502| [71075] Apache Archiva User Management Page XSS
17503| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17504| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17505| [70924] Apache Continuum Multiple Admin Function CSRF
17506| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17507| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17508| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17509| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17510| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17511| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17512| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17513| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17514| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17515| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17516| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17517| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17518| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17519| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17520| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17521| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17522| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17523| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17524| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17525| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17526| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17527| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17528| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17529| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17530| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17531| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17532| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17533| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17534| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17535| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17536| [65054] Apache ActiveMQ Jetty Error Handler XSS
17537| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17538| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17539| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17540| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17541| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17542| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17543| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17544| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17545| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17546| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17547| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17548| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17549| [63895] Apache HTTP Server mod_headers Unspecified Issue
17550| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17551| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17552| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17553| [63140] Apache Thrift Service Malformed Data Remote DoS
17554| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17555| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17556| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17557| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17558| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17559| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17560| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17561| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17562| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17563| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17564| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17565| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17566| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17567| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17568| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17569| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17570| [60678] Apache Roller Comment Email Notification Manipulation DoS
17571| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17572| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17573| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17574| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17575| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17576| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17577| [60232] PHP on Apache php.exe Direct Request Remote DoS
17578| [60176] Apache Tomcat Windows Installer Admin Default Password
17579| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17580| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17581| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17582| [59944] Apache Hadoop jobhistory.jsp XSS
17583| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17584| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17585| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17586| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17587| [59019] Apache mod_python Cookie Salting Weakness
17588| [59018] Apache Harmony Error Message Handling Overflow
17589| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17590| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17591| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17592| [59010] Apache Solr get-file.jsp XSS
17593| [59009] Apache Solr action.jsp XSS
17594| [59008] Apache Solr analysis.jsp XSS
17595| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17596| [59006] Apache Beehive select / checkbox Tag XSS
17597| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17598| [59004] Apache Beehive Error Message XSS
17599| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17600| [59002] Apache Jetspeed default-page.psml URI XSS
17601| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17602| [59000] Apache CXF Unsigned Message Policy Bypass
17603| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17604| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17605| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17606| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17607| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17608| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17609| [58993] Apache Hadoop browseBlock.jsp XSS
17610| [58991] Apache Hadoop browseDirectory.jsp XSS
17611| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17612| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17613| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17614| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17615| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17616| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17617| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17618| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17619| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17620| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17621| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17622| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17623| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17624| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17625| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17626| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17627| [58974] Apache Sling /apps Script User Session Management Access Weakness
17628| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17629| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17630| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17631| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17632| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17633| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17634| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17635| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17636| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17637| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17638| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17639| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17640| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17641| [58805] Apache Derby Unauthenticated Database / Admin Access
17642| [58804] Apache Wicket Header Contribution Unspecified Issue
17643| [58803] Apache Wicket Session Fixation
17644| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17645| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17646| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17647| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17648| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17649| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17650| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17651| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17652| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17653| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17654| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17655| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17656| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17657| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17658| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17659| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17660| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17661| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17662| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17663| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17664| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17665| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17666| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17667| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17668| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17669| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17670| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17671| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17672| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17673| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17674| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17675| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17676| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17677| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17678| [58755] Apache Harmony DRLVM Non-public Class Member Access
17679| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17680| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17681| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17682| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17683| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17684| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17685| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17686| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17687| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17688| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17689| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17690| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17691| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17692| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17693| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17694| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17695| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17696| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17697| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17698| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17699| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17700| [58724] Apache Roller Logout Functionality Failure Session Persistence
17701| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17702| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17703| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17704| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17705| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17706| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17707| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17708| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17709| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17710| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17711| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17712| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17713| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17714| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17715| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17716| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17717| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17718| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17719| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17720| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17721| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17722| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17723| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17724| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17725| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17726| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17727| [58687] Apache Axis Invalid wsdl Request XSS
17728| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17729| [58685] Apache Velocity Template Designer Privileged Code Execution
17730| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17731| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17732| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17733| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17734| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17735| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17736| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17737| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17738| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17739| [58667] Apache Roller Database Cleartext Passwords Disclosure
17740| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17741| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17742| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17743| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17744| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17745| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17746| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17747| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17748| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17749| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17750| [56984] Apache Xerces2 Java Malformed XML Input DoS
17751| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17752| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17753| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17754| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17755| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17756| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17757| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17758| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17759| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17760| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17761| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17762| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17763| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17764| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17765| [55056] Apache Tomcat Cross-application TLD File Manipulation
17766| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17767| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17768| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17769| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17770| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17771| [54589] Apache Jserv Nonexistent JSP Request XSS
17772| [54122] Apache Struts s:a / s:url Tag href Element XSS
17773| [54093] Apache ActiveMQ Web Console JMS Message XSS
17774| [53932] Apache Geronimo Multiple Admin Function CSRF
17775| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17776| [53930] Apache Geronimo /console/portal/ URI XSS
17777| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17778| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17779| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17780| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17781| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17782| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17783| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17784| [53380] Apache Struts Unspecified XSS
17785| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17786| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17787| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17788| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17789| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17790| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17791| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17792| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17793| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17794| [51151] Apache Roller Search Function q Parameter XSS
17795| [50482] PHP with Apache php_value Order Unspecified Issue
17796| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17797| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17798| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17799| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17800| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17801| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17802| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17803| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17804| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17805| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17806| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17807| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17808| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17809| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17810| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17811| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17812| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17813| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17814| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17815| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17816| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17817| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17818| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17819| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17820| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17821| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17822| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17823| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17824| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17825| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17826| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17827| [43452] Apache Tomcat HTTP Request Smuggling
17828| [43309] Apache Geronimo LoginModule Login Method Bypass
17829| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17830| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17831| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17832| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17833| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17834| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17835| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17836| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17837| [42091] Apache Maven Site Plugin Installation Permission Weakness
17838| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17839| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17840| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17841| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17842| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17843| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17844| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17845| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17846| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17847| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17848| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17849| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17850| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17851| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17852| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17853| [40262] Apache HTTP Server mod_status refresh XSS
17854| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17855| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17856| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17857| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17858| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17859| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17860| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17861| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17862| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17863| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17864| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17865| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17866| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17867| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17868| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17869| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17870| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17871| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17872| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17873| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17874| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17875| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17876| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17877| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17878| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17879| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17880| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17881| [36079] Apache Tomcat Manager Uploaded Filename XSS
17882| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17883| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17884| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17885| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17886| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17887| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17888| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17889| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17890| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17891| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17892| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17893| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17894| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17895| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17896| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17897| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17898| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17899| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17900| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17901| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17902| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17903| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17904| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17905| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17906| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17907| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17908| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17909| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17910| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17911| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17912| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17913| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17914| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17915| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17916| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17917| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17918| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17919| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17920| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17921| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17922| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17923| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17924| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17925| [24365] Apache Struts Multiple Function Error Message XSS
17926| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17927| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17928| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17929| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17930| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17931| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17932| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17933| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17934| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17935| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17936| [22459] Apache Geronimo Error Page XSS
17937| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17938| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17939| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17940| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17941| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17942| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17943| [21021] Apache Struts Error Message XSS
17944| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17945| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17946| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17947| [20439] Apache Tomcat Directory Listing Saturation DoS
17948| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17949| [20285] Apache HTTP Server Log File Control Character Injection
17950| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17951| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17952| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17953| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17954| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17955| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17956| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17957| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17958| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17959| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17960| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17961| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17962| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17963| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17964| [18233] Apache HTTP Server htdigest user Variable Overfow
17965| [17738] Apache HTTP Server HTTP Request Smuggling
17966| [16586] Apache HTTP Server Win32 GET Overflow DoS
17967| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17968| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17969| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17970| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17971| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17972| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17973| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17974| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17975| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17976| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17977| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17978| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17979| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17980| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17981| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17982| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17983| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17984| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17985| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17986| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17987| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17988| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17989| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17990| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17991| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17992| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17993| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17994| [13304] Apache Tomcat realPath.jsp Path Disclosure
17995| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17996| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17997| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17998| [12848] Apache HTTP Server htdigest realm Variable Overflow
17999| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
18000| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
18001| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
18002| [12557] Apache HTTP Server prefork MPM accept Error DoS
18003| [12233] Apache Tomcat MS-DOS Device Name Request DoS
18004| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
18005| [12231] Apache Tomcat web.xml Arbitrary File Access
18006| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
18007| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
18008| [12178] Apache Jakarta Lucene results.jsp XSS
18009| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
18010| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
18011| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
18012| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
18013| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
18014| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
18015| [10471] Apache Xerces-C++ XML Parser DoS
18016| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
18017| [10068] Apache HTTP Server htpasswd Local Overflow
18018| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
18019| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
18020| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
18021| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
18022| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
18023| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
18024| [9717] Apache HTTP Server mod_cookies Cookie Overflow
18025| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
18026| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
18027| [9714] Apache Authentication Module Threaded MPM DoS
18028| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
18029| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
18030| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
18031| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
18032| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
18033| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
18034| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
18035| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
18036| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
18037| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
18038| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
18039| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
18040| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
18041| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
18042| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
18043| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
18044| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
18045| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
18046| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
18047| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
18048| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
18049| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
18050| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
18051| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
18052| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
18053| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
18054| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
18055| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
18056| [9208] Apache Tomcat .jsp Encoded Newline XSS
18057| [9204] Apache Tomcat ROOT Application XSS
18058| [9203] Apache Tomcat examples Application XSS
18059| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
18060| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
18061| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
18062| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
18063| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
18064| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
18065| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
18066| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
18067| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
18068| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
18069| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
18070| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
18071| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
18072| [7611] Apache HTTP Server mod_alias Local Overflow
18073| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
18074| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
18075| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
18076| [6882] Apache mod_python Malformed Query String Variant DoS
18077| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
18078| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
18079| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
18080| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
18081| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
18082| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
18083| [5526] Apache Tomcat Long .JSP URI Path Disclosure
18084| [5278] Apache Tomcat web.xml Restriction Bypass
18085| [5051] Apache Tomcat Null Character DoS
18086| [4973] Apache Tomcat servlet Mapping XSS
18087| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
18088| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
18089| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
18090| [4568] mod_survey For Apache ENV Tags SQL Injection
18091| [4553] Apache HTTP Server ApacheBench Overflow DoS
18092| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
18093| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
18094| [4383] Apache HTTP Server Socket Race Condition DoS
18095| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
18096| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
18097| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
18098| [4231] Apache Cocoon Error Page Server Path Disclosure
18099| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
18100| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
18101| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
18102| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
18103| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
18104| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
18105| [3322] mod_php for Apache HTTP Server Process Hijack
18106| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
18107| [2885] Apache mod_python Malformed Query String DoS
18108| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
18109| [2733] Apache HTTP Server mod_rewrite Local Overflow
18110| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
18111| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
18112| [2149] Apache::Gallery Privilege Escalation
18113| [2107] Apache HTTP Server mod_ssl Host: Header XSS
18114| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
18115| [1833] Apache HTTP Server Multiple Slash GET Request DoS
18116| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
18117| [872] Apache Tomcat Multiple Default Accounts
18118| [862] Apache HTTP Server SSI Error Page XSS
18119| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
18120| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
18121| [845] Apache Tomcat MSDOS Device XSS
18122| [844] Apache Tomcat Java Servlet Error Page XSS
18123| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
18124| [838] Apache HTTP Server Chunked Encoding Remote Overflow
18125| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
18126| [775] Apache mod_python Module Importing Privilege Function Execution
18127| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
18128| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
18129| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
18130| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
18131| [637] Apache HTTP Server UserDir Directive Username Enumeration
18132| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
18133| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
18134| [562] Apache HTTP Server mod_info /server-info Information Disclosure
18135| [561] Apache Web Servers mod_status /server-status Information Disclosure
18136| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
18137| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
18138| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
18139| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
18140| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
18141| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
18142| [376] Apache Tomcat contextAdmin Arbitrary File Access
18143| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
18144| [222] Apache HTTP Server test-cgi Arbitrary File Access
18145| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
18146| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
18147|_
18148113/tcp closed ident
18149139/tcp closed netbios-ssn
18150443/tcp open ssl/http Apache httpd
18151|_http-server-header: Apache
18152| vulscan: VulDB - https://vuldb.com:
18153| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
18154| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
18155| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
18156| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
18157| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
18158| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
18159| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
18160| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
18161| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
18162| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
18163| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
18164| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
18165| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
18166| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
18167| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
18168| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
18169| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
18170| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
18171| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
18172| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
18173| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
18174| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
18175| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
18176| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
18177| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
18178| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
18179| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
18180| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
18181| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
18182| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
18183| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
18184| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
18185| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
18186| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
18187| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
18188| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
18189| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
18190| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
18191| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
18192| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
18193| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
18194| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
18195| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
18196| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
18197| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
18198| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
18199| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
18200| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
18201| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
18202| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
18203| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
18204| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
18205| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
18206| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
18207| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
18208| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
18209| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
18210| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
18211| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
18212| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
18213| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
18214| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
18215| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
18216| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
18217| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
18218| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18219| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
18220| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
18221| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
18222| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
18223| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
18224| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
18225| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
18226| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
18227| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
18228| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
18229| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
18230| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
18231| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
18232| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
18233| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
18234| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
18235| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
18236| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
18237| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
18238| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
18239| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
18240| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
18241| [136370] Apache Fineract up to 1.2.x sql injection
18242| [136369] Apache Fineract up to 1.2.x sql injection
18243| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
18244| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
18245| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
18246| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
18247| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
18248| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
18249| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
18250| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
18251| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
18252| [134416] Apache Sanselan 0.97-incubator Loop denial of service
18253| [134415] Apache Sanselan 0.97-incubator Hang denial of service
18254| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
18255| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
18256| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
18257| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
18258| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
18259| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
18260| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
18261| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
18262| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
18263| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
18264| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
18265| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
18266| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
18267| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
18268| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
18269| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
18270| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
18271| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
18272| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
18273| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
18274| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
18275| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
18276| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
18277| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
18278| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
18279| [131859] Apache Hadoop up to 2.9.1 privilege escalation
18280| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
18281| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
18282| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
18283| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
18284| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
18285| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
18286| [130629] Apache Guacamole Cookie Flag weak encryption
18287| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
18288| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
18289| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
18290| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
18291| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
18292| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
18293| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
18294| [130123] Apache Airflow up to 1.8.2 information disclosure
18295| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
18296| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
18297| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
18298| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
18299| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18300| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18301| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18302| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
18303| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
18304| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
18305| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
18306| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
18307| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18308| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
18309| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
18310| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
18311| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
18312| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
18313| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18314| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
18315| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18316| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
18317| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
18318| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
18319| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
18320| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
18321| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
18322| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
18323| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
18324| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
18325| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
18326| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
18327| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
18328| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
18329| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
18330| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
18331| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
18332| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
18333| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
18334| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
18335| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
18336| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
18337| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
18338| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
18339| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
18340| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
18341| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
18342| [127007] Apache Spark Request Code Execution
18343| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
18344| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
18345| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
18346| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
18347| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
18348| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
18349| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
18350| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
18351| [126346] Apache Tomcat Path privilege escalation
18352| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
18353| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
18354| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
18355| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
18356| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
18357| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
18358| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
18359| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
18360| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
18361| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
18362| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
18363| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
18364| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
18365| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
18366| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
18367| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
18368| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
18369| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
18370| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
18371| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
18372| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
18373| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
18374| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
18375| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
18376| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
18377| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
18378| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
18379| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
18380| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
18381| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
18382| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
18383| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
18384| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
18385| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
18386| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
18387| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
18388| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
18389| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
18390| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
18391| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
18392| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
18393| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
18394| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
18395| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
18396| [123197] Apache Sentry up to 2.0.0 privilege escalation
18397| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
18398| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
18399| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
18400| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
18401| [122800] Apache Spark 1.3.0 REST API weak authentication
18402| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
18403| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
18404| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
18405| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
18406| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
18407| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
18408| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
18409| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
18410| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
18411| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
18412| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
18413| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
18414| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
18415| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
18416| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
18417| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
18418| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
18419| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
18420| [121354] Apache CouchDB HTTP API Code Execution
18421| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
18422| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
18423| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
18424| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
18425| [120168] Apache CXF weak authentication
18426| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
18427| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
18428| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
18429| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
18430| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
18431| [119306] Apache MXNet Network Interface privilege escalation
18432| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
18433| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
18434| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
18435| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
18436| [118143] Apache NiFi activemq-client Library Deserialization denial of service
18437| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
18438| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
18439| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
18440| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
18441| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
18442| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
18443| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
18444| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
18445| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
18446| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
18447| [117115] Apache Tika up to 1.17 tika-server command injection
18448| [116929] Apache Fineract getReportType Parameter privilege escalation
18449| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
18450| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
18451| [116926] Apache Fineract REST Parameter privilege escalation
18452| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
18453| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
18454| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
18455| [115883] Apache Hive up to 2.3.2 privilege escalation
18456| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
18457| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
18458| [115518] Apache Ignite 2.3 Deserialization privilege escalation
18459| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
18460| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
18461| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
18462| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
18463| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
18464| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
18465| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
18466| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
18467| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
18468| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
18469| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
18470| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
18471| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
18472| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
18473| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
18474| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
18475| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
18476| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
18477| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
18478| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
18479| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
18480| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
18481| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
18482| [113895] Apache Geode up to 1.3.x Code Execution
18483| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
18484| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
18485| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
18486| [113747] Apache Tomcat Servlets privilege escalation
18487| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
18488| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
18489| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
18490| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
18491| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
18492| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18493| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
18494| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18495| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
18496| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
18497| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
18498| [112885] Apache Allura up to 1.8.0 File information disclosure
18499| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
18500| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
18501| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
18502| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
18503| [112625] Apache POI up to 3.16 Loop denial of service
18504| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
18505| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
18506| [112339] Apache NiFi 1.5.0 Header privilege escalation
18507| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
18508| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
18509| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
18510| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
18511| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
18512| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
18513| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
18514| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
18515| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
18516| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
18517| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
18518| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
18519| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
18520| [112114] Oracle 9.1 Apache Log4j privilege escalation
18521| [112113] Oracle 9.1 Apache Log4j privilege escalation
18522| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
18523| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
18524| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
18525| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
18526| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
18527| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
18528| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
18529| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
18530| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
18531| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
18532| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
18533| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
18534| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
18535| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
18536| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
18537| [110701] Apache Fineract Query Parameter sql injection
18538| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
18539| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
18540| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
18541| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
18542| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
18543| [110106] Apache CXF Fediz Spring cross site request forgery
18544| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
18545| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
18546| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
18547| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
18548| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
18549| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
18550| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
18551| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
18552| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
18553| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
18554| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
18555| [108938] Apple macOS up to 10.13.1 apache denial of service
18556| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
18557| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
18558| [108935] Apple macOS up to 10.13.1 apache denial of service
18559| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
18560| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
18561| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
18562| [108931] Apple macOS up to 10.13.1 apache denial of service
18563| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
18564| [108929] Apple macOS up to 10.13.1 apache denial of service
18565| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
18566| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
18567| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
18568| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
18569| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
18570| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
18571| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
18572| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
18573| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
18574| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
18575| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
18576| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
18577| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
18578| [108782] Apache Xerces2 XML Service denial of service
18579| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
18580| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
18581| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
18582| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
18583| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
18584| [108629] Apache OFBiz up to 10.04.01 privilege escalation
18585| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
18586| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
18587| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
18588| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
18589| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
18590| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
18591| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
18592| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
18593| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
18594| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
18595| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
18596| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
18597| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
18598| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
18599| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
18600| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
18601| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
18602| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18603| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
18604| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
18605| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
18606| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
18607| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
18608| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
18609| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
18610| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
18611| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
18612| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
18613| [107639] Apache NiFi 1.4.0 XML External Entity
18614| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
18615| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
18616| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
18617| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
18618| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
18619| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
18620| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
18621| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
18622| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
18623| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
18624| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
18625| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18626| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18627| [107197] Apache Xerces Jelly Parser XML File XML External Entity
18628| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
18629| [107084] Apache Struts up to 2.3.19 cross site scripting
18630| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
18631| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
18632| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
18633| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
18634| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
18635| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
18636| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
18637| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
18638| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
18639| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
18640| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
18641| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
18642| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18643| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18644| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
18645| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
18646| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
18647| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
18648| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
18649| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
18650| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
18651| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
18652| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
18653| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
18654| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
18655| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
18656| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
18657| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
18658| [105878] Apache Struts up to 2.3.24.0 privilege escalation
18659| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
18660| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
18661| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
18662| [105643] Apache Pony Mail up to 0.8b weak authentication
18663| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
18664| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
18665| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
18666| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
18667| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
18668| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
18669| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
18670| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
18671| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
18672| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
18673| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
18674| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
18675| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
18676| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
18677| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
18678| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
18679| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
18680| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
18681| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
18682| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
18683| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
18684| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
18685| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
18686| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
18687| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
18688| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
18689| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
18690| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
18691| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
18692| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
18693| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
18694| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
18695| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
18696| [103690] Apache OpenMeetings 1.0.0 sql injection
18697| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
18698| [103688] Apache OpenMeetings 1.0.0 weak encryption
18699| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
18700| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
18701| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
18702| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
18703| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
18704| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
18705| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
18706| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
18707| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
18708| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
18709| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
18710| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
18711| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
18712| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
18713| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
18714| [103352] Apache Solr Node weak authentication
18715| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
18716| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
18717| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
18718| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
18719| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
18720| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
18721| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
18722| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
18723| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
18724| [102536] Apache Ranger up to 0.6 Stored cross site scripting
18725| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
18726| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
18727| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
18728| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
18729| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
18730| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
18731| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
18732| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
18733| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
18734| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
18735| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
18736| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
18737| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
18738| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
18739| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
18740| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
18741| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
18742| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
18743| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
18744| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
18745| [99937] Apache Batik up to 1.8 privilege escalation
18746| [99936] Apache FOP up to 2.1 privilege escalation
18747| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
18748| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
18749| [99930] Apache Traffic Server up to 6.2.0 denial of service
18750| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
18751| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
18752| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
18753| [117569] Apache Hadoop up to 2.7.3 privilege escalation
18754| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
18755| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
18756| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
18757| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
18758| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
18759| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
18760| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
18761| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
18762| [99014] Apache Camel Jackson/JacksonXML privilege escalation
18763| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18764| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
18765| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18766| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
18767| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
18768| [98605] Apple macOS up to 10.12.3 Apache denial of service
18769| [98604] Apple macOS up to 10.12.3 Apache denial of service
18770| [98603] Apple macOS up to 10.12.3 Apache denial of service
18771| [98602] Apple macOS up to 10.12.3 Apache denial of service
18772| [98601] Apple macOS up to 10.12.3 Apache denial of service
18773| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
18774| [98405] Apache Hadoop up to 0.23.10 privilege escalation
18775| [98199] Apache Camel Validation XML External Entity
18776| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
18777| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
18778| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
18779| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
18780| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
18781| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
18782| [97081] Apache Tomcat HTTPS Request denial of service
18783| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
18784| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
18785| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
18786| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
18787| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
18788| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
18789| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
18790| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
18791| [95311] Apache Storm UI Daemon privilege escalation
18792| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
18793| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
18794| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
18795| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
18796| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
18797| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
18798| [94540] Apache Tika 1.9 tika-server File information disclosure
18799| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
18800| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
18801| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
18802| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
18803| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
18804| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
18805| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18806| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18807| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
18808| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
18809| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
18810| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
18811| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
18812| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
18813| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18814| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18815| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
18816| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
18817| [93532] Apache Commons Collections Library Java privilege escalation
18818| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
18819| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
18820| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
18821| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
18822| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
18823| [93098] Apache Commons FileUpload privilege escalation
18824| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
18825| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
18826| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
18827| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
18828| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
18829| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
18830| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
18831| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
18832| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
18833| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
18834| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
18835| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
18836| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
18837| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
18838| [92549] Apache Tomcat on Red Hat privilege escalation
18839| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
18840| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
18841| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
18842| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
18843| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
18844| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
18845| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
18846| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
18847| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
18848| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
18849| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
18850| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
18851| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
18852| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
18853| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
18854| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
18855| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
18856| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
18857| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
18858| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
18859| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
18860| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
18861| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
18862| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
18863| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
18864| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
18865| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
18866| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
18867| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
18868| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
18869| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
18870| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
18871| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
18872| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
18873| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
18874| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
18875| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
18876| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
18877| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
18878| [90263] Apache Archiva Header denial of service
18879| [90262] Apache Archiva Deserialize privilege escalation
18880| [90261] Apache Archiva XML DTD Connection privilege escalation
18881| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
18882| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
18883| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
18884| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
18885| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18886| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18887| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
18888| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
18889| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
18890| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
18891| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
18892| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
18893| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
18894| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
18895| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
18896| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
18897| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
18898| [87765] Apache James Server 2.3.2 Command privilege escalation
18899| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
18900| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
18901| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
18902| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
18903| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
18904| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
18905| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
18906| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
18907| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
18908| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18909| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18910| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
18911| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
18912| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
18913| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18914| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18915| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
18916| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
18917| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
18918| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
18919| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
18920| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
18921| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
18922| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
18923| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
18924| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
18925| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
18926| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
18927| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
18928| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
18929| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
18930| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
18931| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
18932| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
18933| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
18934| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
18935| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
18936| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
18937| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
18938| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
18939| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
18940| [82076] Apache Ranger up to 0.5.1 privilege escalation
18941| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
18942| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
18943| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
18944| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
18945| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
18946| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
18947| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
18948| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
18949| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
18950| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
18951| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
18952| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
18953| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18954| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18955| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
18956| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
18957| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
18958| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
18959| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
18960| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
18961| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
18962| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
18963| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
18964| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
18965| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
18966| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
18967| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
18968| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
18969| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
18970| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
18971| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
18972| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
18973| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
18974| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
18975| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
18976| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
18977| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
18978| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
18979| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
18980| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
18981| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
18982| [79791] Cisco Products Apache Commons Collections Library privilege escalation
18983| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18984| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18985| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
18986| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
18987| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
18988| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
18989| [78989] Apache Ambari up to 2.1.1 Open Redirect
18990| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
18991| [78987] Apache Ambari up to 2.0.x cross site scripting
18992| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
18993| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18994| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18995| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18996| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18997| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18998| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18999| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
19000| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
19001| [77406] Apache Flex BlazeDS AMF Message XML External Entity
19002| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
19003| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
19004| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
19005| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
19006| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
19007| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
19008| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
19009| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
19010| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
19011| [76567] Apache Struts 2.3.20 unknown vulnerability
19012| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
19013| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
19014| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
19015| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
19016| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
19017| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
19018| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
19019| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
19020| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
19021| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
19022| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
19023| [74793] Apache Tomcat File Upload denial of service
19024| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
19025| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
19026| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
19027| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
19028| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
19029| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
19030| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
19031| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
19032| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
19033| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
19034| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
19035| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
19036| [74468] Apache Batik up to 1.6 denial of service
19037| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
19038| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
19039| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
19040| [74174] Apache WSS4J up to 2.0.0 privilege escalation
19041| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
19042| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
19043| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
19044| [73731] Apache XML Security unknown vulnerability
19045| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
19046| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
19047| [73593] Apache Traffic Server up to 5.1.0 denial of service
19048| [73511] Apache POI up to 3.10 Deadlock denial of service
19049| [73510] Apache Solr up to 4.3.0 cross site scripting
19050| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
19051| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
19052| [73173] Apache CloudStack Stack-Based unknown vulnerability
19053| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
19054| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
19055| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
19056| [72890] Apache Qpid 0.30 unknown vulnerability
19057| [72887] Apache Hive 0.13.0 File Permission privilege escalation
19058| [72878] Apache Cordova 3.5.0 cross site request forgery
19059| [72877] Apache Cordova 3.5.0 cross site request forgery
19060| [72876] Apache Cordova 3.5.0 cross site request forgery
19061| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
19062| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
19063| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
19064| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
19065| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
19066| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
19067| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
19068| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
19069| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
19070| [71629] Apache Axis2/C spoofing
19071| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
19072| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
19073| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
19074| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
19075| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
19076| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
19077| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
19078| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
19079| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
19080| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
19081| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
19082| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
19083| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
19084| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
19085| [70809] Apache POI up to 3.11 Crash denial of service
19086| [70808] Apache POI up to 3.10 unknown vulnerability
19087| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
19088| [70749] Apache Axis up to 1.4 getCN spoofing
19089| [70701] Apache Traffic Server up to 3.3.5 denial of service
19090| [70700] Apache OFBiz up to 12.04.03 cross site scripting
19091| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
19092| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
19093| [70661] Apache Subversion up to 1.6.17 denial of service
19094| [70660] Apache Subversion up to 1.6.17 spoofing
19095| [70659] Apache Subversion up to 1.6.17 spoofing
19096| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
19097| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
19098| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
19099| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
19100| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
19101| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
19102| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
19103| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
19104| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
19105| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
19106| [69846] Apache HBase up to 0.94.8 information disclosure
19107| [69783] Apache CouchDB up to 1.2.0 memory corruption
19108| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
19109| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
19110| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
19111| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
19112| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
19113| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
19114| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
19115| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
19116| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
19117| [69431] Apache Archiva up to 1.3.6 cross site scripting
19118| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
19119| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
19120| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
19121| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
19122| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
19123| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
19124| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
19125| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
19126| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
19127| [66739] Apache Camel up to 2.12.2 unknown vulnerability
19128| [66738] Apache Camel up to 2.12.2 unknown vulnerability
19129| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
19130| [66695] Apache CouchDB up to 1.2.0 cross site scripting
19131| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
19132| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
19133| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
19134| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
19135| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
19136| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
19137| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
19138| [66356] Apache Wicket up to 6.8.0 information disclosure
19139| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
19140| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
19141| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
19142| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
19143| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
19144| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
19145| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
19146| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
19147| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
19148| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
19149| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
19150| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
19151| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
19152| [65668] Apache Solr 4.0.0 Updater denial of service
19153| [65665] Apache Solr up to 4.3.0 denial of service
19154| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
19155| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
19156| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
19157| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
19158| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
19159| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
19160| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
19161| [65410] Apache Struts 2.3.15.3 cross site scripting
19162| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
19163| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
19164| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
19165| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
19166| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
19167| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
19168| [65340] Apache Shindig 2.5.0 information disclosure
19169| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
19170| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
19171| [10826] Apache Struts 2 File privilege escalation
19172| [65204] Apache Camel up to 2.10.1 unknown vulnerability
19173| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
19174| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
19175| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
19176| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
19177| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
19178| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
19179| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
19180| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
19181| [64722] Apache XML Security for C++ Heap-based memory corruption
19182| [64719] Apache XML Security for C++ Heap-based memory corruption
19183| [64718] Apache XML Security for C++ verify denial of service
19184| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
19185| [64716] Apache XML Security for C++ spoofing
19186| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
19187| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
19188| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
19189| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
19190| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
19191| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
19192| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
19193| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
19194| [64485] Apache Struts up to 2.2.3.0 privilege escalation
19195| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
19196| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
19197| [64467] Apache Geronimo 3.0 memory corruption
19198| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
19199| [64457] Apache Struts up to 2.2.3.0 cross site scripting
19200| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
19201| [9184] Apache Qpid up to 0.20 SSL misconfiguration
19202| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
19203| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
19204| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
19205| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
19206| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
19207| [8873] Apache Struts 2.3.14 privilege escalation
19208| [8872] Apache Struts 2.3.14 privilege escalation
19209| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
19210| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
19211| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
19212| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
19213| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
19214| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
19215| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
19216| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
19217| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
19218| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
19219| [64006] Apache ActiveMQ up to 5.7.0 denial of service
19220| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
19221| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
19222| [8427] Apache Tomcat Session Transaction weak authentication
19223| [63960] Apache Maven 3.0.4 Default Configuration spoofing
19224| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
19225| [63750] Apache qpid up to 0.20 checkAvailable denial of service
19226| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
19227| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
19228| [63747] Apache Rave up to 0.20 User Account information disclosure
19229| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
19230| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
19231| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
19232| [7687] Apache CXF up to 2.7.2 Token weak authentication
19233| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
19234| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
19235| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
19236| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
19237| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
19238| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
19239| [63090] Apache Tomcat up to 4.1.24 denial of service
19240| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
19241| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
19242| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
19243| [62833] Apache CXF -/2.6.0 spoofing
19244| [62832] Apache Axis2 up to 1.6.2 spoofing
19245| [62831] Apache Axis up to 1.4 Java Message Service spoofing
19246| [62830] Apache Commons-httpclient 3.0 Payments spoofing
19247| [62826] Apache Libcloud up to 0.11.0 spoofing
19248| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
19249| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
19250| [62661] Apache Axis2 unknown vulnerability
19251| [62658] Apache Axis2 unknown vulnerability
19252| [62467] Apache Qpid up to 0.17 denial of service
19253| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
19254| [6301] Apache HTTP Server mod_pagespeed cross site scripting
19255| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
19256| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
19257| [62035] Apache Struts up to 2.3.4 denial of service
19258| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
19259| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
19260| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
19261| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
19262| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
19263| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
19264| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
19265| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
19266| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
19267| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
19268| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
19269| [61229] Apache Sling up to 2.1.1 denial of service
19270| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
19271| [61094] Apache Roller up to 5.0 cross site scripting
19272| [61093] Apache Roller up to 5.0 cross site request forgery
19273| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
19274| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
19275| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
19276| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
19277| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
19278| [60708] Apache Qpid 0.12 unknown vulnerability
19279| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
19280| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
19281| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
19282| [4882] Apache Wicket up to 1.5.4 directory traversal
19283| [4881] Apache Wicket up to 1.4.19 cross site scripting
19284| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
19285| [60352] Apache Struts up to 2.2.3 memory corruption
19286| [60153] Apache Portable Runtime up to 1.4.3 denial of service
19287| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
19288| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
19289| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
19290| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
19291| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
19292| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
19293| [4571] Apache Struts up to 2.3.1.2 privilege escalation
19294| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
19295| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
19296| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
19297| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
19298| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
19299| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
19300| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
19301| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
19302| [59888] Apache Tomcat up to 6.0.6 denial of service
19303| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
19304| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
19305| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
19306| [59850] Apache Geronimo up to 2.2.1 denial of service
19307| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
19308| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
19309| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
19310| [58413] Apache Tomcat up to 6.0.10 spoofing
19311| [58381] Apache Wicket up to 1.4.17 cross site scripting
19312| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
19313| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
19314| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
19315| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
19316| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19317| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
19318| [57568] Apache Archiva up to 1.3.4 cross site scripting
19319| [57567] Apache Archiva up to 1.3.4 cross site request forgery
19320| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
19321| [4355] Apache HTTP Server APR apr_fnmatch denial of service
19322| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
19323| [57425] Apache Struts up to 2.2.1.1 cross site scripting
19324| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
19325| [57025] Apache Tomcat up to 7.0.11 information disclosure
19326| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
19327| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
19328| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19329| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
19330| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
19331| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
19332| [56512] Apache Continuum up to 1.4.0 cross site scripting
19333| [4285] Apache Tomcat 5.x JVM getLocale denial of service
19334| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
19335| [4283] Apache Tomcat 5.x ServletContect privilege escalation
19336| [56441] Apache Tomcat up to 7.0.6 denial of service
19337| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
19338| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
19339| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
19340| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
19341| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
19342| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
19343| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
19344| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
19345| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
19346| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
19347| [54693] Apache Traffic Server DNS Cache unknown vulnerability
19348| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
19349| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
19350| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
19351| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
19352| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
19353| [54012] Apache Tomcat up to 6.0.10 denial of service
19354| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
19355| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
19356| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
19357| [52894] Apache Tomcat up to 6.0.7 information disclosure
19358| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
19359| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
19360| [52786] Apache Open For Business Project up to 09.04 cross site scripting
19361| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
19362| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
19363| [52584] Apache CouchDB up to 0.10.1 information disclosure
19364| [51757] Apache HTTP Server 2.0.44 cross site scripting
19365| [51756] Apache HTTP Server 2.0.44 spoofing
19366| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
19367| [51690] Apache Tomcat up to 6.0 directory traversal
19368| [51689] Apache Tomcat up to 6.0 information disclosure
19369| [51688] Apache Tomcat up to 6.0 directory traversal
19370| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
19371| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
19372| [50626] Apache Solr 1.0.0 cross site scripting
19373| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
19374| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
19375| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
19376| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
19377| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
19378| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
19379| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
19380| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
19381| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
19382| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
19383| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
19384| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
19385| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
19386| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
19387| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
19388| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
19389| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
19390| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
19391| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
19392| [47214] Apachefriends xampp 1.6.8 spoofing
19393| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
19394| [47162] Apachefriends XAMPP 1.4.4 weak authentication
19395| [47065] Apache Tomcat 4.1.23 cross site scripting
19396| [46834] Apache Tomcat up to 5.5.20 cross site scripting
19397| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
19398| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
19399| [86625] Apache Struts directory traversal
19400| [44461] Apache Tomcat up to 5.5.0 information disclosure
19401| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
19402| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
19403| [43663] Apache Tomcat up to 6.0.16 directory traversal
19404| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
19405| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
19406| [43516] Apache Tomcat up to 4.1.20 directory traversal
19407| [43509] Apache Tomcat up to 6.0.13 cross site scripting
19408| [42637] Apache Tomcat up to 6.0.16 cross site scripting
19409| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
19410| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
19411| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
19412| [40924] Apache Tomcat up to 6.0.15 information disclosure
19413| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
19414| [40922] Apache Tomcat up to 6.0 information disclosure
19415| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
19416| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
19417| [40656] Apache Tomcat 5.5.20 information disclosure
19418| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
19419| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
19420| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
19421| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
19422| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
19423| [40234] Apache Tomcat up to 6.0.15 directory traversal
19424| [40221] Apache HTTP Server 2.2.6 information disclosure
19425| [40027] David Castro Apache Authcas 0.4 sql injection
19426| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
19427| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
19428| [3414] Apache Tomcat WebDAV Stored privilege escalation
19429| [39489] Apache Jakarta Slide up to 2.1 directory traversal
19430| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
19431| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
19432| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
19433| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
19434| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
19435| [38524] Apache Geronimo 2.0 unknown vulnerability
19436| [3256] Apache Tomcat up to 6.0.13 cross site scripting
19437| [38331] Apache Tomcat 4.1.24 information disclosure
19438| [38330] Apache Tomcat 4.1.24 information disclosure
19439| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
19440| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
19441| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
19442| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
19443| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
19444| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
19445| [37292] Apache Tomcat up to 5.5.1 cross site scripting
19446| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
19447| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
19448| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
19449| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
19450| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
19451| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
19452| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
19453| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
19454| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
19455| [36225] XAMPP Apache Distribution 1.6.0a sql injection
19456| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
19457| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
19458| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
19459| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
19460| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
19461| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
19462| [34252] Apache HTTP Server denial of service
19463| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
19464| [33877] Apache Opentaps 0.9.3 cross site scripting
19465| [33876] Apache Open For Business Project unknown vulnerability
19466| [33875] Apache Open For Business Project cross site scripting
19467| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
19468| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
19469|
19470| MITRE CVE - https://cve.mitre.org:
19471| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
19472| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
19473| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
19474| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
19475| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
19476| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
19477| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
19478| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
19479| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
19480| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
19481| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
19482| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
19483| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
19484| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
19485| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
19486| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
19487| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
19488| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
19489| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
19490| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
19491| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
19492| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
19493| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
19494| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
19495| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
19496| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
19497| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
19498| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
19499| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
19500| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
19501| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19502| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
19503| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
19504| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
19505| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
19506| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
19507| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
19508| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
19509| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
19510| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
19511| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
19512| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19513| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19514| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19515| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19516| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
19517| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
19518| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
19519| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
19520| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
19521| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
19522| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
19523| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
19524| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
19525| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
19526| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
19527| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
19528| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
19529| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
19530| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
19531| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
19532| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
19533| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
19534| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
19535| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19536| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
19537| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
19538| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
19539| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
19540| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
19541| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
19542| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
19543| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
19544| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
19545| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
19546| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
19547| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
19548| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
19549| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
19550| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
19551| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
19552| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
19553| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
19554| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
19555| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
19556| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
19557| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
19558| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
19559| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
19560| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
19561| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
19562| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
19563| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
19564| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
19565| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
19566| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
19567| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
19568| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
19569| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
19570| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
19571| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
19572| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
19573| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
19574| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
19575| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
19576| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
19577| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
19578| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
19579| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
19580| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
19581| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
19582| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
19583| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
19584| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
19585| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
19586| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
19587| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
19588| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
19589| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
19590| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
19591| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
19592| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
19593| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
19594| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
19595| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19596| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19597| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
19598| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
19599| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
19600| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
19601| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
19602| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
19603| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
19604| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
19605| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
19606| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
19607| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
19608| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
19609| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
19610| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
19611| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
19612| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
19613| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
19614| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
19615| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
19616| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
19617| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
19618| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
19619| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
19620| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
19621| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
19622| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
19623| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
19624| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
19625| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
19626| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
19627| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
19628| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
19629| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
19630| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
19631| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
19632| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
19633| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
19634| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19635| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
19636| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
19637| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
19638| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
19639| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
19640| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
19641| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
19642| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
19643| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
19644| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
19645| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
19646| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
19647| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
19648| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
19649| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
19650| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19651| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
19652| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
19653| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
19654| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
19655| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
19656| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
19657| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
19658| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
19659| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
19660| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
19661| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
19662| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
19663| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
19664| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
19665| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
19666| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
19667| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
19668| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
19669| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
19670| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
19671| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
19672| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
19673| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
19674| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
19675| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
19676| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
19677| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
19678| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
19679| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
19680| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
19681| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
19682| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
19683| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
19684| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
19685| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
19686| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
19687| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
19688| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
19689| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
19690| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
19691| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19692| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
19693| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
19694| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
19695| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
19696| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
19697| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
19698| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
19699| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
19700| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
19701| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
19702| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
19703| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
19704| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
19705| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
19706| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
19707| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
19708| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
19709| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
19710| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
19711| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
19712| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
19713| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
19714| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
19715| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
19716| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
19717| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
19718| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
19719| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
19720| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
19721| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
19722| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
19723| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
19724| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
19725| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
19726| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
19727| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
19728| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
19729| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
19730| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
19731| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
19732| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
19733| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
19734| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
19735| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
19736| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
19737| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
19738| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
19739| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
19740| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19741| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
19742| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
19743| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
19744| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
19745| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
19746| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
19747| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
19748| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
19749| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
19750| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
19751| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
19752| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
19753| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
19754| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
19755| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
19756| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
19757| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
19758| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
19759| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
19760| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
19761| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
19762| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
19763| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
19764| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19765| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19766| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
19767| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
19768| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
19769| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
19770| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
19771| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
19772| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
19773| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
19774| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
19775| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
19776| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19777| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19778| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
19779| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
19780| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
19781| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19782| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
19783| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
19784| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
19785| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
19786| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
19787| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
19788| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
19789| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
19790| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19791| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
19792| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
19793| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
19794| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
19795| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
19796| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
19797| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
19798| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
19799| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
19800| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
19801| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
19802| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
19803| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
19804| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
19805| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
19806| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
19807| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
19808| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
19809| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
19810| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
19811| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
19812| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
19813| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
19814| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
19815| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
19816| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
19817| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
19818| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19819| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19820| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
19821| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
19822| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
19823| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19824| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
19825| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
19826| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
19827| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
19828| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
19829| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
19830| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
19831| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
19832| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
19833| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
19834| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
19835| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
19836| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
19837| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19838| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19839| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
19840| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
19841| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
19842| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
19843| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
19844| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
19845| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
19846| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19847| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
19848| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19849| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
19850| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
19851| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
19852| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19853| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
19854| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19855| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
19856| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
19857| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19858| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
19859| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
19860| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
19861| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
19862| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
19863| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
19864| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
19865| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
19866| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19867| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
19868| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
19869| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
19870| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
19871| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
19872| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
19873| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
19874| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
19875| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
19876| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
19877| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
19878| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
19879| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
19880| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
19881| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
19882| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
19883| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
19884| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
19885| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
19886| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
19887| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
19888| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19889| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19890| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
19891| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
19892| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
19893| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
19894| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
19895| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
19896| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
19897| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
19898| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
19899| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
19900| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
19901| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
19902| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
19903| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
19904| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
19905| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
19906| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
19907| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
19908| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
19909| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
19910| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
19911| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
19912| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
19913| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19914| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19915| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
19916| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
19917| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
19918| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
19919| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
19920| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
19921| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
19922| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
19923| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
19924| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
19925| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
19926| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
19927| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
19928| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
19929| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
19930| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
19931| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19932| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19933| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
19934| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
19935| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
19936| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
19937| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
19938| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
19939| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
19940| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
19941| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
19942| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
19943| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
19944| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
19945| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
19946| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
19947| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
19948| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
19949| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
19950| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
19951| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
19952| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
19953| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
19954| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
19955| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
19956| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
19957| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
19958| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19959| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19960| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
19961| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
19962| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
19963| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
19964| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
19965| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
19966| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
19967| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
19968| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
19969| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
19970| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
19971| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
19972| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
19973| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
19974| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
19975| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
19976| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
19977| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
19978| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
19979| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
19980| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
19981| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
19982| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
19983| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
19984| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
19985| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
19986| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
19987| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
19988| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
19989| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
19990| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
19991| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
19992| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
19993| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
19994| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
19995| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
19996| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
19997| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
19998| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
19999| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
20000| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
20001| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
20002| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
20003| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
20004| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
20005| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
20006| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
20007| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
20008| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
20009| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
20010| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
20011| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
20012| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
20013| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
20014| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
20015| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
20016| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
20017| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
20018| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
20019| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
20020| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
20021| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
20022| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
20023| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
20024| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
20025| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
20026| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
20027| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
20028| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
20029| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
20030| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
20031| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
20032| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
20033| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
20034| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
20035| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
20036| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
20037| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
20038| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
20039| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
20040| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
20041| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
20042| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
20043| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
20044| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
20045| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
20046| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
20047| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
20048| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
20049| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
20050| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
20051| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
20052| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
20053| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
20054| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
20055| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
20056| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
20057| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
20058| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
20059| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
20060| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
20061| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
20062| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
20063| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
20064| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
20065| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
20066| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
20067| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
20068| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
20069| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
20070| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
20071| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
20072| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
20073| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
20074| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
20075| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
20076| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
20077| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
20078| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
20079| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
20080|
20081| SecurityFocus - https://www.securityfocus.com/bid/:
20082| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
20083| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
20084| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
20085| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
20086| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
20087| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
20088| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
20089| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
20090| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
20091| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
20092| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
20093| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
20094| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
20095| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
20096| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
20097| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
20098| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
20099| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
20100| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
20101| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
20102| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
20103| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
20104| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
20105| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
20106| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
20107| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
20108| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
20109| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
20110| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
20111| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
20112| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
20113| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
20114| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
20115| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
20116| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
20117| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
20118| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
20119| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
20120| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
20121| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
20122| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
20123| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
20124| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
20125| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
20126| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
20127| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
20128| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
20129| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
20130| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
20131| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
20132| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
20133| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
20134| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
20135| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
20136| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
20137| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
20138| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
20139| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
20140| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
20141| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
20142| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
20143| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
20144| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
20145| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
20146| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
20147| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
20148| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
20149| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
20150| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
20151| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
20152| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
20153| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
20154| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
20155| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
20156| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
20157| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
20158| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
20159| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
20160| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
20161| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
20162| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
20163| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
20164| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
20165| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
20166| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
20167| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
20168| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
20169| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
20170| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
20171| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
20172| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
20173| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
20174| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
20175| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
20176| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
20177| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
20178| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
20179| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
20180| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
20181| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
20182| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
20183| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
20184| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
20185| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
20186| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
20187| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
20188| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
20189| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
20190| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
20191| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
20192| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
20193| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
20194| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
20195| [100447] Apache2Triad Multiple Security Vulnerabilities
20196| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
20197| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
20198| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
20199| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
20200| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
20201| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
20202| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
20203| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
20204| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
20205| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
20206| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
20207| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
20208| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
20209| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
20210| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
20211| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
20212| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
20213| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
20214| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
20215| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
20216| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
20217| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
20218| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
20219| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
20220| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
20221| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
20222| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
20223| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
20224| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
20225| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
20226| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
20227| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
20228| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
20229| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
20230| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
20231| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
20232| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
20233| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
20234| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
20235| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
20236| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
20237| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
20238| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
20239| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
20240| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
20241| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
20242| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
20243| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
20244| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
20245| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
20246| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
20247| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
20248| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
20249| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
20250| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
20251| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
20252| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
20253| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
20254| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
20255| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
20256| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
20257| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
20258| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
20259| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
20260| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
20261| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
20262| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
20263| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
20264| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
20265| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
20266| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
20267| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
20268| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
20269| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
20270| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
20271| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
20272| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
20273| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
20274| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
20275| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
20276| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
20277| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
20278| [95675] Apache Struts Remote Code Execution Vulnerability
20279| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
20280| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
20281| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
20282| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
20283| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
20284| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
20285| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
20286| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
20287| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
20288| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
20289| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
20290| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
20291| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
20292| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
20293| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
20294| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
20295| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
20296| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
20297| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
20298| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
20299| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
20300| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
20301| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
20302| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
20303| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
20304| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
20305| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
20306| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
20307| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
20308| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
20309| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
20310| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
20311| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
20312| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
20313| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
20314| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
20315| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
20316| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
20317| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
20318| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
20319| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
20320| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
20321| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
20322| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
20323| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
20324| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
20325| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
20326| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
20327| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
20328| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
20329| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
20330| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
20331| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
20332| [91736] Apache XML-RPC Multiple Security Vulnerabilities
20333| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
20334| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
20335| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
20336| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
20337| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
20338| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
20339| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
20340| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
20341| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
20342| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
20343| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
20344| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
20345| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
20346| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
20347| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
20348| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
20349| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
20350| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
20351| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
20352| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
20353| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
20354| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
20355| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
20356| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
20357| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
20358| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
20359| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
20360| [90482] Apache CVE-2004-1387 Local Security Vulnerability
20361| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
20362| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
20363| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
20364| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
20365| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
20366| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
20367| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
20368| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
20369| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
20370| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
20371| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
20372| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
20373| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
20374| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
20375| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
20376| [86399] Apache CVE-2007-1743 Local Security Vulnerability
20377| [86397] Apache CVE-2007-1742 Local Security Vulnerability
20378| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
20379| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
20380| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
20381| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
20382| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
20383| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
20384| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
20385| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
20386| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
20387| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
20388| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
20389| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
20390| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
20391| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
20392| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
20393| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
20394| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
20395| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
20396| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
20397| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
20398| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
20399| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
20400| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
20401| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
20402| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
20403| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
20404| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
20405| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
20406| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
20407| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
20408| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
20409| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
20410| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
20411| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
20412| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
20413| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
20414| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
20415| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
20416| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
20417| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
20418| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
20419| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
20420| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
20421| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
20422| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
20423| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
20424| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
20425| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
20426| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
20427| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
20428| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
20429| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
20430| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
20431| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
20432| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
20433| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
20434| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
20435| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
20436| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
20437| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
20438| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
20439| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
20440| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
20441| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
20442| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
20443| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
20444| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
20445| [76933] Apache James Server Unspecified Command Execution Vulnerability
20446| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
20447| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
20448| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
20449| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
20450| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
20451| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
20452| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
20453| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
20454| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
20455| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
20456| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
20457| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
20458| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
20459| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
20460| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
20461| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
20462| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
20463| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
20464| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
20465| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
20466| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
20467| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
20468| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
20469| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
20470| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
20471| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
20472| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
20473| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
20474| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
20475| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
20476| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
20477| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
20478| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
20479| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
20480| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
20481| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
20482| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
20483| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
20484| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
20485| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
20486| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
20487| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
20488| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
20489| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
20490| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
20491| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
20492| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
20493| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
20494| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
20495| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
20496| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
20497| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
20498| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
20499| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
20500| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
20501| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
20502| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
20503| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
20504| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
20505| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
20506| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
20507| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
20508| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
20509| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
20510| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
20511| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
20512| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
20513| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
20514| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
20515| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
20516| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
20517| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
20518| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
20519| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
20520| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
20521| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
20522| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
20523| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
20524| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
20525| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
20526| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
20527| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
20528| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
20529| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
20530| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
20531| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
20532| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
20533| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
20534| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
20535| [68229] Apache Harmony PRNG Entropy Weakness
20536| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
20537| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
20538| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
20539| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
20540| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
20541| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
20542| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
20543| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
20544| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
20545| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
20546| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
20547| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
20548| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
20549| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
20550| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
20551| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
20552| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
20553| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
20554| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
20555| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
20556| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
20557| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
20558| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
20559| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
20560| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
20561| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
20562| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
20563| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
20564| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
20565| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
20566| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
20567| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
20568| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
20569| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
20570| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
20571| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
20572| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
20573| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
20574| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
20575| [64780] Apache CloudStack Unauthorized Access Vulnerability
20576| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
20577| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
20578| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
20579| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
20580| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
20581| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
20582| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
20583| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
20584| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
20585| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
20586| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
20587| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20588| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
20589| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
20590| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
20591| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
20592| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
20593| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
20594| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
20595| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
20596| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
20597| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
20598| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
20599| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
20600| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
20601| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
20602| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
20603| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
20604| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
20605| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
20606| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
20607| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
20608| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
20609| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
20610| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
20611| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
20612| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
20613| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
20614| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
20615| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
20616| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
20617| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
20618| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
20619| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
20620| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
20621| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
20622| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
20623| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
20624| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
20625| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
20626| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
20627| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
20628| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
20629| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
20630| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
20631| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
20632| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
20633| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
20634| [59670] Apache VCL Multiple Input Validation Vulnerabilities
20635| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
20636| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
20637| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
20638| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
20639| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
20640| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
20641| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
20642| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
20643| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
20644| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
20645| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
20646| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
20647| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
20648| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
20649| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
20650| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
20651| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
20652| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
20653| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
20654| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
20655| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
20656| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
20657| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
20658| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
20659| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
20660| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
20661| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
20662| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
20663| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
20664| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
20665| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
20666| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
20667| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
20668| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
20669| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
20670| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
20671| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
20672| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
20673| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
20674| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
20675| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
20676| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
20677| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
20678| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
20679| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
20680| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
20681| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
20682| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
20683| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
20684| [54798] Apache Libcloud Man In The Middle Vulnerability
20685| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
20686| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
20687| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
20688| [54189] Apache Roller Cross Site Request Forgery Vulnerability
20689| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
20690| [53880] Apache CXF Child Policies Security Bypass Vulnerability
20691| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
20692| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
20693| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
20694| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
20695| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
20696| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
20697| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
20698| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
20699| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
20700| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
20701| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
20702| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
20703| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
20704| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
20705| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
20706| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
20707| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
20708| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
20709| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
20710| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
20711| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20712| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
20713| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
20714| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
20715| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
20716| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
20717| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
20718| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
20719| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
20720| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
20721| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
20722| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
20723| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
20724| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
20725| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20726| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
20727| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
20728| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
20729| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
20730| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
20731| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
20732| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
20733| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
20734| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
20735| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
20736| [49290] Apache Wicket Cross Site Scripting Vulnerability
20737| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
20738| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
20739| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
20740| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
20741| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
20742| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
20743| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
20744| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20745| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
20746| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
20747| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
20748| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
20749| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
20750| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
20751| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
20752| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
20753| [46953] Apache MPM-ITK Module Security Weakness
20754| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
20755| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
20756| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
20757| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
20758| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
20759| [46166] Apache Tomcat JVM Denial of Service Vulnerability
20760| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
20761| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
20762| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
20763| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
20764| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
20765| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
20766| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
20767| [44616] Apache Shiro Directory Traversal Vulnerability
20768| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
20769| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
20770| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
20771| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
20772| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
20773| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
20774| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
20775| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
20776| [42492] Apache CXF XML DTD Processing Security Vulnerability
20777| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
20778| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
20779| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
20780| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
20781| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
20782| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
20783| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
20784| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
20785| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
20786| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
20787| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
20788| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
20789| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
20790| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20791| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
20792| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
20793| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
20794| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
20795| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
20796| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
20797| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
20798| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
20799| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
20800| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
20801| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
20802| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
20803| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
20804| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
20805| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
20806| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
20807| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
20808| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
20809| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
20810| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
20811| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
20812| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20813| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
20814| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
20815| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
20816| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
20817| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
20818| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
20819| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20820| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
20821| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
20822| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
20823| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
20824| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
20825| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
20826| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
20827| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
20828| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
20829| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
20830| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
20831| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
20832| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
20833| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
20834| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
20835| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
20836| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
20837| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20838| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
20839| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
20840| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
20841| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
20842| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
20843| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
20844| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
20845| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
20846| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
20847| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
20848| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
20849| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
20850| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
20851| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
20852| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
20853| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
20854| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
20855| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
20856| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
20857| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
20858| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
20859| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
20860| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
20861| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
20862| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
20863| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
20864| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
20865| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
20866| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
20867| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
20868| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
20869| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
20870| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
20871| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
20872| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
20873| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
20874| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
20875| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
20876| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
20877| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
20878| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
20879| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
20880| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
20881| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
20882| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
20883| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
20884| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
20885| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
20886| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
20887| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
20888| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
20889| [20527] Apache Mod_TCL Remote Format String Vulnerability
20890| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
20891| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
20892| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
20893| [19106] Apache Tomcat Information Disclosure Vulnerability
20894| [18138] Apache James SMTP Denial Of Service Vulnerability
20895| [17342] Apache Struts Multiple Remote Vulnerabilities
20896| [17095] Apache Log4Net Denial Of Service Vulnerability
20897| [16916] Apache mod_python FileSession Code Execution Vulnerability
20898| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
20899| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
20900| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
20901| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
20902| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
20903| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
20904| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
20905| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
20906| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
20907| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
20908| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
20909| [15177] PHP Apache 2 Local Denial of Service Vulnerability
20910| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
20911| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
20912| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
20913| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
20914| [14106] Apache HTTP Request Smuggling Vulnerability
20915| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
20916| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
20917| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
20918| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
20919| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
20920| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
20921| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
20922| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
20923| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
20924| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
20925| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
20926| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
20927| [11471] Apache mod_include Local Buffer Overflow Vulnerability
20928| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
20929| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
20930| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
20931| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
20932| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
20933| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
20934| [11094] Apache mod_ssl Denial Of Service Vulnerability
20935| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
20936| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
20937| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
20938| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
20939| [10478] ClueCentral Apache Suexec Patch Security Weakness
20940| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
20941| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
20942| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
20943| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
20944| [9921] Apache Connection Blocking Denial Of Service Vulnerability
20945| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
20946| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
20947| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
20948| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
20949| [9733] Apache Cygwin Directory Traversal Vulnerability
20950| [9599] Apache mod_php Global Variables Information Disclosure Weakness
20951| [9590] Apache-SSL Client Certificate Forging Vulnerability
20952| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
20953| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
20954| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
20955| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
20956| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
20957| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
20958| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
20959| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
20960| [8898] Red Hat Apache Directory Index Default Configuration Error
20961| [8883] Apache Cocoon Directory Traversal Vulnerability
20962| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
20963| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
20964| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
20965| [8707] Apache htpasswd Password Entropy Weakness
20966| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
20967| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
20968| [8226] Apache HTTP Server Multiple Vulnerabilities
20969| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
20970| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
20971| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
20972| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
20973| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
20974| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
20975| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
20976| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
20977| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
20978| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
20979| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
20980| [7255] Apache Web Server File Descriptor Leakage Vulnerability
20981| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
20982| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
20983| [6939] Apache Web Server ETag Header Information Disclosure Weakness
20984| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
20985| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
20986| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
20987| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
20988| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
20989| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
20990| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
20991| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
20992| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
20993| [6117] Apache mod_php File Descriptor Leakage Vulnerability
20994| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
20995| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
20996| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
20997| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
20998| [5992] Apache HTDigest Insecure Temporary File Vulnerability
20999| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
21000| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
21001| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
21002| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
21003| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
21004| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
21005| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
21006| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
21007| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
21008| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
21009| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
21010| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
21011| [5485] Apache 2.0 Path Disclosure Vulnerability
21012| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
21013| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
21014| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
21015| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
21016| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
21017| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
21018| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
21019| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
21020| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
21021| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
21022| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
21023| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
21024| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
21025| [4437] Apache Error Message Cross-Site Scripting Vulnerability
21026| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
21027| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
21028| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
21029| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
21030| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
21031| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
21032| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
21033| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
21034| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
21035| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
21036| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
21037| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
21038| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
21039| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
21040| [3596] Apache Split-Logfile File Append Vulnerability
21041| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
21042| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
21043| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
21044| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
21045| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
21046| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
21047| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
21048| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
21049| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
21050| [3169] Apache Server Address Disclosure Vulnerability
21051| [3009] Apache Possible Directory Index Disclosure Vulnerability
21052| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
21053| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
21054| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
21055| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
21056| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
21057| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
21058| [2216] Apache Web Server DoS Vulnerability
21059| [2182] Apache /tmp File Race Vulnerability
21060| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
21061| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
21062| [1821] Apache mod_cookies Buffer Overflow Vulnerability
21063| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
21064| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
21065| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
21066| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
21067| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
21068| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
21069| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
21070| [1457] Apache::ASP source.asp Example Script Vulnerability
21071| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
21072| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
21073|
21074| IBM X-Force - https://exchange.xforce.ibmcloud.com:
21075| [86258] Apache CloudStack text fields cross-site scripting
21076| [85983] Apache Subversion mod_dav_svn module denial of service
21077| [85875] Apache OFBiz UEL code execution
21078| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
21079| [85871] Apache HTTP Server mod_session_dbd unspecified
21080| [85756] Apache Struts OGNL expression command execution
21081| [85755] Apache Struts DefaultActionMapper class open redirect
21082| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
21083| [85574] Apache HTTP Server mod_dav denial of service
21084| [85573] Apache Struts Showcase App OGNL code execution
21085| [85496] Apache CXF denial of service
21086| [85423] Apache Geronimo RMI classloader code execution
21087| [85326] Apache Santuario XML Security for C++ buffer overflow
21088| [85323] Apache Santuario XML Security for Java spoofing
21089| [85319] Apache Qpid Python client SSL spoofing
21090| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
21091| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
21092| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
21093| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
21094| [84952] Apache Tomcat CVE-2012-3544 denial of service
21095| [84763] Apache Struts CVE-2013-2135 security bypass
21096| [84762] Apache Struts CVE-2013-2134 security bypass
21097| [84719] Apache Subversion CVE-2013-2088 command execution
21098| [84718] Apache Subversion CVE-2013-2112 denial of service
21099| [84717] Apache Subversion CVE-2013-1968 denial of service
21100| [84577] Apache Tomcat security bypass
21101| [84576] Apache Tomcat symlink
21102| [84543] Apache Struts CVE-2013-2115 security bypass
21103| [84542] Apache Struts CVE-2013-1966 security bypass
21104| [84154] Apache Tomcat session hijacking
21105| [84144] Apache Tomcat denial of service
21106| [84143] Apache Tomcat information disclosure
21107| [84111] Apache HTTP Server command execution
21108| [84043] Apache Virtual Computing Lab cross-site scripting
21109| [84042] Apache Virtual Computing Lab cross-site scripting
21110| [83782] Apache CloudStack information disclosure
21111| [83781] Apache CloudStack security bypass
21112| [83720] Apache ActiveMQ cross-site scripting
21113| [83719] Apache ActiveMQ denial of service
21114| [83718] Apache ActiveMQ denial of service
21115| [83263] Apache Subversion denial of service
21116| [83262] Apache Subversion denial of service
21117| [83261] Apache Subversion denial of service
21118| [83259] Apache Subversion denial of service
21119| [83035] Apache mod_ruid2 security bypass
21120| [82852] Apache Qpid federation_tag security bypass
21121| [82851] Apache Qpid qpid::framing::Buffer denial of service
21122| [82758] Apache Rave User RPC API information disclosure
21123| [82663] Apache Subversion svn_fs_file_length() denial of service
21124| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
21125| [82641] Apache Qpid AMQP denial of service
21126| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
21127| [82618] Apache Commons FileUpload symlink
21128| [82360] Apache HTTP Server manager interface cross-site scripting
21129| [82359] Apache HTTP Server hostnames cross-site scripting
21130| [82338] Apache Tomcat log/logdir information disclosure
21131| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
21132| [82268] Apache OpenJPA deserialization command execution
21133| [81981] Apache CXF UsernameTokens security bypass
21134| [81980] Apache CXF WS-Security security bypass
21135| [81398] Apache OFBiz cross-site scripting
21136| [81240] Apache CouchDB directory traversal
21137| [81226] Apache CouchDB JSONP code execution
21138| [81225] Apache CouchDB Futon user interface cross-site scripting
21139| [81211] Apache Axis2/C SSL spoofing
21140| [81167] Apache CloudStack DeployVM information disclosure
21141| [81166] Apache CloudStack AddHost API information disclosure
21142| [81165] Apache CloudStack createSSHKeyPair API information disclosure
21143| [80518] Apache Tomcat cross-site request forgery security bypass
21144| [80517] Apache Tomcat FormAuthenticator security bypass
21145| [80516] Apache Tomcat NIO denial of service
21146| [80408] Apache Tomcat replay-countermeasure security bypass
21147| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
21148| [80317] Apache Tomcat slowloris denial of service
21149| [79984] Apache Commons HttpClient SSL spoofing
21150| [79983] Apache CXF SSL spoofing
21151| [79830] Apache Axis2/Java SSL spoofing
21152| [79829] Apache Axis SSL spoofing
21153| [79809] Apache Tomcat DIGEST security bypass
21154| [79806] Apache Tomcat parseHeaders() denial of service
21155| [79540] Apache OFBiz unspecified
21156| [79487] Apache Axis2 SAML security bypass
21157| [79212] Apache Cloudstack code execution
21158| [78734] Apache CXF SOAP Action security bypass
21159| [78730] Apache Qpid broker denial of service
21160| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
21161| [78563] Apache mod_pagespeed module unspecified cross-site scripting
21162| [78562] Apache mod_pagespeed module security bypass
21163| [78454] Apache Axis2 security bypass
21164| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
21165| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
21166| [78321] Apache Wicket unspecified cross-site scripting
21167| [78183] Apache Struts parameters denial of service
21168| [78182] Apache Struts cross-site request forgery
21169| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
21170| [77987] mod_rpaf module for Apache denial of service
21171| [77958] Apache Struts skill name code execution
21172| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
21173| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
21174| [77568] Apache Qpid broker security bypass
21175| [77421] Apache Libcloud spoofing
21176| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
21177| [77046] Oracle Solaris Apache HTTP Server information disclosure
21178| [76837] Apache Hadoop information disclosure
21179| [76802] Apache Sling CopyFrom denial of service
21180| [76692] Apache Hadoop symlink
21181| [76535] Apache Roller console cross-site request forgery
21182| [76534] Apache Roller weblog cross-site scripting
21183| [76152] Apache CXF elements security bypass
21184| [76151] Apache CXF child policies security bypass
21185| [75983] MapServer for Windows Apache file include
21186| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
21187| [75558] Apache POI denial of service
21188| [75545] PHP apache_request_headers() buffer overflow
21189| [75302] Apache Qpid SASL security bypass
21190| [75211] Debian GNU/Linux apache 2 cross-site scripting
21191| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
21192| [74871] Apache OFBiz FlexibleStringExpander code execution
21193| [74870] Apache OFBiz multiple cross-site scripting
21194| [74750] Apache Hadoop unspecified spoofing
21195| [74319] Apache Struts XSLTResult.java file upload
21196| [74313] Apache Traffic Server header buffer overflow
21197| [74276] Apache Wicket directory traversal
21198| [74273] Apache Wicket unspecified cross-site scripting
21199| [74181] Apache HTTP Server mod_fcgid module denial of service
21200| [73690] Apache Struts OGNL code execution
21201| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
21202| [73100] Apache MyFaces in directory traversal
21203| [73096] Apache APR hash denial of service
21204| [73052] Apache Struts name cross-site scripting
21205| [73030] Apache CXF UsernameToken security bypass
21206| [72888] Apache Struts lastName cross-site scripting
21207| [72758] Apache HTTP Server httpOnly information disclosure
21208| [72757] Apache HTTP Server MPM denial of service
21209| [72585] Apache Struts ParameterInterceptor security bypass
21210| [72438] Apache Tomcat Digest security bypass
21211| [72437] Apache Tomcat Digest security bypass
21212| [72436] Apache Tomcat DIGEST security bypass
21213| [72425] Apache Tomcat parameter denial of service
21214| [72422] Apache Tomcat request object information disclosure
21215| [72377] Apache HTTP Server scoreboard security bypass
21216| [72345] Apache HTTP Server HTTP request denial of service
21217| [72229] Apache Struts ExceptionDelegator command execution
21218| [72089] Apache Struts ParameterInterceptor directory traversal
21219| [72088] Apache Struts CookieInterceptor command execution
21220| [72047] Apache Geronimo hash denial of service
21221| [72016] Apache Tomcat hash denial of service
21222| [71711] Apache Struts OGNL expression code execution
21223| [71654] Apache Struts interfaces security bypass
21224| [71620] Apache ActiveMQ failover denial of service
21225| [71617] Apache HTTP Server mod_proxy module information disclosure
21226| [71508] Apache MyFaces EL security bypass
21227| [71445] Apache HTTP Server mod_proxy security bypass
21228| [71203] Apache Tomcat servlets privilege escalation
21229| [71181] Apache HTTP Server ap_pregsub() denial of service
21230| [71093] Apache HTTP Server ap_pregsub() buffer overflow
21231| [70336] Apache HTTP Server mod_proxy information disclosure
21232| [69804] Apache HTTP Server mod_proxy_ajp denial of service
21233| [69472] Apache Tomcat AJP security bypass
21234| [69396] Apache HTTP Server ByteRange filter denial of service
21235| [69394] Apache Wicket multi window support cross-site scripting
21236| [69176] Apache Tomcat XML information disclosure
21237| [69161] Apache Tomcat jsvc information disclosure
21238| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
21239| [68541] Apache Tomcat sendfile information disclosure
21240| [68420] Apache XML Security denial of service
21241| [68238] Apache Tomcat JMX information disclosure
21242| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
21243| [67804] Apache Subversion control rules information disclosure
21244| [67803] Apache Subversion control rules denial of service
21245| [67802] Apache Subversion baselined denial of service
21246| [67672] Apache Archiva multiple cross-site scripting
21247| [67671] Apache Archiva multiple cross-site request forgery
21248| [67564] Apache APR apr_fnmatch() denial of service
21249| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
21250| [67515] Apache Tomcat annotations security bypass
21251| [67480] Apache Struts s:submit information disclosure
21252| [67414] Apache APR apr_fnmatch() denial of service
21253| [67356] Apache Struts javatemplates cross-site scripting
21254| [67354] Apache Struts Xwork cross-site scripting
21255| [66676] Apache Tomcat HTTP BIO information disclosure
21256| [66675] Apache Tomcat web.xml security bypass
21257| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
21258| [66241] Apache HttpComponents information disclosure
21259| [66154] Apache Tomcat ServletSecurity security bypass
21260| [65971] Apache Tomcat ServletSecurity security bypass
21261| [65876] Apache Subversion mod_dav_svn denial of service
21262| [65343] Apache Continuum unspecified cross-site scripting
21263| [65162] Apache Tomcat NIO connector denial of service
21264| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
21265| [65160] Apache Tomcat HTML Manager interface cross-site scripting
21266| [65159] Apache Tomcat ServletContect security bypass
21267| [65050] Apache CouchDB web-based administration UI cross-site scripting
21268| [64773] Oracle HTTP Server Apache Plugin unauthorized access
21269| [64473] Apache Subversion blame -g denial of service
21270| [64472] Apache Subversion walk() denial of service
21271| [64407] Apache Axis2 CVE-2010-0219 code execution
21272| [63926] Apache Archiva password privilege escalation
21273| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
21274| [63493] Apache Archiva credentials cross-site request forgery
21275| [63477] Apache Tomcat HttpOnly session hijacking
21276| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
21277| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
21278| [62959] Apache Shiro filters security bypass
21279| [62790] Apache Perl cgi module denial of service
21280| [62576] Apache Qpid exchange denial of service
21281| [62575] Apache Qpid AMQP denial of service
21282| [62354] Apache Qpid SSL denial of service
21283| [62235] Apache APR-util apr_brigade_split_line() denial of service
21284| [62181] Apache XML-RPC SAX Parser information disclosure
21285| [61721] Apache Traffic Server cache poisoning
21286| [61202] Apache Derby BUILTIN authentication functionality information disclosure
21287| [61186] Apache CouchDB Futon cross-site request forgery
21288| [61169] Apache CXF DTD denial of service
21289| [61070] Apache Jackrabbit search.jsp SQL injection
21290| [61006] Apache SLMS Quoting cross-site request forgery
21291| [60962] Apache Tomcat time cross-site scripting
21292| [60883] Apache mod_proxy_http information disclosure
21293| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
21294| [60264] Apache Tomcat Transfer-Encoding denial of service
21295| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
21296| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
21297| [59413] Apache mod_proxy_http timeout information disclosure
21298| [59058] Apache MyFaces unencrypted view state cross-site scripting
21299| [58827] Apache Axis2 xsd file include
21300| [58790] Apache Axis2 modules cross-site scripting
21301| [58299] Apache ActiveMQ queueBrowse cross-site scripting
21302| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
21303| [58056] Apache ActiveMQ .jsp source code disclosure
21304| [58055] Apache Tomcat realm name information disclosure
21305| [58046] Apache HTTP Server mod_auth_shadow security bypass
21306| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
21307| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
21308| [57429] Apache CouchDB algorithms information disclosure
21309| [57398] Apache ActiveMQ Web console cross-site request forgery
21310| [57397] Apache ActiveMQ createDestination.action cross-site scripting
21311| [56653] Apache HTTP Server DNS spoofing
21312| [56652] Apache HTTP Server DNS cross-site scripting
21313| [56625] Apache HTTP Server request header information disclosure
21314| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
21315| [56623] Apache HTTP Server mod_proxy_ajp denial of service
21316| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
21317| [55857] Apache Tomcat WAR files directory traversal
21318| [55856] Apache Tomcat autoDeploy attribute security bypass
21319| [55855] Apache Tomcat WAR directory traversal
21320| [55210] Intuit component for Joomla! Apache information disclosure
21321| [54533] Apache Tomcat 404 error page cross-site scripting
21322| [54182] Apache Tomcat admin default password
21323| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
21324| [53666] Apache HTTP Server Solaris pollset support denial of service
21325| [53650] Apache HTTP Server HTTP basic-auth module security bypass
21326| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
21327| [53041] mod_proxy_ftp module for Apache denial of service
21328| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
21329| [51953] Apache Tomcat Path Disclosure
21330| [51952] Apache Tomcat Path Traversal
21331| [51951] Apache stronghold-status Information Disclosure
21332| [51950] Apache stronghold-info Information Disclosure
21333| [51949] Apache PHP Source Code Disclosure
21334| [51948] Apache Multiviews Attack
21335| [51946] Apache JServ Environment Status Information Disclosure
21336| [51945] Apache error_log Information Disclosure
21337| [51944] Apache Default Installation Page Pattern Found
21338| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
21339| [51942] Apache AXIS XML External Entity File Retrieval
21340| [51941] Apache AXIS Sample Servlet Information Leak
21341| [51940] Apache access_log Information Disclosure
21342| [51626] Apache mod_deflate denial of service
21343| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
21344| [51365] Apache Tomcat RequestDispatcher security bypass
21345| [51273] Apache HTTP Server Incomplete Request denial of service
21346| [51195] Apache Tomcat XML information disclosure
21347| [50994] Apache APR-util xml/apr_xml.c denial of service
21348| [50993] Apache APR-util apr_brigade_vprintf denial of service
21349| [50964] Apache APR-util apr_strmatch_precompile() denial of service
21350| [50930] Apache Tomcat j_security_check information disclosure
21351| [50928] Apache Tomcat AJP denial of service
21352| [50884] Apache HTTP Server XML ENTITY denial of service
21353| [50808] Apache HTTP Server AllowOverride privilege escalation
21354| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
21355| [50059] Apache mod_proxy_ajp information disclosure
21356| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
21357| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
21358| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
21359| [49921] Apache ActiveMQ Web interface cross-site scripting
21360| [49898] Apache Geronimo Services/Repository directory traversal
21361| [49725] Apache Tomcat mod_jk module information disclosure
21362| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
21363| [49712] Apache Struts unspecified cross-site scripting
21364| [49213] Apache Tomcat cal2.jsp cross-site scripting
21365| [48934] Apache Tomcat POST doRead method information disclosure
21366| [48211] Apache Tomcat header HTTP request smuggling
21367| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
21368| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
21369| [47709] Apache Roller "
21370| [47104] Novell Netware ApacheAdmin console security bypass
21371| [47086] Apache HTTP Server OS fingerprinting unspecified
21372| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
21373| [45791] Apache Tomcat RemoteFilterValve security bypass
21374| [44435] Oracle WebLogic Apache Connector buffer overflow
21375| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
21376| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
21377| [44156] Apache Tomcat RequestDispatcher directory traversal
21378| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
21379| [43885] Oracle WebLogic Server Apache Connector buffer overflow
21380| [42987] Apache HTTP Server mod_proxy module denial of service
21381| [42915] Apache Tomcat JSP files path disclosure
21382| [42914] Apache Tomcat MS-DOS path disclosure
21383| [42892] Apache Tomcat unspecified unauthorized access
21384| [42816] Apache Tomcat Host Manager cross-site scripting
21385| [42303] Apache 403 error cross-site scripting
21386| [41618] Apache-SSL ExpandCert() authentication bypass
21387| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
21388| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
21389| [40614] Apache mod_jk2 HTTP Host header buffer overflow
21390| [40562] Apache Geronimo init information disclosure
21391| [40478] Novell Web Manager webadmin-apache.conf security bypass
21392| [40411] Apache Tomcat exception handling information disclosure
21393| [40409] Apache Tomcat native (APR based) connector weak security
21394| [40403] Apache Tomcat quotes and %5C cookie information disclosure
21395| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
21396| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
21397| [39867] Apache HTTP Server mod_negotiation cross-site scripting
21398| [39804] Apache Tomcat SingleSignOn information disclosure
21399| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
21400| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
21401| [39608] Apache HTTP Server balancer manager cross-site request forgery
21402| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
21403| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
21404| [39472] Apache HTTP Server mod_status cross-site scripting
21405| [39201] Apache Tomcat JULI logging weak security
21406| [39158] Apache HTTP Server Windows SMB shares information disclosure
21407| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
21408| [38951] Apache::AuthCAS Perl module cookie SQL injection
21409| [38800] Apache HTTP Server 413 error page cross-site scripting
21410| [38211] Apache Geronimo SQLLoginModule authentication bypass
21411| [37243] Apache Tomcat WebDAV directory traversal
21412| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
21413| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
21414| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
21415| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
21416| [36782] Apache Geronimo MEJB unauthorized access
21417| [36586] Apache HTTP Server UTF-7 cross-site scripting
21418| [36468] Apache Geronimo LoginModule security bypass
21419| [36467] Apache Tomcat functions.jsp cross-site scripting
21420| [36402] Apache Tomcat calendar cross-site request forgery
21421| [36354] Apache HTTP Server mod_proxy module denial of service
21422| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
21423| [36336] Apache Derby lock table privilege escalation
21424| [36335] Apache Derby schema privilege escalation
21425| [36006] Apache Tomcat "
21426| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
21427| [35999] Apache Tomcat \"
21428| [35795] Apache Tomcat CookieExample cross-site scripting
21429| [35536] Apache Tomcat SendMailServlet example cross-site scripting
21430| [35384] Apache HTTP Server mod_cache module denial of service
21431| [35097] Apache HTTP Server mod_status module cross-site scripting
21432| [35095] Apache HTTP Server Prefork MPM module denial of service
21433| [34984] Apache HTTP Server recall_headers information disclosure
21434| [34966] Apache HTTP Server MPM content spoofing
21435| [34965] Apache HTTP Server MPM information disclosure
21436| [34963] Apache HTTP Server MPM multiple denial of service
21437| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
21438| [34869] Apache Tomcat JSP example Web application cross-site scripting
21439| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
21440| [34496] Apache Tomcat JK Connector security bypass
21441| [34377] Apache Tomcat hello.jsp cross-site scripting
21442| [34212] Apache Tomcat SSL configuration security bypass
21443| [34210] Apache Tomcat Accept-Language cross-site scripting
21444| [34209] Apache Tomcat calendar application cross-site scripting
21445| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
21446| [34167] Apache Axis WSDL file path disclosure
21447| [34068] Apache Tomcat AJP connector information disclosure
21448| [33584] Apache HTTP Server suEXEC privilege escalation
21449| [32988] Apache Tomcat proxy module directory traversal
21450| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
21451| [32708] Debian Apache tty privilege escalation
21452| [32441] ApacheStats extract() PHP call unspecified
21453| [32128] Apache Tomcat default account
21454| [31680] Apache Tomcat RequestParamExample cross-site scripting
21455| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
21456| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
21457| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
21458| [30456] Apache mod_auth_kerb off-by-one buffer overflow
21459| [29550] Apache mod_tcl set_var() format string
21460| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
21461| [28357] Apache HTTP Server mod_alias script source information disclosure
21462| [28063] Apache mod_rewrite off-by-one buffer overflow
21463| [27902] Apache Tomcat URL information disclosure
21464| [26786] Apache James SMTP server denial of service
21465| [25680] libapache2 /tmp/svn file upload
21466| [25614] Apache Struts lookupMap cross-site scripting
21467| [25613] Apache Struts ActionForm denial of service
21468| [25612] Apache Struts isCancelled() security bypass
21469| [24965] Apache mod_python FileSession command execution
21470| [24716] Apache James spooler memory leak denial of service
21471| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
21472| [24158] Apache Geronimo jsp-examples cross-site scripting
21473| [24030] Apache auth_ldap module multiple format strings
21474| [24008] Apache mod_ssl custom error message denial of service
21475| [24003] Apache mod_auth_pgsql module multiple syslog format strings
21476| [23612] Apache mod_imap referer field cross-site scripting
21477| [23173] Apache Struts error message cross-site scripting
21478| [22942] Apache Tomcat directory listing denial of service
21479| [22858] Apache Multi-Processing Module code allows denial of service
21480| [22602] RHSA-2005:582 updates for Apache httpd not installed
21481| [22520] Apache mod-auth-shadow "
21482| [22466] ApacheTop symlink
21483| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
21484| [22006] Apache HTTP Server byte-range filter denial of service
21485| [21567] Apache mod_ssl off-by-one buffer overflow
21486| [21195] Apache HTTP Server header HTTP request smuggling
21487| [20383] Apache HTTP Server htdigest buffer overflow
21488| [19681] Apache Tomcat AJP12 request denial of service
21489| [18993] Apache HTTP server check_forensic symlink attack
21490| [18790] Apache Tomcat Manager cross-site scripting
21491| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
21492| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
21493| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
21494| [17961] Apache Web server ServerTokens has not been set
21495| [17930] Apache HTTP Server HTTP GET request denial of service
21496| [17785] Apache mod_include module buffer overflow
21497| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
21498| [17473] Apache HTTP Server Satisfy directive allows access to resources
21499| [17413] Apache htpasswd buffer overflow
21500| [17384] Apache HTTP Server environment variable configuration file buffer overflow
21501| [17382] Apache HTTP Server IPv6 apr_util denial of service
21502| [17366] Apache HTTP Server mod_dav module LOCK denial of service
21503| [17273] Apache HTTP Server speculative mode denial of service
21504| [17200] Apache HTTP Server mod_ssl denial of service
21505| [16890] Apache HTTP Server server-info request has been detected
21506| [16889] Apache HTTP Server server-status request has been detected
21507| [16705] Apache mod_ssl format string attack
21508| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
21509| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
21510| [16230] Apache HTTP Server PHP denial of service
21511| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
21512| [15958] Apache HTTP Server authentication modules memory corruption
21513| [15547] Apache HTTP Server mod_disk_cache local information disclosure
21514| [15540] Apache HTTP Server socket starvation denial of service
21515| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
21516| [15422] Apache HTTP Server mod_access information disclosure
21517| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
21518| [15293] Apache for Cygwin "
21519| [15065] Apache-SSL has a default password
21520| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
21521| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
21522| [14751] Apache Mod_python output filter information disclosure
21523| [14125] Apache HTTP Server mod_userdir module information disclosure
21524| [14075] Apache HTTP Server mod_php file descriptor leak
21525| [13703] Apache HTTP Server account
21526| [13689] Apache HTTP Server configuration allows symlinks
21527| [13688] Apache HTTP Server configuration allows SSI
21528| [13687] Apache HTTP Server Server: header value
21529| [13685] Apache HTTP Server ServerTokens value
21530| [13684] Apache HTTP Server ServerSignature value
21531| [13672] Apache HTTP Server config allows directory autoindexing
21532| [13671] Apache HTTP Server default content
21533| [13670] Apache HTTP Server config file directive references outside content root
21534| [13668] Apache HTTP Server httpd not running in chroot environment
21535| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
21536| [13664] Apache HTTP Server config file contains ScriptAlias entry
21537| [13663] Apache HTTP Server CGI support modules loaded
21538| [13661] Apache HTTP Server config file contains AddHandler entry
21539| [13660] Apache HTTP Server 500 error page not CGI script
21540| [13659] Apache HTTP Server 413 error page not CGI script
21541| [13658] Apache HTTP Server 403 error page not CGI script
21542| [13657] Apache HTTP Server 401 error page not CGI script
21543| [13552] Apache HTTP Server mod_cgid module information disclosure
21544| [13550] Apache GET request directory traversal
21545| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
21546| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
21547| [13429] Apache Tomcat non-HTTP request denial of service
21548| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
21549| [13295] Apache weak password encryption
21550| [13254] Apache Tomcat .jsp cross-site scripting
21551| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
21552| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
21553| [12681] Apache HTTP Server mod_proxy could allow mail relaying
21554| [12662] Apache HTTP Server rotatelogs denial of service
21555| [12554] Apache Tomcat stores password in plain text
21556| [12553] Apache HTTP Server redirects and subrequests denial of service
21557| [12552] Apache HTTP Server FTP proxy server denial of service
21558| [12551] Apache HTTP Server prefork MPM denial of service
21559| [12550] Apache HTTP Server weaker than expected encryption
21560| [12549] Apache HTTP Server type-map file denial of service
21561| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
21562| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
21563| [12091] Apache HTTP Server apr_password_validate denial of service
21564| [12090] Apache HTTP Server apr_psprintf code execution
21565| [11804] Apache HTTP Server mod_access_referer denial of service
21566| [11750] Apache HTTP Server could leak sensitive file descriptors
21567| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
21568| [11703] Apache long slash path allows directory listing
21569| [11695] Apache HTTP Server LF (Line Feed) denial of service
21570| [11694] Apache HTTP Server filestat.c denial of service
21571| [11438] Apache HTTP Server MIME message boundaries information disclosure
21572| [11412] Apache HTTP Server error log terminal escape sequence injection
21573| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
21574| [11195] Apache Tomcat web.xml could be used to read files
21575| [11194] Apache Tomcat URL appended with a null character could list directories
21576| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
21577| [11126] Apache HTTP Server illegal character file disclosure
21578| [11125] Apache HTTP Server DOS device name HTTP POST code execution
21579| [11124] Apache HTTP Server DOS device name denial of service
21580| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
21581| [10938] Apache HTTP Server printenv test CGI cross-site scripting
21582| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
21583| [10575] Apache mod_php module could allow an attacker to take over the httpd process
21584| [10499] Apache HTTP Server WebDAV HTTP POST view source
21585| [10457] Apache HTTP Server mod_ssl "
21586| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
21587| [10414] Apache HTTP Server htdigest multiple buffer overflows
21588| [10413] Apache HTTP Server htdigest temporary file race condition
21589| [10412] Apache HTTP Server htpasswd temporary file race condition
21590| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
21591| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
21592| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
21593| [10280] Apache HTTP Server shared memory scorecard overwrite
21594| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
21595| [10241] Apache HTTP Server Host: header cross-site scripting
21596| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
21597| [10208] Apache HTTP Server mod_dav denial of service
21598| [10206] HP VVOS Apache mod_ssl denial of service
21599| [10200] Apache HTTP Server stderr denial of service
21600| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
21601| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
21602| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
21603| [10098] Slapper worm targets OpenSSL/Apache systems
21604| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
21605| [9875] Apache HTTP Server .var file request could disclose installation path
21606| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
21607| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
21608| [9623] Apache HTTP Server ap_log_rerror() path disclosure
21609| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
21610| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
21611| [9396] Apache Tomcat null character to threads denial of service
21612| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
21613| [9249] Apache HTTP Server chunked encoding heap buffer overflow
21614| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
21615| [8932] Apache Tomcat example class information disclosure
21616| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
21617| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
21618| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
21619| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
21620| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
21621| [8400] Apache HTTP Server mod_frontpage buffer overflows
21622| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
21623| [8308] Apache "
21624| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
21625| [8119] Apache and PHP OPTIONS request reveals "
21626| [8054] Apache is running on the system
21627| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
21628| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
21629| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
21630| [7836] Apache HTTP Server log directory denial of service
21631| [7815] Apache for Windows "
21632| [7810] Apache HTTP request could result in unexpected behavior
21633| [7599] Apache Tomcat reveals installation path
21634| [7494] Apache "
21635| [7419] Apache Web Server could allow remote attackers to overwrite .log files
21636| [7363] Apache Web Server hidden HTTP requests
21637| [7249] Apache mod_proxy denial of service
21638| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
21639| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
21640| [7059] Apache "
21641| [7057] Apache "
21642| [7056] Apache "
21643| [7055] Apache "
21644| [7054] Apache "
21645| [6997] Apache Jakarta Tomcat error message may reveal information
21646| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
21647| [6970] Apache crafted HTTP request could reveal the internal IP address
21648| [6921] Apache long slash path allows directory listing
21649| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
21650| [6527] Apache Web Server for Windows and OS2 denial of service
21651| [6316] Apache Jakarta Tomcat may reveal JSP source code
21652| [6305] Apache Jakarta Tomcat directory traversal
21653| [5926] Linux Apache symbolic link
21654| [5659] Apache Web server discloses files when used with php script
21655| [5310] Apache mod_rewrite allows attacker to view arbitrary files
21656| [5204] Apache WebDAV directory listings
21657| [5197] Apache Web server reveals CGI script source code
21658| [5160] Apache Jakarta Tomcat default installation
21659| [5099] Trustix Secure Linux installs Apache with world writable access
21660| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
21661| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
21662| [4931] Apache source.asp example file allows users to write to files
21663| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
21664| [4205] Apache Jakarta Tomcat delivers file contents
21665| [2084] Apache on Debian by default serves the /usr/doc directory
21666| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
21667| [697] Apache HTTP server beck exploit
21668| [331] Apache cookies buffer overflow
21669|
21670| Exploit-DB - https://www.exploit-db.com:
21671| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
21672| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
21673| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
21674| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
21675| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
21676| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
21677| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
21678| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
21679| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
21680| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
21681| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
21682| [29859] Apache Roller OGNL Injection
21683| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
21684| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
21685| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
21686| [29290] Apache / PHP 5.x Remote Code Execution Exploit
21687| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
21688| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
21689| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
21690| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
21691| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
21692| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
21693| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
21694| [27096] Apache Geronimo 1.0 Error Page XSS
21695| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
21696| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
21697| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
21698| [25986] Plesk Apache Zeroday Remote Exploit
21699| [25980] Apache Struts includeParams Remote Code Execution
21700| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
21701| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
21702| [24874] Apache Struts ParametersInterceptor Remote Code Execution
21703| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
21704| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
21705| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
21706| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
21707| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
21708| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
21709| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
21710| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
21711| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
21712| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
21713| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
21714| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
21715| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
21716| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
21717| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
21718| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
21719| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
21720| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
21721| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
21722| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
21723| [21719] Apache 2.0 Path Disclosure Vulnerability
21724| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
21725| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
21726| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
21727| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
21728| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
21729| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
21730| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
21731| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
21732| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
21733| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
21734| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
21735| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
21736| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
21737| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
21738| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
21739| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
21740| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
21741| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
21742| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
21743| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
21744| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
21745| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
21746| [20558] Apache 1.2 Web Server DoS Vulnerability
21747| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
21748| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
21749| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
21750| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
21751| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
21752| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
21753| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
21754| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
21755| [19231] PHP apache_request_headers Function Buffer Overflow
21756| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
21757| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
21758| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
21759| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
21760| [18442] Apache httpOnly Cookie Disclosure
21761| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
21762| [18221] Apache HTTP Server Denial of Service
21763| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
21764| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
21765| [17691] Apache Struts < 2.2.0 - Remote Command Execution
21766| [16798] Apache mod_jk 1.2.20 Buffer Overflow
21767| [16782] Apache Win32 Chunked Encoding
21768| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
21769| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
21770| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
21771| [15319] Apache 2.2 (Windows) Local Denial of Service
21772| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
21773| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21774| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
21775| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
21776| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
21777| [12330] Apache OFBiz - Multiple XSS
21778| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
21779| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
21780| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
21781| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
21782| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
21783| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
21784| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
21785| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
21786| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21787| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
21788| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
21789| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
21790| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21791| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
21792| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
21793| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
21794| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
21795| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
21796| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
21797| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
21798| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
21799| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
21800| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
21801| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
21802| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
21803| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
21804| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
21805| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
21806| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
21807| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
21808| [466] htpasswd Apache 1.3.31 - Local Exploit
21809| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
21810| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
21811| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
21812| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
21813| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
21814| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
21815| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
21816| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
21817| [9] Apache HTTP Server 2.x Memory Leak Exploit
21818|
21819| OpenVAS (Nessus) - http://www.openvas.org:
21820| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
21821| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
21822| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
21823| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
21824| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
21825| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
21826| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
21827| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
21828| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
21829| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
21830| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
21831| [900571] Apache APR-Utils Version Detection
21832| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
21833| [900496] Apache Tiles Multiple XSS Vulnerability
21834| [900493] Apache Tiles Version Detection
21835| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
21836| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
21837| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
21838| [870175] RedHat Update for apache RHSA-2008:0004-01
21839| [864591] Fedora Update for apache-poi FEDORA-2012-10835
21840| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
21841| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
21842| [864250] Fedora Update for apache-poi FEDORA-2012-7683
21843| [864249] Fedora Update for apache-poi FEDORA-2012-7686
21844| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
21845| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
21846| [855821] Solaris Update for Apache 1.3 122912-19
21847| [855812] Solaris Update for Apache 1.3 122911-19
21848| [855737] Solaris Update for Apache 1.3 122911-17
21849| [855731] Solaris Update for Apache 1.3 122912-17
21850| [855695] Solaris Update for Apache 1.3 122911-16
21851| [855645] Solaris Update for Apache 1.3 122912-16
21852| [855587] Solaris Update for kernel update and Apache 108529-29
21853| [855566] Solaris Update for Apache 116973-07
21854| [855531] Solaris Update for Apache 116974-07
21855| [855524] Solaris Update for Apache 2 120544-14
21856| [855494] Solaris Update for Apache 1.3 122911-15
21857| [855478] Solaris Update for Apache Security 114145-11
21858| [855472] Solaris Update for Apache Security 113146-12
21859| [855179] Solaris Update for Apache 1.3 122912-15
21860| [855147] Solaris Update for kernel update and Apache 108528-29
21861| [855077] Solaris Update for Apache 2 120543-14
21862| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
21863| [850088] SuSE Update for apache2 SUSE-SA:2007:061
21864| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
21865| [841209] Ubuntu Update for apache2 USN-1627-1
21866| [840900] Ubuntu Update for apache2 USN-1368-1
21867| [840798] Ubuntu Update for apache2 USN-1259-1
21868| [840734] Ubuntu Update for apache2 USN-1199-1
21869| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
21870| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
21871| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
21872| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
21873| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
21874| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
21875| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
21876| [835253] HP-UX Update for Apache Web Server HPSBUX02645
21877| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
21878| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
21879| [835236] HP-UX Update for Apache with PHP HPSBUX02543
21880| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
21881| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
21882| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
21883| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
21884| [835188] HP-UX Update for Apache HPSBUX02308
21885| [835181] HP-UX Update for Apache With PHP HPSBUX02332
21886| [835180] HP-UX Update for Apache with PHP HPSBUX02342
21887| [835172] HP-UX Update for Apache HPSBUX02365
21888| [835168] HP-UX Update for Apache HPSBUX02313
21889| [835148] HP-UX Update for Apache HPSBUX01064
21890| [835139] HP-UX Update for Apache with PHP HPSBUX01090
21891| [835131] HP-UX Update for Apache HPSBUX00256
21892| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
21893| [835104] HP-UX Update for Apache HPSBUX00224
21894| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
21895| [835101] HP-UX Update for Apache HPSBUX01232
21896| [835080] HP-UX Update for Apache HPSBUX02273
21897| [835078] HP-UX Update for ApacheStrong HPSBUX00255
21898| [835044] HP-UX Update for Apache HPSBUX01019
21899| [835040] HP-UX Update for Apache PHP HPSBUX00207
21900| [835025] HP-UX Update for Apache HPSBUX00197
21901| [835023] HP-UX Update for Apache HPSBUX01022
21902| [835022] HP-UX Update for Apache HPSBUX02292
21903| [835005] HP-UX Update for Apache HPSBUX02262
21904| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
21905| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
21906| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
21907| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
21908| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
21909| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
21910| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
21911| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
21912| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
21913| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
21914| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
21915| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
21916| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
21917| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
21918| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
21919| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
21920| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
21921| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
21922| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
21923| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
21924| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
21925| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
21926| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
21927| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
21928| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
21929| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
21930| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
21931| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
21932| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
21933| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
21934| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
21935| [801942] Apache Archiva Multiple Vulnerabilities
21936| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
21937| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
21938| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
21939| [801284] Apache Derby Information Disclosure Vulnerability
21940| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
21941| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
21942| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
21943| [800680] Apache APR Version Detection
21944| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
21945| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
21946| [800677] Apache Roller Version Detection
21947| [800279] Apache mod_jk Module Version Detection
21948| [800278] Apache Struts Cross Site Scripting Vulnerability
21949| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
21950| [800276] Apache Struts Version Detection
21951| [800271] Apache Struts Directory Traversal Vulnerability
21952| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
21953| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
21954| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
21955| [103122] Apache Web Server ETag Header Information Disclosure Weakness
21956| [103074] Apache Continuum Cross Site Scripting Vulnerability
21957| [103073] Apache Continuum Detection
21958| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
21959| [101023] Apache Open For Business Weak Password security check
21960| [101020] Apache Open For Business HTML injection vulnerability
21961| [101019] Apache Open For Business service detection
21962| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
21963| [100923] Apache Archiva Detection
21964| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
21965| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
21966| [100813] Apache Axis2 Detection
21967| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
21968| [100795] Apache Derby Detection
21969| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
21970| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
21971| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
21972| [100514] Apache Multiple Security Vulnerabilities
21973| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
21974| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
21975| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
21976| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21977| [72626] Debian Security Advisory DSA 2579-1 (apache2)
21978| [72612] FreeBSD Ports: apache22
21979| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
21980| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
21981| [71512] FreeBSD Ports: apache
21982| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
21983| [71256] Debian Security Advisory DSA 2452-1 (apache2)
21984| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
21985| [70737] FreeBSD Ports: apache
21986| [70724] Debian Security Advisory DSA 2405-1 (apache2)
21987| [70600] FreeBSD Ports: apache
21988| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
21989| [70235] Debian Security Advisory DSA 2298-2 (apache2)
21990| [70233] Debian Security Advisory DSA 2298-1 (apache2)
21991| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
21992| [69338] Debian Security Advisory DSA 2202-1 (apache2)
21993| [67868] FreeBSD Ports: apache
21994| [66816] FreeBSD Ports: apache
21995| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
21996| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
21997| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
21998| [66081] SLES11: Security update for Apache 2
21999| [66074] SLES10: Security update for Apache 2
22000| [66070] SLES9: Security update for Apache 2
22001| [65998] SLES10: Security update for apache2-mod_python
22002| [65893] SLES10: Security update for Apache 2
22003| [65888] SLES10: Security update for Apache 2
22004| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
22005| [65510] SLES9: Security update for Apache 2
22006| [65472] SLES9: Security update for Apache
22007| [65467] SLES9: Security update for Apache
22008| [65450] SLES9: Security update for apache2
22009| [65390] SLES9: Security update for Apache2
22010| [65363] SLES9: Security update for Apache2
22011| [65309] SLES9: Security update for Apache and mod_ssl
22012| [65296] SLES9: Security update for webdav apache module
22013| [65283] SLES9: Security update for Apache2
22014| [65249] SLES9: Security update for Apache 2
22015| [65230] SLES9: Security update for Apache 2
22016| [65228] SLES9: Security update for Apache 2
22017| [65212] SLES9: Security update for apache2-mod_python
22018| [65209] SLES9: Security update for apache2-worker
22019| [65207] SLES9: Security update for Apache 2
22020| [65168] SLES9: Security update for apache2-mod_python
22021| [65142] SLES9: Security update for Apache2
22022| [65136] SLES9: Security update for Apache 2
22023| [65132] SLES9: Security update for apache
22024| [65131] SLES9: Security update for Apache 2 oes/CORE
22025| [65113] SLES9: Security update for apache2
22026| [65072] SLES9: Security update for apache and mod_ssl
22027| [65017] SLES9: Security update for Apache 2
22028| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
22029| [64783] FreeBSD Ports: apache
22030| [64774] Ubuntu USN-802-2 (apache2)
22031| [64653] Ubuntu USN-813-2 (apache2)
22032| [64559] Debian Security Advisory DSA 1834-2 (apache2)
22033| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
22034| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
22035| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
22036| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
22037| [64443] Ubuntu USN-802-1 (apache2)
22038| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
22039| [64423] Debian Security Advisory DSA 1834-1 (apache2)
22040| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
22041| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
22042| [64251] Debian Security Advisory DSA 1816-1 (apache2)
22043| [64201] Ubuntu USN-787-1 (apache2)
22044| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
22045| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
22046| [63565] FreeBSD Ports: apache
22047| [63562] Ubuntu USN-731-1 (apache2)
22048| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
22049| [61185] FreeBSD Ports: apache
22050| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
22051| [60387] Slackware Advisory SSA:2008-045-02 apache
22052| [58826] FreeBSD Ports: apache-tomcat
22053| [58825] FreeBSD Ports: apache-tomcat
22054| [58804] FreeBSD Ports: apache
22055| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
22056| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
22057| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
22058| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
22059| [57335] Debian Security Advisory DSA 1167-1 (apache)
22060| [57201] Debian Security Advisory DSA 1131-1 (apache)
22061| [57200] Debian Security Advisory DSA 1132-1 (apache2)
22062| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
22063| [57145] FreeBSD Ports: apache
22064| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
22065| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
22066| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
22067| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
22068| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
22069| [56067] FreeBSD Ports: apache
22070| [55803] Slackware Advisory SSA:2005-310-04 apache
22071| [55519] Debian Security Advisory DSA 839-1 (apachetop)
22072| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
22073| [55355] FreeBSD Ports: apache
22074| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
22075| [55261] Debian Security Advisory DSA 805-1 (apache2)
22076| [55259] Debian Security Advisory DSA 803-1 (apache)
22077| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
22078| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
22079| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
22080| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
22081| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
22082| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
22083| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
22084| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
22085| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
22086| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
22087| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
22088| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
22089| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
22090| [54439] FreeBSD Ports: apache
22091| [53931] Slackware Advisory SSA:2004-133-01 apache
22092| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
22093| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
22094| [53878] Slackware Advisory SSA:2003-308-01 apache security update
22095| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
22096| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
22097| [53848] Debian Security Advisory DSA 131-1 (apache)
22098| [53784] Debian Security Advisory DSA 021-1 (apache)
22099| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
22100| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
22101| [53735] Debian Security Advisory DSA 187-1 (apache)
22102| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
22103| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
22104| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
22105| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
22106| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
22107| [53282] Debian Security Advisory DSA 594-1 (apache)
22108| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
22109| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
22110| [53215] Debian Security Advisory DSA 525-1 (apache)
22111| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
22112| [52529] FreeBSD Ports: apache+ssl
22113| [52501] FreeBSD Ports: apache
22114| [52461] FreeBSD Ports: apache
22115| [52390] FreeBSD Ports: apache
22116| [52389] FreeBSD Ports: apache
22117| [52388] FreeBSD Ports: apache
22118| [52383] FreeBSD Ports: apache
22119| [52339] FreeBSD Ports: apache+mod_ssl
22120| [52331] FreeBSD Ports: apache
22121| [52329] FreeBSD Ports: ru-apache+mod_ssl
22122| [52314] FreeBSD Ports: apache
22123| [52310] FreeBSD Ports: apache
22124| [15588] Detect Apache HTTPS
22125| [15555] Apache mod_proxy content-length buffer overflow
22126| [15554] Apache mod_include priviledge escalation
22127| [14771] Apache <= 1.3.33 htpasswd local overflow
22128| [14177] Apache mod_access rule bypass
22129| [13644] Apache mod_rootme Backdoor
22130| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
22131| [12280] Apache Connection Blocking Denial of Service
22132| [12239] Apache Error Log Escape Sequence Injection
22133| [12123] Apache Tomcat source.jsp malformed request information disclosure
22134| [12085] Apache Tomcat servlet/JSP container default files
22135| [11438] Apache Tomcat Directory Listing and File disclosure
22136| [11204] Apache Tomcat Default Accounts
22137| [11092] Apache 2.0.39 Win32 directory traversal
22138| [11046] Apache Tomcat TroubleShooter Servlet Installed
22139| [11042] Apache Tomcat DOS Device Name XSS
22140| [11041] Apache Tomcat /servlet Cross Site Scripting
22141| [10938] Apache Remote Command Execution via .bat files
22142| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
22143| [10773] MacOS X Finder reveals contents of Apache Web files
22144| [10766] Apache UserDir Sensitive Information Disclosure
22145| [10756] MacOS X Finder reveals contents of Apache Web directories
22146| [10752] Apache Auth Module SQL Insertion Attack
22147| [10704] Apache Directory Listing
22148| [10678] Apache /server-info accessible
22149| [10677] Apache /server-status accessible
22150| [10440] Check for Apache Multiple / vulnerability
22151|
22152| SecurityTracker - https://www.securitytracker.com:
22153| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
22154| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
22155| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
22156| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
22157| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
22158| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
22159| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
22160| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
22161| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
22162| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
22163| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
22164| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
22165| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
22166| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
22167| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
22168| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
22169| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
22170| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
22171| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
22172| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
22173| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
22174| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
22175| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
22176| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
22177| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
22178| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
22179| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
22180| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
22181| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
22182| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
22183| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
22184| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
22185| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
22186| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
22187| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
22188| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
22189| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
22190| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
22191| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
22192| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
22193| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
22194| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
22195| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
22196| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
22197| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
22198| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
22199| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
22200| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
22201| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
22202| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
22203| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
22204| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
22205| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
22206| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
22207| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
22208| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
22209| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
22210| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
22211| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
22212| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
22213| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
22214| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
22215| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
22216| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
22217| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
22218| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
22219| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
22220| [1024096] Apache mod_proxy_http May Return Results for a Different Request
22221| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
22222| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
22223| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
22224| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
22225| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
22226| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
22227| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
22228| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
22229| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
22230| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
22231| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
22232| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
22233| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
22234| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
22235| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
22236| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
22237| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
22238| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
22239| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
22240| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
22241| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
22242| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
22243| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
22244| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
22245| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
22246| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
22247| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
22248| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
22249| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
22250| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
22251| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
22252| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
22253| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
22254| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
22255| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
22256| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
22257| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
22258| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
22259| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
22260| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
22261| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
22262| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
22263| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
22264| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
22265| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
22266| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
22267| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
22268| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
22269| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
22270| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
22271| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
22272| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
22273| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
22274| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
22275| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
22276| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
22277| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
22278| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
22279| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
22280| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
22281| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
22282| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
22283| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
22284| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
22285| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
22286| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
22287| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
22288| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
22289| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
22290| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
22291| [1008920] Apache mod_digest May Validate Replayed Client Responses
22292| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
22293| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
22294| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
22295| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
22296| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
22297| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
22298| [1008030] Apache mod_rewrite Contains a Buffer Overflow
22299| [1008029] Apache mod_alias Contains a Buffer Overflow
22300| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
22301| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
22302| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
22303| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
22304| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
22305| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
22306| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
22307| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
22308| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
22309| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
22310| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
22311| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
22312| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
22313| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
22314| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
22315| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
22316| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
22317| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
22318| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
22319| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
22320| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
22321| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
22322| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
22323| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
22324| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
22325| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
22326| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
22327| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
22328| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
22329| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
22330| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
22331| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
22332| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
22333| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
22334| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
22335| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
22336| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
22337| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
22338| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22339| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22340| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
22341| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
22342| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
22343| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
22344| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
22345| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
22346| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
22347| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
22348| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
22349| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
22350| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
22351| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
22352| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
22353| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
22354| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
22355| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
22356|
22357| OSVDB - http://www.osvdb.org:
22358| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
22359| [96077] Apache CloudStack Global Settings Multiple Field XSS
22360| [96076] Apache CloudStack Instances Menu Display Name Field XSS
22361| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
22362| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
22363| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
22364| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
22365| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
22366| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
22367| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
22368| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
22369| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
22370| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22371| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
22372| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
22373| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
22374| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
22375| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22376| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
22377| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
22378| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
22379| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
22380| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
22381| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
22382| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
22383| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
22384| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
22385| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
22386| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
22387| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
22388| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
22389| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
22390| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
22391| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
22392| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
22393| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
22394| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
22395| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
22396| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
22397| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
22398| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
22399| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
22400| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
22401| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
22402| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
22403| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
22404| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
22405| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
22406| [94279] Apache Qpid CA Certificate Validation Bypass
22407| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
22408| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
22409| [94042] Apache Axis JAX-WS Java Unspecified Exposure
22410| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
22411| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
22412| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
22413| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
22414| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
22415| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
22416| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
22417| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
22418| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
22419| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
22420| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
22421| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
22422| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
22423| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
22424| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
22425| [93541] Apache Solr json.wrf Callback XSS
22426| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
22427| [93521] Apache jUDDI Security API Token Session Persistence Weakness
22428| [93520] Apache CloudStack Default SSL Key Weakness
22429| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
22430| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
22431| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
22432| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
22433| [93515] Apache HBase table.jsp name Parameter XSS
22434| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
22435| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
22436| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
22437| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
22438| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
22439| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
22440| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
22441| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
22442| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
22443| [93252] Apache Tomcat FORM Authenticator Session Fixation
22444| [93172] Apache Camel camel/endpoints/ Endpoint XSS
22445| [93171] Apache Sling HtmlResponse Error Message XSS
22446| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
22447| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
22448| [93168] Apache Click ErrorReport.java id Parameter XSS
22449| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
22450| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
22451| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
22452| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
22453| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
22454| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
22455| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
22456| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
22457| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
22458| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
22459| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
22460| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
22461| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
22462| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
22463| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
22464| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
22465| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
22466| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
22467| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
22468| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
22469| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
22470| [93144] Apache Solr Admin Command Execution CSRF
22471| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
22472| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
22473| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
22474| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
22475| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
22476| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
22477| [92748] Apache CloudStack VM Console Access Restriction Bypass
22478| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
22479| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
22480| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
22481| [92706] Apache ActiveMQ Debug Log Rendering XSS
22482| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
22483| [92270] Apache Tomcat Unspecified CSRF
22484| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
22485| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
22486| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
22487| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
22488| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
22489| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
22490| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
22491| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
22492| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
22493| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
22494| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
22495| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
22496| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
22497| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
22498| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
22499| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
22500| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
22501| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
22502| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
22503| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
22504| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
22505| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
22506| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
22507| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
22508| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
22509| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
22510| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
22511| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
22512| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
22513| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
22514| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
22515| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
22516| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
22517| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
22518| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
22519| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
22520| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
22521| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
22522| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
22523| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
22524| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
22525| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
22526| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
22527| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
22528| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
22529| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
22530| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
22531| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
22532| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
22533| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
22534| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
22535| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
22536| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
22537| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
22538| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
22539| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
22540| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
22541| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
22542| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
22543| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
22544| [86901] Apache Tomcat Error Message Path Disclosure
22545| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
22546| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
22547| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
22548| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
22549| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
22550| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
22551| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
22552| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
22553| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
22554| [85430] Apache mod_pagespeed Module Unspecified XSS
22555| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
22556| [85249] Apache Wicket Unspecified XSS
22557| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
22558| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
22559| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
22560| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
22561| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
22562| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
22563| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
22564| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
22565| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
22566| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
22567| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
22568| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
22569| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
22570| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
22571| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
22572| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
22573| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
22574| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
22575| [83339] Apache Roller Blogger Roll Unspecified XSS
22576| [83270] Apache Roller Unspecified Admin Action CSRF
22577| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
22578| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
22579| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
22580| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
22581| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
22582| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
22583| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
22584| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
22585| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
22586| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
22587| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
22588| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
22589| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
22590| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
22591| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
22592| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
22593| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
22594| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
22595| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
22596| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
22597| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
22598| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
22599| [80300] Apache Wicket wicket:pageMapName Parameter XSS
22600| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
22601| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
22602| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
22603| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
22604| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
22605| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
22606| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
22607| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
22608| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
22609| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
22610| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
22611| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
22612| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
22613| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
22614| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
22615| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
22616| [78331] Apache Tomcat Request Object Recycling Information Disclosure
22617| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
22618| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
22619| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
22620| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
22621| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
22622| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
22623| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
22624| [77593] Apache Struts Conversion Error OGNL Expression Injection
22625| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
22626| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
22627| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
22628| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
22629| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
22630| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
22631| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
22632| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
22633| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
22634| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
22635| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
22636| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
22637| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
22638| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
22639| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
22640| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
22641| [74725] Apache Wicket Multi Window Support Unspecified XSS
22642| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
22643| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
22644| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
22645| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
22646| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
22647| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
22648| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
22649| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
22650| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
22651| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
22652| [73644] Apache XML Security Signature Key Parsing Overflow DoS
22653| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
22654| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
22655| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
22656| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
22657| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
22658| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
22659| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
22660| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
22661| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
22662| [73154] Apache Archiva Multiple Unspecified CSRF
22663| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
22664| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
22665| [72238] Apache Struts Action / Method Names <
22666| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
22667| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
22668| [71557] Apache Tomcat HTML Manager Multiple XSS
22669| [71075] Apache Archiva User Management Page XSS
22670| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
22671| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
22672| [70924] Apache Continuum Multiple Admin Function CSRF
22673| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
22674| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
22675| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
22676| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
22677| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
22678| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
22679| [69520] Apache Archiva Administrator Credential Manipulation CSRF
22680| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
22681| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
22682| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
22683| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
22684| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
22685| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
22686| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
22687| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
22688| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
22689| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
22690| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
22691| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
22692| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
22693| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
22694| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
22695| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
22696| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
22697| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
22698| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
22699| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
22700| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
22701| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
22702| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
22703| [65054] Apache ActiveMQ Jetty Error Handler XSS
22704| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
22705| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
22706| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
22707| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
22708| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
22709| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
22710| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
22711| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
22712| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
22713| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
22714| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
22715| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
22716| [63895] Apache HTTP Server mod_headers Unspecified Issue
22717| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
22718| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
22719| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
22720| [63140] Apache Thrift Service Malformed Data Remote DoS
22721| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
22722| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
22723| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
22724| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
22725| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
22726| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
22727| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
22728| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
22729| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
22730| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
22731| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
22732| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
22733| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
22734| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
22735| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
22736| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
22737| [60678] Apache Roller Comment Email Notification Manipulation DoS
22738| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
22739| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
22740| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
22741| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
22742| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
22743| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
22744| [60232] PHP on Apache php.exe Direct Request Remote DoS
22745| [60176] Apache Tomcat Windows Installer Admin Default Password
22746| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
22747| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
22748| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
22749| [59944] Apache Hadoop jobhistory.jsp XSS
22750| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
22751| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
22752| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
22753| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
22754| [59019] Apache mod_python Cookie Salting Weakness
22755| [59018] Apache Harmony Error Message Handling Overflow
22756| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
22757| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
22758| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
22759| [59010] Apache Solr get-file.jsp XSS
22760| [59009] Apache Solr action.jsp XSS
22761| [59008] Apache Solr analysis.jsp XSS
22762| [59007] Apache Solr schema.jsp Multiple Parameter XSS
22763| [59006] Apache Beehive select / checkbox Tag XSS
22764| [59005] Apache Beehive jpfScopeID Global Parameter XSS
22765| [59004] Apache Beehive Error Message XSS
22766| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
22767| [59002] Apache Jetspeed default-page.psml URI XSS
22768| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
22769| [59000] Apache CXF Unsigned Message Policy Bypass
22770| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
22771| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
22772| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
22773| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
22774| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
22775| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
22776| [58993] Apache Hadoop browseBlock.jsp XSS
22777| [58991] Apache Hadoop browseDirectory.jsp XSS
22778| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
22779| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
22780| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
22781| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
22782| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
22783| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
22784| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
22785| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
22786| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
22787| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
22788| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
22789| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
22790| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
22791| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
22792| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
22793| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
22794| [58974] Apache Sling /apps Script User Session Management Access Weakness
22795| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
22796| [58931] Apache Geronimo Cookie Parameters Validation Weakness
22797| [58930] Apache Xalan-C++ XPath Handling Remote DoS
22798| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
22799| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
22800| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
22801| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
22802| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
22803| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
22804| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
22805| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
22806| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
22807| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
22808| [58805] Apache Derby Unauthenticated Database / Admin Access
22809| [58804] Apache Wicket Header Contribution Unspecified Issue
22810| [58803] Apache Wicket Session Fixation
22811| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
22812| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
22813| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
22814| [58799] Apache Tapestry Logging Cleartext Password Disclosure
22815| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
22816| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
22817| [58796] Apache Jetspeed Unsalted Password Storage Weakness
22818| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
22819| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
22820| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
22821| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
22822| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
22823| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
22824| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
22825| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
22826| [58775] Apache JSPWiki preview.jsp action Parameter XSS
22827| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22828| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
22829| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
22830| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
22831| [58770] Apache JSPWiki Group.jsp group Parameter XSS
22832| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
22833| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
22834| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
22835| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
22836| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22837| [58763] Apache JSPWiki Include Tag Multiple Script XSS
22838| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
22839| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
22840| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
22841| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
22842| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
22843| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
22844| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
22845| [58755] Apache Harmony DRLVM Non-public Class Member Access
22846| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
22847| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
22848| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
22849| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
22850| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
22851| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
22852| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
22853| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
22854| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
22855| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
22856| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
22857| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
22858| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
22859| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
22860| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
22861| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
22862| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
22863| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
22864| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
22865| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
22866| [58725] Apache Tapestry Basic String ACL Bypass Weakness
22867| [58724] Apache Roller Logout Functionality Failure Session Persistence
22868| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
22869| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
22870| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
22871| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
22872| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
22873| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
22874| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
22875| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
22876| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
22877| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
22878| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
22879| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
22880| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
22881| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
22882| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
22883| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
22884| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
22885| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
22886| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
22887| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
22888| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
22889| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
22890| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
22891| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
22892| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
22893| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
22894| [58687] Apache Axis Invalid wsdl Request XSS
22895| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
22896| [58685] Apache Velocity Template Designer Privileged Code Execution
22897| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
22898| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
22899| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
22900| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
22901| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
22902| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
22903| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
22904| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
22905| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
22906| [58667] Apache Roller Database Cleartext Passwords Disclosure
22907| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
22908| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
22909| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
22910| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
22911| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
22912| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
22913| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
22914| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
22915| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
22916| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
22917| [56984] Apache Xerces2 Java Malformed XML Input DoS
22918| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
22919| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
22920| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
22921| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
22922| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
22923| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
22924| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
22925| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
22926| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
22927| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
22928| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
22929| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
22930| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
22931| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
22932| [55056] Apache Tomcat Cross-application TLD File Manipulation
22933| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
22934| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
22935| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
22936| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
22937| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
22938| [54589] Apache Jserv Nonexistent JSP Request XSS
22939| [54122] Apache Struts s:a / s:url Tag href Element XSS
22940| [54093] Apache ActiveMQ Web Console JMS Message XSS
22941| [53932] Apache Geronimo Multiple Admin Function CSRF
22942| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
22943| [53930] Apache Geronimo /console/portal/ URI XSS
22944| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
22945| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
22946| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
22947| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
22948| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
22949| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
22950| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
22951| [53380] Apache Struts Unspecified XSS
22952| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
22953| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
22954| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
22955| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
22956| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
22957| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
22958| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
22959| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
22960| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
22961| [51151] Apache Roller Search Function q Parameter XSS
22962| [50482] PHP with Apache php_value Order Unspecified Issue
22963| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
22964| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
22965| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
22966| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
22967| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
22968| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
22969| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
22970| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
22971| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
22972| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
22973| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
22974| [47096] Oracle Weblogic Apache Connector POST Request Overflow
22975| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
22976| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
22977| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
22978| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
22979| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
22980| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
22981| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
22982| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
22983| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
22984| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
22985| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
22986| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
22987| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
22988| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
22989| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
22990| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
22991| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
22992| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
22993| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
22994| [43452] Apache Tomcat HTTP Request Smuggling
22995| [43309] Apache Geronimo LoginModule Login Method Bypass
22996| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
22997| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
22998| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
22999| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
23000| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
23001| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
23002| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
23003| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
23004| [42091] Apache Maven Site Plugin Installation Permission Weakness
23005| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
23006| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
23007| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
23008| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
23009| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
23010| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
23011| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
23012| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
23013| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
23014| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
23015| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
23016| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
23017| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
23018| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
23019| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
23020| [40262] Apache HTTP Server mod_status refresh XSS
23021| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
23022| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
23023| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
23024| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
23025| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
23026| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
23027| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
23028| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
23029| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
23030| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
23031| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
23032| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
23033| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
23034| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
23035| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
23036| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
23037| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
23038| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
23039| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
23040| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
23041| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
23042| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
23043| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
23044| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
23045| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
23046| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
23047| [36080] Apache Tomcat JSP Examples Crafted URI XSS
23048| [36079] Apache Tomcat Manager Uploaded Filename XSS
23049| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
23050| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
23051| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
23052| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
23053| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
23054| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
23055| [34881] Apache Tomcat Malformed Accept-Language Header XSS
23056| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
23057| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
23058| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
23059| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
23060| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
23061| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
23062| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
23063| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
23064| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
23065| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
23066| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
23067| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
23068| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
23069| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
23070| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
23071| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
23072| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
23073| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
23074| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
23075| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
23076| [32724] Apache mod_python _filter_read Freed Memory Disclosure
23077| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
23078| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
23079| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
23080| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
23081| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
23082| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
23083| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
23084| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
23085| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
23086| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
23087| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
23088| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
23089| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
23090| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
23091| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
23092| [24365] Apache Struts Multiple Function Error Message XSS
23093| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
23094| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
23095| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
23096| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
23097| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
23098| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
23099| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
23100| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
23101| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
23102| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
23103| [22459] Apache Geronimo Error Page XSS
23104| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
23105| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
23106| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
23107| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
23108| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
23109| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
23110| [21021] Apache Struts Error Message XSS
23111| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
23112| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
23113| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
23114| [20439] Apache Tomcat Directory Listing Saturation DoS
23115| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
23116| [20285] Apache HTTP Server Log File Control Character Injection
23117| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
23118| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
23119| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
23120| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
23121| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
23122| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
23123| [19821] Apache Tomcat Malformed Post Request Information Disclosure
23124| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
23125| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
23126| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
23127| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
23128| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
23129| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
23130| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
23131| [18233] Apache HTTP Server htdigest user Variable Overfow
23132| [17738] Apache HTTP Server HTTP Request Smuggling
23133| [16586] Apache HTTP Server Win32 GET Overflow DoS
23134| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
23135| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
23136| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
23137| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
23138| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
23139| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
23140| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
23141| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
23142| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
23143| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
23144| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
23145| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
23146| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
23147| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
23148| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
23149| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
23150| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
23151| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
23152| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
23153| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
23154| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
23155| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
23156| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
23157| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
23158| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
23159| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
23160| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
23161| [13304] Apache Tomcat realPath.jsp Path Disclosure
23162| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
23163| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
23164| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
23165| [12848] Apache HTTP Server htdigest realm Variable Overflow
23166| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
23167| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
23168| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
23169| [12557] Apache HTTP Server prefork MPM accept Error DoS
23170| [12233] Apache Tomcat MS-DOS Device Name Request DoS
23171| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
23172| [12231] Apache Tomcat web.xml Arbitrary File Access
23173| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
23174| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
23175| [12178] Apache Jakarta Lucene results.jsp XSS
23176| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
23177| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
23178| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
23179| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
23180| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
23181| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
23182| [10471] Apache Xerces-C++ XML Parser DoS
23183| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
23184| [10068] Apache HTTP Server htpasswd Local Overflow
23185| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
23186| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
23187| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
23188| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
23189| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
23190| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
23191| [9717] Apache HTTP Server mod_cookies Cookie Overflow
23192| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
23193| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
23194| [9714] Apache Authentication Module Threaded MPM DoS
23195| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
23196| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
23197| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
23198| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
23199| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
23200| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
23201| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
23202| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
23203| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
23204| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
23205| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
23206| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
23207| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
23208| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
23209| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
23210| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
23211| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
23212| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
23213| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
23214| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
23215| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
23216| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
23217| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
23218| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
23219| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
23220| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
23221| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
23222| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
23223| [9208] Apache Tomcat .jsp Encoded Newline XSS
23224| [9204] Apache Tomcat ROOT Application XSS
23225| [9203] Apache Tomcat examples Application XSS
23226| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
23227| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
23228| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
23229| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
23230| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
23231| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
23232| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
23233| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
23234| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
23235| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
23236| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
23237| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
23238| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
23239| [7611] Apache HTTP Server mod_alias Local Overflow
23240| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
23241| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
23242| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
23243| [6882] Apache mod_python Malformed Query String Variant DoS
23244| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
23245| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
23246| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
23247| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
23248| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
23249| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
23250| [5526] Apache Tomcat Long .JSP URI Path Disclosure
23251| [5278] Apache Tomcat web.xml Restriction Bypass
23252| [5051] Apache Tomcat Null Character DoS
23253| [4973] Apache Tomcat servlet Mapping XSS
23254| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
23255| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
23256| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
23257| [4568] mod_survey For Apache ENV Tags SQL Injection
23258| [4553] Apache HTTP Server ApacheBench Overflow DoS
23259| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
23260| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
23261| [4383] Apache HTTP Server Socket Race Condition DoS
23262| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
23263| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
23264| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
23265| [4231] Apache Cocoon Error Page Server Path Disclosure
23266| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
23267| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
23268| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
23269| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
23270| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
23271| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
23272| [3322] mod_php for Apache HTTP Server Process Hijack
23273| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
23274| [2885] Apache mod_python Malformed Query String DoS
23275| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
23276| [2733] Apache HTTP Server mod_rewrite Local Overflow
23277| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
23278| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
23279| [2149] Apache::Gallery Privilege Escalation
23280| [2107] Apache HTTP Server mod_ssl Host: Header XSS
23281| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
23282| [1833] Apache HTTP Server Multiple Slash GET Request DoS
23283| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
23284| [872] Apache Tomcat Multiple Default Accounts
23285| [862] Apache HTTP Server SSI Error Page XSS
23286| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
23287| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
23288| [845] Apache Tomcat MSDOS Device XSS
23289| [844] Apache Tomcat Java Servlet Error Page XSS
23290| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
23291| [838] Apache HTTP Server Chunked Encoding Remote Overflow
23292| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
23293| [775] Apache mod_python Module Importing Privilege Function Execution
23294| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
23295| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
23296| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
23297| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
23298| [637] Apache HTTP Server UserDir Directive Username Enumeration
23299| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
23300| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
23301| [562] Apache HTTP Server mod_info /server-info Information Disclosure
23302| [561] Apache Web Servers mod_status /server-status Information Disclosure
23303| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
23304| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
23305| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
23306| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
23307| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
23308| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
23309| [376] Apache Tomcat contextAdmin Arbitrary File Access
23310| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
23311| [222] Apache HTTP Server test-cgi Arbitrary File Access
23312| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
23313| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
23314|_
23315445/tcp closed microsoft-ds
233168008/tcp open http
23317| fingerprint-strings:
23318| FourOhFourRequest:
23319| HTTP/1.1 302 Found
23320| Location: https://:8010/nice%20ports%2C/Tri%6Eity.txt%2ebak
23321| Connection: close
23322| X-Frame-Options: SAMEORIGIN
23323| X-XSS-Protection: 1; mode=block
23324| X-Content-Type-Options: nosniff
23325| Content-Security-Policy: frame-ancestors
23326| GenericLines, HTTPOptions, RTSPRequest, SIPOptions:
23327| HTTP/1.1 302 Found
23328| Location: https://:8010
23329| Connection: close
23330| X-Frame-Options: SAMEORIGIN
23331| X-XSS-Protection: 1; mode=block
23332| X-Content-Type-Options: nosniff
23333| Content-Security-Policy: frame-ancestors
23334| GetRequest:
23335| HTTP/1.1 302 Found
23336| Location: https://:8010/
23337| Connection: close
23338| X-Frame-Options: SAMEORIGIN
23339| X-XSS-Protection: 1; mode=block
23340| X-Content-Type-Options: nosniff
23341|_ Content-Security-Policy: frame-ancestors
23342|_https-redirect: ERROR: Script execution failed (use -d to debug)
233431 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
23344SF-Port8008-TCP:V=7.80%I=7%D=11/30%Time=5DE2F42D%P=x86_64-pc-linux-gnu%r(G
23345SF:etRequest,CC,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010/\
23346SF:r\nConnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Prot
23347SF:ection:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20nosniff\r\nCo
23348SF:ntent-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(FourOhFourRequest
23349SF:,EF,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010/nice%20por
23350SF:ts%2C/Tri%6Eity\.txt%2ebak\r\nConnection:\x20close\r\nX-Frame-Options:\
23351SF:x20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Content-Typ
23352SF:e-Options:\x20nosniff\r\nContent-Security-Policy:\x20frame-ancestors\r\
23353SF:n\r\n")%r(GenericLines,CB,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20ht
23354SF:tps://:8010\r\nConnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r
23355SF:\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20n
23356SF:osniff\r\nContent-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(HTTPO
23357SF:ptions,CB,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://:8010\r\nC
23358SF:onnection:\x20close\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Protecti
23359SF:on:\x201;\x20mode=block\r\nX-Content-Type-Options:\x20nosniff\r\nConten
23360SF:t-Security-Policy:\x20frame-ancestors\r\n\r\n")%r(RTSPRequest,CB,"HTTP/
23361SF:1\.1\x20302\x20Found\r\nLocation:\x20https://:8010\r\nConnection:\x20cl
23362SF:ose\r\nX-Frame-Options:\x20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mod
23363SF:e=block\r\nX-Content-Type-Options:\x20nosniff\r\nContent-Security-Polic
23364SF:y:\x20frame-ancestors\r\n\r\n")%r(SIPOptions,CB,"HTTP/1\.1\x20302\x20Fo
23365SF:und\r\nLocation:\x20https://:8010\r\nConnection:\x20close\r\nX-Frame-Op
23366SF:tions:\x20SAMEORIGIN\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Cont
23367SF:ent-Type-Options:\x20nosniff\r\nContent-Security-Policy:\x20frame-ances
23368SF:tors\r\n\r\n");
23369Device type: general purpose
23370Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (91%)
23371OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
23372Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (91%), Linux 3.16 - 4.6 (88%), Linux 3.2.0 (87%), Linux 3.18 (87%), Linux 3.11 - 4.1 (86%), Linux 4.4 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 3.13 (85%), Linux 3.13 or 4.2 (85%)
23373No exact OS matches for host (test conditions non-ideal).
23374Uptime guess: 77.846 days (since Fri Sep 13 22:44:09 2019)
23375Network Distance: 2 hops
23376TCP Sequence Prediction: Difficulty=264 (Good luck!)
23377IP ID Sequence Generation: All zeros
23378
23379TRACEROUTE (using port 25/tcp)
23380HOP RTT ADDRESS
233811 329.39 ms 10.244.204.1
233822 329.38 ms AxPri.shabakah.net.sa (212.102.11.4)
23383
23384NSE: Script Post-scanning.
23385Initiating NSE at 18:01
23386Completed NSE at 18:01, 0.00s elapsed
23387Initiating NSE at 18:01
23388Completed NSE at 18:01, 0.00s elapsed
23389######################################################################################################################################
23390Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-30 18:01 EST
23391NSE: Loaded 47 scripts for scanning.
23392NSE: Script Pre-scanning.
23393Initiating NSE at 18:01
23394Completed NSE at 18:01, 0.00s elapsed
23395Initiating NSE at 18:01
23396Completed NSE at 18:01, 0.00s elapsed
23397Initiating Parallel DNS resolution of 1 host. at 18:01
23398Completed Parallel DNS resolution of 1 host. at 18:01, 0.02s elapsed
23399Initiating UDP Scan at 18:01
23400Scanning AxPri.shabakah.net.sa (212.102.11.4) [15 ports]
23401Completed UDP Scan at 18:02, 14.03s elapsed (15 total ports)
23402Initiating Service scan at 18:02
23403Scanning 13 services on AxPri.shabakah.net.sa (212.102.11.4)
23404Service scan Timing: About 7.69% done; ETC: 18:23 (0:19:24 remaining)
23405Completed Service scan at 18:03, 102.60s elapsed (13 services on 1 host)
23406Initiating OS detection (try #1) against AxPri.shabakah.net.sa (212.102.11.4)
23407Retrying OS detection (try #2) against AxPri.shabakah.net.sa (212.102.11.4)
23408Initiating Traceroute at 18:04
23409Completed Traceroute at 18:04, 7.85s elapsed
23410Initiating Parallel DNS resolution of 1 host. at 18:04
23411Completed Parallel DNS resolution of 1 host. at 18:04, 0.00s elapsed
23412NSE: Script scanning 212.102.11.4.
23413Initiating NSE at 18:04
23414Completed NSE at 18:05, 14.12s elapsed
23415Initiating NSE at 18:05
23416Completed NSE at 18:05, 10.02s elapsed
23417Nmap scan report for AxPri.shabakah.net.sa (212.102.11.4)
23418Host is up (1.3s latency).
23419
23420PORT STATE SERVICE VERSION
2342153/udp open|filtered domain
2342267/udp open|filtered dhcps
2342368/udp open|filtered dhcpc
2342469/udp open|filtered tftp
2342588/udp open|filtered kerberos-sec
23426123/udp open|filtered ntp
23427137/udp filtered netbios-ns
23428138/udp filtered netbios-dgm
23429139/udp open|filtered netbios-ssn
23430161/udp open|filtered snmp
23431162/udp open|filtered snmptrap
23432389/udp open|filtered ldap
23433500/udp open|filtered isakmp
23434|_ike-version: ERROR: Script execution failed (use -d to debug)
23435520/udp open|filtered route
234362049/udp open|filtered nfs
23437Too many fingerprints match this host to give specific OS details
23438
23439TRACEROUTE (using port 138/udp)
23440HOP RTT ADDRESS
234411 ... 4
234425 405.90 ms 10.244.204.1
234436 405.89 ms 10.244.204.1
234447 405.88 ms 10.244.204.1
234458 405.88 ms 10.244.204.1
234469 405.87 ms 10.244.204.1
2344710 405.88 ms 10.244.204.1
2344811 275.89 ms 10.244.204.1
2344912 ... 15
2345016 401.88 ms 10.244.204.1
2345117 ... 22
2345223 258.81 ms 10.244.204.1
2345324 160.90 ms 10.244.204.1
2345425 ...
2345526 302.02 ms 10.244.204.1
2345627 ... 29
2345730 156.54 ms 10.244.204.1
23458
23459NSE: Script Post-scanning.
23460Initiating NSE at 18:05
23461Completed NSE at 18:05, 0.00s elapsed
23462Initiating NSE at 18:05
23463Completed NSE at 18:05, 0.00s elapsed
23464#######################################################################################################################################
23465 Anonymous JTSEC #OpSaudiArabia Full Recon #17