· 6 years ago · Jan 19, 2020, 03:39 PM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname doozono.com ISP Chubu Telecommunications Company, Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Yamaguchi Local time 19 Jan 2020 22:57 JST
8City Unknown Postal Code Unknown
9IP Address 223.29.54.96 Latitude 34.186
10 Longitude 131.471
11=======================================================================================================================================
12#######################################################################################################################################
13> doozono.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: doozono.com
19Address: 223.29.54.96
20>
21######################################################################################################################################
22 Domain Name: DOOZONO.COM
23 Registry Domain ID: 997811037_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.discount-domain.com
25 Registrar URL: http://gmo.jp
26 Updated Date: 2019-05-12T16:01:09Z
27 Creation Date: 2007-05-28T09:21:43Z
28 Registry Expiry Date: 2020-05-28T09:21:43Z
29 Registrar: GMO Internet, Inc. d/b/a Onamae.com
30 Registrar IANA ID: 49
31 Registrar Abuse Contact Email: abuse@gmo.jp
32 Registrar Abuse Contact Phone: +81.337709199
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: 01.DNSV.JP
35 Name Server: 02.DNSV.JP
36 Name Server: 03.DNSV.JP
37 Name Server: 04.DNSV.JP
38 DNSSEC: unsigned
39######################################################################################################################################
40Domain Name: doozono.com
41Registry Domain ID: 997811037_DOMAIN_COM-VRSN
42Registrar WHOIS Server: whois.discount-domain.com
43Registrar URL: http://www.onamae.com
44Updated Date: 2019-05-13T01:01:09Z
45Creation Date: 2007-05-28T09:21:43Z
46Registrar Registration Expiration Date: 2020-05-28T09:21:43Z
47Registrar: GMO INTERNET, INC.
48Registrar IANA ID: 49
49Registrar Abuse Contact Email: abuse@gmo.jp
50Registrar Abuse Contact Phone: +81.337709199
51Domain Status: ok https://icann.org/epp#ok
52Registry Registrant ID: Not Available From Registry
53Registrant Name: doozono
54Registrant Organization: doozono
55Registrant Street: 1-9-26-3F Kyutaro-cho
56Registrant City: Chuo-ku Osaka-shi
57Registrant State/Province: Osaka
58Registrant Postal Code: 541-0056
59Registrant Country: JP
60Registrant Phone: +81.662654830
61Registrant Phone Ext:
62Registrant Fax:
63Registrant Fax Ext:
64Registrant Email: nic-staff@sakura.ad.jp
65Registry Admin ID: Not Available From Registry
66Admin Name: SAKURA Internet SAKURA Internet
67Admin Organization: SAKURA Internet Inc.
68Admin Street: 1-9-26-3F Kyutaro-cho
69Admin City: Chuo-ku Osaka-shi
70Admin State/Province: Osaka
71Admin Postal Code: 541-0056
72Admin Country: JP
73Admin Phone: +81.662654830
74Admin Phone Ext:
75Admin Fax:
76Admin Fax Ext:
77Admin Email: info@fourbig.co.jp
78Registry Tech ID: Not Available From Registry
79Tech Name: Internet SAKURA Internet SAKURA
80Tech Organization: Internet SAKURA
81Tech Street: 1-9-26-3F Kyutaro-cho
82Tech City: Chuo-ku Osaka-shi
83Tech State/Province: Osaka
84Tech Postal Code: 541-0056
85Tech Country: JP
86Tech Phone: +81.662654830
87Tech Phone Ext:
88Tech Fax:
89Tech Fax Ext:
90Tech Email: nic-staff@sakura.ad.jp
91Name Server: 01.dnsv.jp
92Name Server: 02.dnsv.jp
93Name Server: 03.dnsv.jp
94Name Server: 04.dnsv.jp
95DNSSEC: unsigned
96######################################################################################################################################
97[+] Target : doozono.com
98
99[+] IP Address : 223.29.54.96
100
101[+] Headers :
102
103[+] Date : Sun, 19 Jan 2020 14:02:21 GMT
104[+] Server : Apache
105[+] Set-Cookie : CAKEPHP=f433otujc0mkmavsk90l92g1cv; expires=Sun, 19-Jan-2020 16:02:22 GMT; Max-Age=7200; path=/; HttpOnly
106[+] Content-Length : 24191
107[+] Connection : close
108[+] Content-Type : text/html; charset=UTF-8
109
110[+] SSL Certificate Information :
111
112[+] commonName : ssl.hp4u.jp
113[+] countryName : US
114[+] organizationName : Let's Encrypt
115[+] commonName : Let's Encrypt Authority X3
116[+] Version : 3
117[+] Serial Number : 030C57B03F2F9F8E4480F777A29DEED9C0B2
118[+] Not Before : Jan 6 03:51:24 2020 GMT
119[+] Not After : Apr 5 03:51:24 2020 GMT
120[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
121[+] subject Alt Name : (('DNS', 'ssl.hp4u.jp'),)
122[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
123
124[+] Whois Lookup :
125
126[+] NIR : {'query': '223.29.54.96', 'raw': None, 'nets': [{'cidr': '223.29.54.0/25', 'name': 'Tobila Systems, Inc.', 'handle': 'CTC-TBL-01', 'range': '223.29.54.1 - 223.29.54.127', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': None, 'created': None, 'updated': '2017-08-23T07:07:02', 'contacts': {'admin': {'email': 'register@tobila.com', 'organization': 'Tobila Systems, Inc.', 'division': 'Engineering Department', 'phone': '050-5533-3720', 'fax': '052-253-7692', 'updated': '2017-08-16T07:35:04'}, 'tech': {'email': 'register@tobila.com', 'organization': 'Tobila Systems, Inc.', 'division': 'Engineering Department', 'phone': '050-5533-3720', 'fax': '052-253-7692', 'updated': '2017-08-16T07:35:04'}}}]}
127[+] ASN Registry : apnic
128[+] ASN : 18126
129[+] ASN CIDR : 223.29.0.0/17
130[+] ASN Country Code : JP
131[+] ASN Date : 2010-09-01
132[+] ASN Description : CTCX Chubu Telecommunications Company, Inc., JP
133[+] cidr : 223.29.0.0/17
134[+] name : CTC
135[+] handle : JNIC1-AP
136[+] range : 223.29.0.0 - 223.29.127.255
137[+] description : Chubu Telecommunications Co.,Inc.
138Sakae 2-2-5, Naka-ku, Nagoya-shi, 460-0008 JAPAN
139[+] country : JP
140[+] state : None
141[+] city : None
142[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
143Chiyoda-ku, Tokyo 101-0047, Japan
144[+] postal_code : None
145[+] emails : ['abuse@ctc.ad.jp', 'hostmaster@nic.ad.jp']
146[+] created : None
147[+] updated : None
148
149[+] Crawling Target...
150
151[+] Looking for robots.txt........[ Not Found ]
152[+] Looking for sitemap.xml.......[ Found ]
153[+] Extracting sitemap Links......[ 0 ]
154[+] Extracting CSS Links..........[ 11 ]
155[+] Extracting Javascript Links...[ 13 ]
156[+] Extracting Internal Links.....[ 20 ]
157[+] Extracting External Links.....[ 0 ]
158[+] Extracting Images.............[ 22 ]
159
160[+] Total Links Extracted : 66
161
162[+] Dumping Links in /opt/FinalRecon/dumps/doozono.com.dump
163[+] Completed!
164######################################################################################################################################
165[i] Scanning Site: http://223.29.54.96
166
167
168
169B A S I C I N F O
170====================
171
172
173[+] Site Title:
174[+] IP address: 223.29.54.96
175[+] Web Server: Apache
176[+] CMS: Could Not Detect
177[+] Cloudflare: Not Detected
178[+] Robots File: Could NOT Find robots.txt!
179
180
181
182
183W H O I S L O O K U P
184========================
185
186 % This is the RIPE Database query service.
187% The objects are in RPSL format.
188%
189% The RIPE Database is subject to Terms and Conditions.
190% See http://www.ripe.net/db/support/db-terms-conditions.pdf
191
192% Note: this output has been filtered.
193% To receive output for a database update, use the "-B" flag.
194
195% Information related to '220.158.200.0 - 255.255.255.255'
196
197% No abuse contact registered for 220.158.200.0 - 255.255.255.255
198
199inetnum: 220.158.200.0 - 255.255.255.255
200netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
201descr: IPv4 address block not managed by the RIPE NCC
202remarks: ------------------------------------------------------
203remarks:
204remarks: For registration information,
205remarks: you can consult the following sources:
206remarks:
207remarks: IANA
208remarks: http://www.iana.org/assignments/ipv4-address-space
209remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
210remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
211remarks:
212remarks: AFRINIC (Africa)
213remarks: http://www.afrinic.net/ whois.afrinic.net
214remarks:
215remarks: APNIC (Asia Pacific)
216remarks: http://www.apnic.net/ whois.apnic.net
217remarks:
218remarks: ARIN (Northern America)
219remarks: http://www.arin.net/ whois.arin.net
220remarks:
221remarks: LACNIC (Latin America and the Carribean)
222remarks: http://www.lacnic.net/ whois.lacnic.net
223remarks:
224remarks: ------------------------------------------------------
225country: EU # Country is really world wide
226admin-c: IANA1-RIPE
227tech-c: IANA1-RIPE
228status: ALLOCATED UNSPECIFIED
229mnt-by: RIPE-NCC-HM-MNT
230created: 2019-01-07T10:46:25Z
231last-modified: 2019-01-07T10:46:25Z
232source: RIPE
233
234% This query was served by the RIPE Database Query Service version 1.96 (BLAARKOP)
235
236
237
238
239
240
241G E O I P L O O K U P
242=========================
243
244[i] IP Address: 223.29.54.96
245[i] Country: Japan
246[i] State:
247[i] City:
248[i] Latitude: 35.69
249[i] Longitude: 139.69
250
251
252
253
254H T T P H E A D E R S
255=======================
256
257
258[i] HTTP/1.1 404 Not Found
259[i] Date: Sun, 19 Jan 2020 14:02:42 GMT
260[i] Server: Apache
261[i] Content-Length: 1354
262[i] Connection: close
263[i] Content-Type: text/html; charset=UTF-8
264
265
266
267
268D N S L O O K U P
269===================
270
271no records found
272
273
274
275S U B N E T C A L C U L A T I O N
276====================================
277
278Address = 223.29.54.96
279Network = 223.29.54.96 / 32
280Netmask = 255.255.255.255
281Broadcast = not needed on Point-to-Point links
282Wildcard Mask = 0.0.0.0
283Hosts Bits = 0
284Max. Hosts = 1 (2^0 - 0)
285Host Range = { 223.29.54.96 - 223.29.54.96 }
286
287
288
289N M A P P O R T S C A N
290============================
291
292Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-19 14:02 UTC
293Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
294Host is up (0.16s latency).
295
296PORT STATE SERVICE
29721/tcp filtered ftp
29822/tcp filtered ssh
29923/tcp filtered telnet
30080/tcp open http
301110/tcp open pop3
302143/tcp open imap
303443/tcp open https
3043389/tcp filtered ms-wbt-server
305
306Nmap done: 1 IP address (1 host up) scanned in 2.43 seconds
307
308######################################################################################################################################
309[+] Starting At 2020-01-19 09:03:00.958079
310[+] Collecting Information On: http://doozono.com/
311[#] Status: 200
312--------------------------------------------------
313[#] Web Server Detected: Apache
314[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
315- Date: Sun, 19 Jan 2020 14:02:56 GMT
316- Server: Apache
317- Set-Cookie: CAKEPHP=33bnrfkdg32ukic8pvc2i1ir2e; expires=Sun, 19-Jan-2020 16:02:56 GMT; Max-Age=7200; path=/; HttpOnly
318- Content-Length: 24191
319- Connection: close
320- Content-Type: text/html; charset=UTF-8
321--------------------------------------------------
322[#] Finding Location..!
323[#] status: success
324[#] country: Japan
325[#] countryCode: JP
326[#] region: 23
327[#] regionName: Aichi
328[#] city: Naka
329[#] zip: 461-0005
330[#] lat: 35.1687
331[#] lon: 136.91
332[#] timezone: Asia/Tokyo
333[#] isp: Chubu Telecommunications Company
334[#] org: Chubu Telecommunications Co., Inc.
335[#] as: AS18126 Chubu Telecommunications Company, Inc.
336[#] query: 223.29.54.96
337--------------------------------------------------
338[x] Didn't Detect WAF Presence on: http://doozono.com/
339--------------------------------------------------
340[#] Starting Reverse DNS
341[-] Failed ! Fail
342--------------------------------------------------
343[!] Scanning Open Port
344[#] 80/tcp open http
345[#] 110/tcp open pop3
346[#] 143/tcp open imap
347[#] 443/tcp open https
348[#] 465/tcp open smtps
349[#] 587/tcp open submission
350[#] 993/tcp open imaps
351[#] 995/tcp open pop3s
352--------------------------------------------------
353[+] Getting SSL Info
354[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'doozono.com'. (_ssl.c:1076)
355--------------------------------------------------
356[+] Collecting Information Disclosure!
357[#] Detecting sitemap.xml file
358[!] sitemap.xml File Found: http://doozono.com//sitemap.xml
359[#] Detecting robots.txt file
360[-] robots.txt file not Found!?
361[#] Detecting GNU Mailman
362[-] GNU Mailman App Not Detected!?
363--------------------------------------------------
364[+] Crawling Url Parameter On: http://doozono.com/
365--------------------------------------------------
366[#] Searching Html Form !
367[-] No Html Form Found!?
368--------------------------------------------------
369[!] Found 14 dom parameter
370[#] http://doozono.com/recommend#a
371[#] http://doozono.com/recommend#b
372[#] http://doozono.com/recommend#c
373[#] http://doozono.com/special_dish#a
374[#] http://doozono.com/special_dish#b
375[#] http://doozono.com/menu#e
376[#] http://doozono.com/menu#a
377[#] http://doozono.com/menu#b
378[#] http://doozono.com/menu#c
379[#] http://doozono.com/menu#d
380[#] http://doozono.com/sister_restaurant#a
381[#] http://doozono.com/location#a
382[#] http://doozono.com/location#b
383[#] http://doozono.com//#wrapper
384--------------------------------------------------
385[-] No internal Dynamic Parameter Found!?
386--------------------------------------------------
387[-] No external Dynamic Paramter Found!?
388--------------------------------------------------
389[!] 41 Internal links Discovered
390[+] http://doozono.com
391[+] http://doozono.com///themed/s00013/css/reset.css
392[+] http://doozono.com///themed/s00013/css/base.css
393[+] http://doozono.com///themed/s00013/css/style_blue.css
394[+] http://doozono.com///css/r_design/tiny_mce_templates/content_templates.css
395[+] http://doozono.com///css/r_design/tiny_mce_templates/content_templates_sp.css
396[+] http://doozono.com///img/sites/doozono/base/add.css
397[+] http://doozono.com///img/sites/doozono/base/sub_g.css
398[+] http://doozono.com///img/sites/doozono/base/custom.css
399[+] http://doozono.com/
400[+] http://doozono.com/location
401[+] http://doozono.com///img/sites/doozono/base/header_custom.css
402[+] http://doozono.com/
403[+] http://doozono.com/
404[+] http://doozono.com/feelings
405[+] http://doozono.com/recommend
406[+] http://doozono.com/special_dish
407[+] http://doozono.com/menu
408[+] http://doozono.com/sister_restaurant
409[+] http://doozono.com/location
410[+] http://doozono.com/feelings
411[+] http://doozono.com/recommend
412[+] http://doozono.com/special_dish
413[+] http://doozono.com/menu
414[+] http://doozono.com/sister_restaurant
415[+] http://doozono.com/location
416[+] http://doozono.com/location
417[+] http://doozono.com///img/sites/doozono/base/5Z2A0075.jpg
418[+] http://doozono.com///img/sites/doozono/base/5Z2A9946.jpg
419[+] http://doozono.com///img/sites/doozono/base/5Z2A0050.jpg
420[+] http://doozono.com///img/sites/doozono/base/_DSC1387.jpg
421[+] http://doozono.com///img/sites/doozono/base/5Z2A0057.jpg
422[+] http://doozono.com///img/sites/doozono/base/_DSC1429.jpg
423[+] http://doozono.com///img/sites/doozono/base/5Z2A0084.jpg
424[+] http://doozono.com///img/sites/doozono/base/_DSC1576.jpg
425[+] http://doozono.com///img/sites/doozono/base/5Z2A0087.jpg
426[+] http://doozono.com///img/sites/doozono/base/5Z2A0078.jpg
427[+] http://doozono.com///img/sites/doozono/base/5Z2A0067.jpg
428[+] http://doozono.com///img/sites/doozono/base/5Z2A0061.jpg
429[+] http://doozono.com//javascript:void(0);
430[+] http://doozono.com//javascript:void(0);
431--------------------------------------------------
432[!] 7 External links Discovered
433[#] http://labo.miraicre.com/ver2/system/css/lightbox.min.css
434[#] https://fonts.googleapis.com/earlyaccess/notosansjapanese.css
435[#] https://fonts.googleapis.com/earlyaccess/hannari.css
436[#] http://labo.miraicre.com/ver2/system/css/smart_phone.css
437[#] http://labo.miraicre.com/ver2/system/css/ipad.css
438[#] http://labo.miraicre.com/ver2/system/css/android.css
439[#] http://labo.miraicre.com/ver2/system/css/pc.css
440--------------------------------------------------
441[#] Mapping Subdomain..
442[!] Found 2 Subdomain
443- doozono.com
444- www.doozono.com
445--------------------------------------------------
446[!] Done At 2020-01-19 09:03:29.095096
447######################################################################################################################################
448[INFO] ------TARGET info------
449[*] TARGET: http://doozono.com/
450[*] TARGET IP: 223.29.54.96
451[INFO] NO load balancer detected for doozono.com...
452[*] DNS servers: 01.dnsv.jp.
453[*] TARGET server: Apache
454[*] CC: JP
455[*] Country: Japan
456[*] RegionCode: 23
457[*] RegionName: Aichi
458[*] City: Naka
459[*] ASN: AS18126
460[*] BGP_PREFIX: 223.29.0.0/17
461[*] ISP: CTCX Chubu Telecommunications Company, Inc., JP
462[INFO] DNS enumeration:
463[INFO] Possible abuse mails are:
464[*] abuse@ctc.ad.jp
465[*] abuse@doozono.com
466[INFO] NO PAC (Proxy Auto Configuration) file FOUND
467[INFO] Starting FUZZing in http://doozono.com/FUzZzZzZzZz...
468[INFO] Status code Folders
469[*] 200 http://doozono.com/index
470[ALERT] Look in the source code. It may contain passwords
471[INFO] Links found from http://doozono.com/ http://223.29.54.96/:
472[*] http://doozono.com/
473[*] http://doozono.com/feelings
474[*] http://doozono.com/img/sites/doozono/base/5Z2A0050.jpg
475[*] http://doozono.com/img/sites/doozono/base/5Z2A0057.jpg
476[*] http://doozono.com/img/sites/doozono/base/5Z2A0061.jpg
477[*] http://doozono.com/img/sites/doozono/base/5Z2A0067.jpg
478[*] http://doozono.com/img/sites/doozono/base/5Z2A0075.jpg
479[*] http://doozono.com/img/sites/doozono/base/5Z2A0078.jpg
480[*] http://doozono.com/img/sites/doozono/base/5Z2A0084.jpg
481[*] http://doozono.com/img/sites/doozono/base/5Z2A0087.jpg
482[*] http://doozono.com/img/sites/doozono/base/5Z2A9946.jpg
483[*] http://doozono.com/img/sites/doozono/base/_DSC1387.jpg
484[*] http://doozono.com/img/sites/doozono/base/_DSC1429.jpg
485[*] http://doozono.com/img/sites/doozono/base/_DSC1576.jpg
486[*] http://doozono.com/location
487[*] http://doozono.com/location#a
488[*] http://doozono.com/location#b
489[*] http://doozono.com/menu
490[*] http://doozono.com/menu#a
491[*] http://doozono.com/menu#b
492[*] http://doozono.com/menu#c
493[*] http://doozono.com/menu#d
494[*] http://doozono.com/menu#e
495[*] http://doozono.com/recommend
496[*] http://doozono.com/recommend#a
497[*] http://doozono.com/recommend#b
498[*] http://doozono.com/recommend#c
499[*] http://doozono.com/sister_restaurant
500[*] http://doozono.com/sister_restaurant#a
501[*] http://doozono.com/special_dish
502[*] http://doozono.com/special_dish#a
503[*] http://doozono.com/special_dish#b
504[*] http://doozono.com/#wrapper
505[*] https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d3280.2959371052707!2d135.49517391574912!3d34.697714980435315!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x6000e6ed837f9f2b:0xac799f0da36d46f!2z44Gp44GK44Ge44Gu!5e0!3m2!1sja!2sjp!4v1498123641303
506cut: intervalle de champ incorrecte
507Saisissez « cut --help » pour plus d'informations.
508[INFO] Shodan detected the following opened ports on 223.29.54.96:
509[*] 443
510[*] 80
511[INFO] ------VirusTotal SECTION------
512[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
513[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
514[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
515[INFO] ------Alexa Rank SECTION------
516[INFO] Percent of Visitors Rank in Country:
517[INFO] Percent of Search Traffic:
518[INFO] Percent of Unique Visits:
519[INFO] Total Sites Linking In:
520[*] Total Sites
521[INFO] Useful links related to doozono.com - 223.29.54.96:
522[*] https://www.virustotal.com/pt/ip-address/223.29.54.96/information/
523[*] https://www.hybrid-analysis.com/search?host=223.29.54.96
524[*] https://www.shodan.io/host/223.29.54.96
525[*] https://www.senderbase.org/lookup/?search_string=223.29.54.96
526[*] https://www.alienvault.com/open-threat-exchange/ip/223.29.54.96
527[*] http://pastebin.com/search?q=223.29.54.96
528[*] http://urlquery.net/search.php?q=223.29.54.96
529[*] http://www.alexa.com/siteinfo/doozono.com
530[*] http://www.google.com/safebrowsing/diagnostic?site=doozono.com
531[*] https://censys.io/ipv4/223.29.54.96
532[*] https://www.abuseipdb.com/check/223.29.54.96
533[*] https://urlscan.io/search/#223.29.54.96
534[*] https://github.com/search?q=223.29.54.96&type=Code
535[INFO] Useful links related to AS18126 - 223.29.0.0/17:
536[*] http://www.google.com/safebrowsing/diagnostic?site=AS:18126
537[*] https://www.senderbase.org/lookup/?search_string=223.29.0.0/17
538[*] http://bgp.he.net/AS18126
539[*] https://stat.ripe.net/AS18126
540[INFO] Date: 19/01/20 | Time: 09:04:11
541[INFO] Total time: 0 minute(s) and 55 second(s)
542######################################################################################################################################
543Trying "doozono.com"
544;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29186
545;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 6
546
547;; QUESTION SECTION:
548;doozono.com. IN ANY
549
550;; ANSWER SECTION:
551doozono.com. 0 IN MX 10 mail.hp4u.jp.
552doozono.com. 0 IN A 223.29.54.96
553doozono.com. 0 IN SOA 01.dnsv.jp. hostmaster.dnsv.jp. 1535365426 3600 900 604800 300
554doozono.com. 0 IN NS 02.dnsv.jp.
555doozono.com. 0 IN NS 01.dnsv.jp.
556doozono.com. 0 IN NS 03.dnsv.jp.
557doozono.com. 0 IN NS 04.dnsv.jp.
558
559;; AUTHORITY SECTION:
560doozono.com. 43200 IN NS 04.dnsv.jp.
561doozono.com. 43200 IN NS 02.dnsv.jp.
562doozono.com. 43200 IN NS 03.dnsv.jp.
563doozono.com. 43200 IN NS 01.dnsv.jp.
564
565;; ADDITIONAL SECTION:
56603.dnsv.jp. 29171 IN A 157.7.32.35
56703.dnsv.jp. 29171 IN AAAA 2400:8500:3000::53
56801.dnsv.jp. 21983 IN A 157.7.32.53
56902.dnsv.jp. 29171 IN A 157.7.33.53
57004.dnsv.jp. 29171 IN A 157.7.33.35
57104.dnsv.jp. 29171 IN AAAA 2400:8500:3fff::53
572
573Received 369 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 226 ms
574######################################################################################################################################
575; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace doozono.com any
576;; global options: +cmd
577. 83396 IN NS b.root-servers.net.
578. 83396 IN NS e.root-servers.net.
579. 83396 IN NS h.root-servers.net.
580. 83396 IN NS g.root-servers.net.
581. 83396 IN NS k.root-servers.net.
582. 83396 IN NS c.root-servers.net.
583. 83396 IN NS a.root-servers.net.
584. 83396 IN NS f.root-servers.net.
585. 83396 IN NS d.root-servers.net.
586. 83396 IN NS i.root-servers.net.
587. 83396 IN NS l.root-servers.net.
588. 83396 IN NS j.root-servers.net.
589. 83396 IN NS m.root-servers.net.
590. 83396 IN RRSIG NS 8 0 518400 20200201050000 20200119040000 33853 . zmM/gCiOlLmdrcx1+Ae8f4vXVmEtCAXXPhHJqMb961AXYWvZuEn3BWPM Tna3OX1y2igyKyCGE5fgYMz7y3XGxwpmPIP2xD9XswGsrzBhqsyCq+kg Is2+iTIy2vTfPnsmLCx/id/H6Sn9XzAFwt/omepqOMQQdt/TsRDZUrV9 5X1LuL0ulI/Dm2wu8lart4Zv8RnGNsbABoVzs9KFwUwqItP5QDa6thja SbLwqOhV0tY0zyZ45lXfDWCvTmVRvyZ2NcamONxWDzTEutf2X9uGayjq Yd+bA0ebXTRv3nkEJet82QbGP9xdPvIapeJ2vQosPYdXFkqpAp5FP3Q7 Mu85hQ==
591;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 84 ms
592
593com. 172800 IN NS a.gtld-servers.net.
594com. 172800 IN NS b.gtld-servers.net.
595com. 172800 IN NS c.gtld-servers.net.
596com. 172800 IN NS d.gtld-servers.net.
597com. 172800 IN NS e.gtld-servers.net.
598com. 172800 IN NS f.gtld-servers.net.
599com. 172800 IN NS g.gtld-servers.net.
600com. 172800 IN NS h.gtld-servers.net.
601com. 172800 IN NS i.gtld-servers.net.
602com. 172800 IN NS j.gtld-servers.net.
603com. 172800 IN NS k.gtld-servers.net.
604com. 172800 IN NS l.gtld-servers.net.
605com. 172800 IN NS m.gtld-servers.net.
606com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
607com. 86400 IN RRSIG DS 8 1 86400 20200201050000 20200119040000 33853 . sn/A0alInZfySQh+2Hpr9YiTP7KSMtZG/ZdCNqVDuug0HyrEoHMUVcFH 9vP0H9iFQiRdubI5dLYgSs2+mUIsEw1WTAtccQMSgXtIh0+QwjM2gQvq 8od2qAjxdH0b+A6j1P/weOzMYm0TZjnqf3koF6oUgNi+cx8dVgWIsRfq +JBYUdFk4aD6M5pWyRkgCt1m/Q/JzeOalI7bNi2qVtzu+0Ra5MkWuZz4 feVtn0P959lgGbRoZx9H4yE09d0tlTByi2hiH/8i//3PPUWKvceB0p+c aC1g01Xm0dQ16aWoKlYUeKsgY3HqpJwLOrbvX1qXaYEquc5fTUzzeclV 3Y92Yw==
608;; Received 1171 bytes from 2001:503:c27::2:30#53(j.root-servers.net) in 152 ms
609
610doozono.com. 172800 IN NS 01.dnsv.jp.
611doozono.com. 172800 IN NS 02.dnsv.jp.
612doozono.com. 172800 IN NS 03.dnsv.jp.
613doozono.com. 172800 IN NS 04.dnsv.jp.
614CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
615CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200126055014 20200119044014 56311 com. NcJcIRRw7pXwPdxkhDo/FJiXqzuNXVWc3cjoFHtkMyhCCt7JCPk5d7rK iKj5KOAtJ5fq/5UnNb3FTUrrd5YQgK1fkCCG9E1vZ7626YD0N9eVAcRM M75NPBo7IBJoS8Ko8ekQttNC9DfVOfQTHUhEPNbDZ4lCDUeyYLh2JvPB xOzRtQ4AfM2Fycu2/QgS4isGR/ktIqGz63pCPQpGrXoDyw==
616L77K4TAI8J0TSUSN0M3TDLAT6FVPJGVQ.com. 86400 IN NSEC3 1 1 0 - L77LG9PF3KJD62HP6JBDAELVDJHDP0HI NS DS RRSIG
617L77K4TAI8J0TSUSN0M3TDLAT6FVPJGVQ.com. 86400 IN RRSIG NSEC3 8 2 86400 20200124060110 20200117045110 56311 com. AATxKQs9fS8pQHu3FHCf6KUhYhirYoKx7VviidQYFiLMHajqTAE37LcJ lngzWjFy/2h6WII66wptyAfkxnaBTKcauhikHBzAce+Uwvl+hVvS3hzT 6obQZz+2zeWOX+ccy6gzbahJfd8GrgyWI61aLBNgjC5ZcxIQDwJYf+bO xKqZodT3Rl9mBycqef7XAl4Rvd74BC1ZwT0amlW8maudtQ==
618;; Received 664 bytes from 192.54.112.30#53(h.gtld-servers.net) in 131 ms
619
620doozono.com. 86400 IN SOA 01.dnsv.jp. hostmaster.dnsv.jp. 1535365426 3600 900 604800 300
621doozono.com. 86400 IN NS 01.dnsv.jp.
622doozono.com. 86400 IN NS 02.dnsv.jp.
623doozono.com. 86400 IN NS 03.dnsv.jp.
624doozono.com. 86400 IN NS 04.dnsv.jp.
625doozono.com. 300 IN A 223.29.54.96
626doozono.com. 300 IN MX 10 mail.hp4u.jp.
627;; Received 204 bytes from 157.7.33.53#53(02.dnsv.jp) in 283 ms
628#####################################################################################################################################
629[*] Performing General Enumeration of Domain: doozono.com
630[-] DNSSEC is not configured for doozono.com
631[*] SOA 01.dnsv.jp 157.7.32.53
632[*] NS 04.dnsv.jp 157.7.33.35
633[*] NS 04.dnsv.jp 2400:8500:3fff::53
634[*] NS 02.dnsv.jp 157.7.33.53
635[*] NS 01.dnsv.jp 157.7.32.53
636[*] NS 03.dnsv.jp 157.7.32.35
637[*] NS 03.dnsv.jp 2400:8500:3000::53
638[*] MX mail.hp4u.jp 223.29.54.96
639[*] A doozono.com 223.29.54.96
640[*] Enumerating SRV Records
641[-] No SRV Records Found for doozono.com
642[+] 0 Records Found
643#####################################################################################################################################
644[*] Processing domain doozono.com
645[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
646[+] Getting nameservers
647157.7.33.35 - 04.dnsv.jp
648157.7.33.53 - 02.dnsv.jp
649157.7.32.53 - 01.dnsv.jp
650157.7.32.35 - 03.dnsv.jp
651[-] Zone transfer failed
652
653[+] MX records found, added to target list
65410 mail.hp4u.jp.
655
656[*] Scanning doozono.com for A records
657223.29.54.96 - doozono.com
658223.29.54.96 - www.doozono.com
659######################################################################################################################################
660 AVAILABLE PLUGINS
661 -----------------
662
663 CompressionPlugin
664 OpenSslCipherSuitesPlugin
665 FallbackScsvPlugin
666 HttpHeadersPlugin
667 RobotPlugin
668 EarlyDataPlugin
669 OpenSslCcsInjectionPlugin
670 SessionResumptionPlugin
671 CertificateInfoPlugin
672 SessionRenegotiationPlugin
673 HeartbleedPlugin
674
675
676
677 CHECKING HOST(S) AVAILABILITY
678 -----------------------------
679
680 223.29.54.96:443 => 223.29.54.96
681
682
683
684
685 SCAN RESULTS FOR 223.29.54.96:443 - 223.29.54.96
686 ------------------------------------------------
687
688 * OpenSSL Heartbleed:
689 OK - Not vulnerable to Heartbleed
690
691 * TLSV1_3 Cipher Suites:
692 Server rejected all cipher suites.
693
694 * Session Renegotiation:
695 Client-initiated Renegotiation: OK - Rejected
696 Secure Renegotiation: OK - Supported
697
698 * Certificate Information:
699 Content
700 SHA1 Fingerprint: 98b502be59f23ee84d077f26de6b078114d9247e
701 Common Name: ssl.hp4u.jp
702 Issuer: Let's Encrypt Authority X3
703 Serial Number: 265536804159777300087791022073840477520050
704 Not Before: 2020-01-06 03:51:24
705 Not After: 2020-04-05 03:51:24
706 Signature Algorithm: sha256
707 Public Key Algorithm: RSA
708 Key Size: 2048
709 Exponent: 65537 (0x10001)
710 DNS Subject Alternative Names: ['ssl.hp4u.jp']
711
712 Trust
713 Hostname Validation: FAILED - Certificate does NOT match 223.29.54.96
714 Android CA Store (9.0.0_r9): OK - Certificate is trusted
715 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
716 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
717 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
718 Windows CA Store (2019-05-27): OK - Certificate is trusted
719 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
720 Received Chain: ssl.hp4u.jp --> Let's Encrypt Authority X3
721 Verified Chain: ssl.hp4u.jp --> Let's Encrypt Authority X3 --> DST Root CA X3
722 Received Chain Contains Anchor: OK - Anchor certificate not sent
723 Received Chain Order: OK - Order is valid
724 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
725
726 Extensions
727 OCSP Must-Staple: NOT SUPPORTED - Extension not found
728 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
729
730 OCSP Stapling
731 NOT SUPPORTED - Server did not send back an OCSP response
732
733 * TLSV1_1 Cipher Suites:
734 Forward Secrecy OK - Supported
735 RC4 OK - Not Supported
736
737 Preferred:
738 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
739 Accepted:
740 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
741 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
742 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
743 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
744 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
745 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
746 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
747 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
748 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
749
750 * Deflate Compression:
751 OK - Compression disabled
752
753 * Downgrade Attacks:
754 TLS_FALLBACK_SCSV: OK - Supported
755
756 * TLSV1_2 Cipher Suites:
757 Forward Secrecy OK - Supported
758 RC4 OK - Not Supported
759
760 Preferred:
761 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
762 Accepted:
763 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
764 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
765 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
766 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
767 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
768 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
769 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
770 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
771 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found
772 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
773 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
774 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
775 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
776 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
777 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found
778 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found
779 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
780 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found
781 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found
782 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
783 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
784 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
785
786 * TLS 1.2 Session Resumption Support:
787 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
788 With TLS Tickets: OK - Supported
789
790 * TLSV1 Cipher Suites:
791 Forward Secrecy OK - Supported
792 RC4 OK - Not Supported
793
794 Preferred:
795 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
796 Accepted:
797 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
798 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
799 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
800 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
801 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
802 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
803 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found
804 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found
805 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 404 Not Found
806
807 * OpenSSL CCS Injection:
808 OK - Not vulnerable to OpenSSL CCS injection
809
810 * ROBOT Attack:
811 OK - Not vulnerable
812
813 * SSLV2 Cipher Suites:
814 Server rejected all cipher suites.
815
816 * SSLV3 Cipher Suites:
817 Server rejected all cipher suites.
818
819
820 SCAN COMPLETED IN 25.44 S
821 -------------------------
822#####################################################################################################################################
823Domains still to check: 1
824 Checking if the hostname doozono.com. given is in fact a domain...
825
826Analyzing domain: doozono.com.
827 Checking NameServers using system default resolver...
828 IP: 157.7.33.35 (Japan)
829 HostName: 04.dnsv.jp Type: NS
830 HostName: 04.dnsv.jp Type: PTR
831 IP: 157.7.33.53 (Japan)
832 HostName: 02.dnsv.jp Type: NS
833 HostName: 02.dnsv.jp Type: PTR
834 IP: 157.7.32.53 (Japan)
835 HostName: 01.dnsv.jp Type: NS
836 HostName: 01.dnsv.jp Type: PTR
837 IP: 157.7.32.35 (Japan)
838 HostName: 03.dnsv.jp Type: NS
839 HostName: 03.dnsv.jp Type: PTR
840
841 Checking MailServers using system default resolver...
842 IP: 223.29.54.96 (Japan)
843 HostName: mail.hp4u.jp Type: MX
844 HostName: 223-29-54-96.tobila.com Type: PTR
845
846 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
847 No zone transfer found on nameserver 157.7.33.35
848 No zone transfer found on nameserver 157.7.32.53
849 No zone transfer found on nameserver 157.7.32.35
850 No zone transfer found on nameserver 157.7.33.53
851
852 Checking SPF record...
853 No SPF record
854
855 Checking 192 most common hostnames using system default resolver...
856 IP: 223.29.54.96 (Japan)
857 HostName: mail.hp4u.jp Type: MX
858 HostName: 223-29-54-96.tobila.com Type: PTR
859 HostName: www.doozono.com. Type: A
860
861 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
862 Checking netblock 223.29.54.0
863 Checking netblock 157.7.33.0
864 Checking netblock 157.7.32.0
865
866 Searching for doozono.com. emails in Google
867
868 Checking 5 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
869 Host 223.29.54.96 is up (reset ttl 64)
870 Host 157.7.33.35 is up (reset ttl 64)
871 Host 157.7.32.53 is up (reset ttl 64)
872 Host 157.7.32.35 is up (reset ttl 64)
873 Host 157.7.33.53 is up (reset ttl 64)
874
875 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
876 Scanning ip 223.29.54.96 (www.doozono.com.):
877 80/tcp open http syn-ack ttl 44 Apache httpd
878 |_http-favicon: Unknown favicon MD5: BA8DF7ED1AA97EC61D6B4E87CD8D92DA
879 |_http-server-header: Apache
880 |_http-title: \xE3\x83\x9A\xE3\x83\xBC\xE3\x82\xB8\xE3\x81\x8C\xE3\x81\xBF\xE3\x81\xA4\xE3\x81\x8B\xE3\x82\x8A\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93
881 110/tcp open pop3 syn-ack ttl 44 Dovecot pop3d
882 |_pop3-capabilities: AUTH-RESP-CODE PIPELINING CAPA SASL(PLAIN) TOP UIDL USER STLS RESP-CODES
883 |_ssl-date: TLS randomness does not represent time
884 143/tcp open imap syn-ack ttl 44 Dovecot imapd
885 |_imap-capabilities: more have post-login OK IMAP4rev1 STARTTLS IDLE LITERAL+ listed Pre-login AUTH=PLAINA0001 capabilities ENABLE ID SASL-IR LOGIN-REFERRALS
886 |_ssl-date: TLS randomness does not represent time
887 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
888 |_http-favicon: Unknown favicon MD5: BA8DF7ED1AA97EC61D6B4E87CD8D92DA
889 |_http-server-header: Apache
890 |_http-title: 400 Bad Request
891 | ssl-cert: Subject: commonName=ssl.hp4u.jp
892 | Subject Alternative Name: DNS:ssl.hp4u.jp
893 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
894 | Public Key type: rsa
895 | Public Key bits: 2048
896 | Signature Algorithm: sha256WithRSAEncryption
897 | Not valid before: 2020-01-06T03:51:24
898 | Not valid after: 2020-04-05T03:51:24
899 | MD5: c29a 8bf3 667b 3f19 99b7 d139 ac74 bfcb
900 |_SHA-1: 98b5 02be 59f2 3ee8 4d07 7f26 de6b 0781 14d9 247e
901 |_ssl-date: TLS randomness does not represent time
902 465/tcp open smtp syn-ack ttl 44 Postfix smtpd
903 |_smtp-commands: mail.hp4u.jp, PIPELINING, SIZE 20480000, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
904 |_ssl-date: TLS randomness does not represent time
905 587/tcp open smtp syn-ack ttl 44 Postfix smtpd
906 |_smtp-commands: mail.hp4u.jp, PIPELINING, SIZE 20480000, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
907 |_ssl-date: TLS randomness does not represent time
908 993/tcp open ssl/imaps? syn-ack ttl 44
909 |_ssl-date: TLS randomness does not represent time
910 995/tcp open ssl/pop3s? syn-ack ttl 44
911 |_ssl-date: TLS randomness does not represent time
912 OS Info: Service Info: Host: mail.hp4u.jp
913 Scanning ip 157.7.33.35 (04.dnsv.jp (PTR)):
914 53/tcp open tcpwrapped syn-ack ttl 48
915 | dns-nsid:
916 | NSID: abe (616265)
917 |_ id.server: abe
918 Device type: storage-misc|general purpose|specialized
919 Scanning ip 157.7.32.53 (01.dnsv.jp (PTR)):
920 53/tcp open tcpwrapped syn-ack ttl 48
921 | dns-nsid:
922 | NSID: abd (616264)
923 |_ id.server: GDNS version 20180305
924 Device type: storage-misc|general purpose
925 Scanning ip 157.7.32.35 (03.dnsv.jp (PTR)):
926 53/tcp open tcpwrapped syn-ack ttl 48
927 | dns-nsid:
928 | NSID: abb (616262)
929 |_ id.server: abb
930 Device type: storage-misc|general purpose
931 Scanning ip 157.7.33.53 (02.dnsv.jp (PTR)):
932 53/tcp open tcpwrapped syn-ack ttl 48
933 | dns-nsid:
934 | NSID: abh (616268)
935 |_ id.server: GDNS version 20180305
936 Device type: storage-misc|general purpose
937 WebCrawling domain's web servers... up to 50 max links.
938
939 + URL to crawl: http://mail.hp4u.jp
940 + Date: 2020-01-19
941
942 + Crawling URL: http://mail.hp4u.jp:
943 + Links:
944 + Crawling http://mail.hp4u.jp (404 Not Found)
945 + Searching for directories...
946 + Searching open folders...
947
948
949 + URL to crawl: http://www.doozono.com.
950 + Date: 2020-01-19
951
952 + Crawling URL: http://www.doozono.com.:
953 + Links:
954 + Crawling http://www.doozono.com. (404 Not Found)
955 + Searching for directories...
956 + Searching open folders...
957
958
959 + URL to crawl: https://mail.hp4u.jp
960 + Date: 2020-01-19
961
962 + Crawling URL: https://mail.hp4u.jp:
963 + Links:
964 + Crawling https://mail.hp4u.jp
965 + Searching for directories...
966 + Searching open folders...
967
968
969 + URL to crawl: https://www.doozono.com.
970 + Date: 2020-01-19
971
972 + Crawling URL: https://www.doozono.com.:
973 + Links:
974 + Crawling https://www.doozono.com.
975 + Searching for directories...
976 + Searching open folders...
977
978--Finished--
979Summary information for domain doozono.com.
980-----------------------------------------
981
982 Domain Ips Information:
983 IP: 223.29.54.96
984 HostName: mail.hp4u.jp Type: MX
985 HostName: 223-29-54-96.tobila.com Type: PTR
986 HostName: www.doozono.com. Type: A
987 Country: Japan
988 Is Active: True (reset ttl 64)
989 Port: 80/tcp open http syn-ack ttl 44 Apache httpd
990 Script Info: |_http-favicon: Unknown favicon MD5: BA8DF7ED1AA97EC61D6B4E87CD8D92DA
991 Script Info: |_http-server-header: Apache
992 Script Info: |_http-title: \xE3\x83\x9A\xE3\x83\xBC\xE3\x82\xB8\xE3\x81\x8C\xE3\x81\xBF\xE3\x81\xA4\xE3\x81\x8B\xE3\x82\x8A\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93
993 Port: 110/tcp open pop3 syn-ack ttl 44 Dovecot pop3d
994 Script Info: |_pop3-capabilities: AUTH-RESP-CODE PIPELINING CAPA SASL(PLAIN) TOP UIDL USER STLS RESP-CODES
995 Script Info: |_ssl-date: TLS randomness does not represent time
996 Port: 143/tcp open imap syn-ack ttl 44 Dovecot imapd
997 Script Info: |_imap-capabilities: more have post-login OK IMAP4rev1 STARTTLS IDLE LITERAL+ listed Pre-login AUTH=PLAINA0001 capabilities ENABLE ID SASL-IR LOGIN-REFERRALS
998 Script Info: |_ssl-date: TLS randomness does not represent time
999 Port: 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
1000 Script Info: |_http-favicon: Unknown favicon MD5: BA8DF7ED1AA97EC61D6B4E87CD8D92DA
1001 Script Info: |_http-server-header: Apache
1002 Script Info: |_http-title: 400 Bad Request
1003 Script Info: | ssl-cert: Subject: commonName=ssl.hp4u.jp
1004 Script Info: | Subject Alternative Name: DNS:ssl.hp4u.jp
1005 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1006 Script Info: | Public Key type: rsa
1007 Script Info: | Public Key bits: 2048
1008 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1009 Script Info: | Not valid before: 2020-01-06T03:51:24
1010 Script Info: | Not valid after: 2020-04-05T03:51:24
1011 Script Info: | MD5: c29a 8bf3 667b 3f19 99b7 d139 ac74 bfcb
1012 Script Info: |_SHA-1: 98b5 02be 59f2 3ee8 4d07 7f26 de6b 0781 14d9 247e
1013 Script Info: |_ssl-date: TLS randomness does not represent time
1014 Port: 465/tcp open smtp syn-ack ttl 44 Postfix smtpd
1015 Script Info: |_smtp-commands: mail.hp4u.jp, PIPELINING, SIZE 20480000, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1016 Script Info: |_ssl-date: TLS randomness does not represent time
1017 Port: 587/tcp open smtp syn-ack ttl 44 Postfix smtpd
1018 Script Info: |_smtp-commands: mail.hp4u.jp, PIPELINING, SIZE 20480000, ETRN, STARTTLS, AUTH PLAIN LOGIN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1019 Script Info: |_ssl-date: TLS randomness does not represent time
1020 Port: 993/tcp open ssl/imaps? syn-ack ttl 44
1021 Script Info: |_ssl-date: TLS randomness does not represent time
1022 Port: 995/tcp open ssl/pop3s? syn-ack ttl 44
1023 Script Info: |_ssl-date: TLS randomness does not represent time
1024 Os Info: Host: mail.hp4u.jp
1025 IP: 157.7.33.35
1026 HostName: 04.dnsv.jp Type: NS
1027 HostName: 04.dnsv.jp Type: PTR
1028 Country: Japan
1029 Is Active: True (reset ttl 64)
1030 Port: 53/tcp open tcpwrapped syn-ack ttl 48
1031 Script Info: | dns-nsid:
1032 Script Info: | NSID: abe (616265)
1033 Script Info: |_ id.server: abe
1034 Script Info: Device type: storage-misc|general purpose|specialized
1035 IP: 157.7.32.53
1036 HostName: 01.dnsv.jp Type: NS
1037 HostName: 01.dnsv.jp Type: PTR
1038 Country: Japan
1039 Is Active: True (reset ttl 64)
1040 Port: 53/tcp open tcpwrapped syn-ack ttl 48
1041 Script Info: | dns-nsid:
1042 Script Info: | NSID: abd (616264)
1043 Script Info: |_ id.server: GDNS version 20180305
1044 Script Info: Device type: storage-misc|general purpose
1045 IP: 157.7.32.35
1046 HostName: 03.dnsv.jp Type: NS
1047 HostName: 03.dnsv.jp Type: PTR
1048 Country: Japan
1049 Is Active: True (reset ttl 64)
1050 Port: 53/tcp open tcpwrapped syn-ack ttl 48
1051 Script Info: | dns-nsid:
1052 Script Info: | NSID: abb (616262)
1053 Script Info: |_ id.server: abb
1054 Script Info: Device type: storage-misc|general purpose
1055 IP: 157.7.33.53
1056 HostName: 02.dnsv.jp Type: NS
1057 HostName: 02.dnsv.jp Type: PTR
1058 Country: Japan
1059 Is Active: True (reset ttl 64)
1060 Port: 53/tcp open tcpwrapped syn-ack ttl 48
1061 Script Info: | dns-nsid:
1062 Script Info: | NSID: abh (616268)
1063 Script Info: |_ id.server: GDNS version 20180305
1064 Script Info: Device type: storage-misc|general purpose
1065
1066--------------End Summary --------------
1067-----------------------------------------
1068#####################################################################################################################################
1069traceroute to doozono.com (223.29.54.96), 30 hops max, 60 byte packets
1070 1 10.252.204.1 (10.252.204.1) 59.709 ms 67.562 ms 67.561 ms
1071 2 104.245.145.177 (104.245.145.177) 67.544 ms 67.514 ms 67.497 ms
1072 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 67.492 ms 67.498 ms 89.069 ms
1073 4 te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 67.416 ms 67.426 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 67.334 ms
1074 5 te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169) 67.269 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161) 67.306 ms 88.825 ms
1075 6 be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 88.844 ms 38.827 ms 68.401 ms
1076 7 be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 97.837 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 97.847 ms 97.770 ms
1077 8 be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 97.751 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165) 97.735 ms 97.683 ms
1078 9 be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 127.918 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89) 127.869 ms 127.803 ms
107910 be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97) 127.835 ms 127.812 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 127.744 ms
108011 be3110.ccr22.sfo01.atlas.cogentco.com (154.54.44.141) 127.767 ms be3109.ccr21.sfo01.atlas.cogentco.com (154.54.44.137) 127.757 ms be3110.ccr22.sfo01.atlas.cogentco.com (154.54.44.141) 127.648 ms
108112 be3669.ccr41.sjc03.atlas.cogentco.com (154.54.43.10) 124.565 ms be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14) 167.198 ms 167.155 ms
108213 38.88.224.178 (38.88.224.178) 167.113 ms 167.110 ms 167.050 ms
108314 111.87.3.225 (111.87.3.225) 167.050 ms 111.87.3.109 (111.87.3.109) 94.153 ms 111.87.3.117 (111.87.3.117) 135.267 ms
108415 106.187.13.1 (106.187.13.1) 259.366 ms 106.187.13.21 (106.187.13.21) 259.311 ms 229.197 ms
108516 27.85.132.190 (27.85.132.190) 259.314 ms 27.90.132.70 (27.90.132.70) 259.276 ms 259.256 ms
108617 27.85.224.254 (27.85.224.254) 259.209 ms 259.176 ms 203.385 ms
108718 nagJIN202.int-gw.kddi.ne.jp (210.132.125.221) 280.824 ms nagJIN201.int-gw.kddi.ne.jp (210.132.125.252) 280.757 ms 280.744 ms
108819 111.87.15.18 (111.87.15.18) 280.731 ms 125.29.29.94 (125.29.29.94) 280.695 ms 213.304 ms
108920 r-210-173-150-82.commufa.jp (210.173.150.82) 290.733 ms 290.657 ms 290.638 ms
109021 * 218-216-186-38.dc.ctc.ad.jp (218.216.186.38) 290.594 ms 290.546 ms
109122 218-216-186-41.dc.ctc.ad.jp (218.216.186.41) 290.521 ms 218-216-186-22.dc.ctc.ad.jp (218.216.186.22) 290.432 ms 290.425 ms
109223 218-216-186-22.dc.ctc.ad.jp (218.216.186.22) 339.860 ms 249.501 ms 218-216-186-206.dc.ctc.ad.jp (218.216.186.206) 339.753 ms
109324 218-216-177-250.dc.ctc.ad.jp (218.216.177.250) 339.760 ms 218-216-186-206.dc.ctc.ad.jp (218.216.186.206) 339.771 ms 339.682 ms
109425 218-216-177-250.dc.ctc.ad.jp (218.216.177.250) 288.432 ms * *
1095#####################################################################################################################################
1096----- doozono.com -----
1097
1098
1099Host's addresses:
1100__________________
1101
1102doozono.com. 10 IN A 223.29.54.96
1103
1104
1105Name Servers:
1106______________
1107
110804.dnsv.jp. 32213 IN A 157.7.33.35
110902.dnsv.jp. 32213 IN A 157.7.33.53
111003.dnsv.jp. 32213 IN A 157.7.32.35
111101.dnsv.jp. 33846 IN A 157.7.32.53
1112
1113
1114Mail (MX) Servers:
1115___________________
1116
1117mail.hp4u.jp. 36 IN A 223.29.54.96
1118
1119
1120
1121Brute forcing with /usr/share/dnsenum/dns.txt:
1122_______________________________________________
1123
1124www.doozono.com. 136 IN A 223.29.54.96
1125
1126
1127Launching Whois Queries:
1128_________________________
1129
1130 whois ip result: 223.29.54.0 -> 223.29.54.0/25
1131
1132
1133doozono.com___________
1134
1135 223.29.54.0/25
1136#####################################################################################################################################
1137WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1138Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:45 EST
1139Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
1140Host is up (0.19s latency).
1141Not shown: 485 filtered ports, 3 closed ports
1142Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1143PORT STATE SERVICE
114480/tcp open http
1145110/tcp open pop3
1146143/tcp open imap
1147443/tcp open https
1148465/tcp open smtps
1149587/tcp open submission
1150993/tcp open imaps
1151995/tcp open pop3s
1152
1153Nmap done: 1 IP address (1 host up) scanned in 9.21 seconds
1154######################################################################################################################################
1155Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:45 EST
1156Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
1157Host is up (0.094s latency).
1158Not shown: 2 filtered ports
1159PORT STATE SERVICE
116053/udp open|filtered domain
116167/udp open|filtered dhcps
116268/udp open|filtered dhcpc
116369/udp open|filtered tftp
116488/udp open|filtered kerberos-sec
1165123/udp open|filtered ntp
1166139/udp open|filtered netbios-ssn
1167161/udp open|filtered snmp
1168162/udp open|filtered snmptrap
1169389/udp open|filtered ldap
1170500/udp open|filtered isakmp
1171520/udp open|filtered route
11722049/udp open|filtered nfs
1173
1174Nmap done: 1 IP address (1 host up) scanned in 5.57 seconds
1175#######################################################################################################################################
1176HTTP/1.1 404 Not Found
1177Date: Sun, 19 Jan 2020 14:45:48 GMT
1178Server: Apache
1179Content-Length: 1354
1180Connection: close
1181Content-Type: text/html; charset=UTF-8
1182#######################################################################################################################################
1183
1184wig - WebApp Information Gatherer
1185
1186
1187Scanning http://223.29.54.96...
1188________________________________________ SITE INFO _________________________________________
1189IP Title
1190223.29.54.96 ページがみつかりません
1191
1192_________________________________________ VERSION __________________________________________
1193Name Versions Type
1194Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1195 2.4.9
1196
1197_______________________________________ INTERESTING ________________________________________
1198URL Note Type
1199/test.php Test file Interesting
1200
1201____________________________________________________________________________________________
1202Time: 1.2 sec Urls: 809 Fingerprints: 40401
1203######################################################################################################################################
1204Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:46 EST
1205NSE: Loaded 162 scripts for scanning.
1206NSE: Script Pre-scanning.
1207Initiating NSE at 09:46
1208Completed NSE at 09:46, 0.00s elapsed
1209Initiating NSE at 09:46
1210Completed NSE at 09:46, 0.00s elapsed
1211Initiating Parallel DNS resolution of 1 host. at 09:46
1212Completed Parallel DNS resolution of 1 host. at 09:46, 0.02s elapsed
1213Initiating SYN Stealth Scan at 09:46
1214Scanning 223-29-54-96.tobila.com (223.29.54.96) [1 port]
1215Discovered open port 80/tcp on 223.29.54.96
1216Completed SYN Stealth Scan at 09:46, 0.25s elapsed (1 total ports)
1217Initiating Service scan at 09:46
1218Scanning 1 service on 223-29-54-96.tobila.com (223.29.54.96)
1219Completed Service scan at 09:46, 7.33s elapsed (1 service on 1 host)
1220Initiating OS detection (try #1) against 223-29-54-96.tobila.com (223.29.54.96)
1221Retrying OS detection (try #2) against 223-29-54-96.tobila.com (223.29.54.96)
1222WARNING: OS didn't match until try #2
1223Initiating Traceroute at 09:46
1224Completed Traceroute at 09:46, 3.19s elapsed
1225Initiating Parallel DNS resolution of 24 hosts. at 09:46
1226Completed Parallel DNS resolution of 24 hosts. at 09:46, 2.88s elapsed
1227NSE: Script scanning 223.29.54.96.
1228Initiating NSE at 09:46
1229Completed NSE at 09:48, 90.96s elapsed
1230Initiating NSE at 09:48
1231Completed NSE at 09:48, 1.45s elapsed
1232Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
1233Host is up (0.23s latency).
1234
1235PORT STATE SERVICE VERSION
123680/tcp open http Apache httpd
1237| http-brute:
1238|_ Path "/" does not require authentication
1239| http-cakephp-version: Version of codebase: 1.3.x
1240| Version of icons: 1.2.x
1241|_Default stylesheet has an unknown hash: fb48182a635f5b8f97fa119e100f31ee
1242|_http-chrono: Request times for /; avg: 276.11ms; min: 199.85ms; max: 436.23ms
1243|_http-csrf: Couldn't find any CSRF vulnerabilities.
1244|_http-date: Sun, 19 Jan 2020 14:47:01 GMT; -5s from local time.
1245|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1246|_http-dombased-xss: Couldn't find any DOM based XSS.
1247| http-errors:
1248| Spidering limited to: maxpagecount=40; withinhost=223-29-54-96.tobila.com
1249| Found the following error pages:
1250|
1251| Error Code: 404
1252|_ http://223-29-54-96.tobila.com:80/
1253|_http-feed: Couldn't find any feeds.
1254|_http-fetch: Please enter the complete path of the directory to save data in.
1255| http-headers:
1256| Date: Sun, 19 Jan 2020 14:47:07 GMT
1257| Server: Apache
1258| Content-Length: 1354
1259| Connection: close
1260| Content-Type: text/html; charset=UTF-8
1261|
1262|_ (Request type: GET)
1263|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1264|_http-mobileversion-checker: No mobile version detected.
1265|_http-security-headers:
1266|_http-server-header: Apache
1267| http-sitemap-generator:
1268| Directory structure:
1269| Longest directory structure:
1270| Depth: 0
1271| Dir: /
1272| Total files found (by extension):
1273|_
1274|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1275|_http-title: \xE3\x83\x9A\xE3\x83\xBC\xE3\x82\xB8\xE3\x81\x8C\xE3\x81\xBF\xE3\x81\xA4\xE3\x81\x8B\xE3\x82\x8A\xE3\x81\xBE\xE3\x81\x9B\xE3\x82\x93
1276| http-vhosts:
1277| 126 names had status 404
1278|_www.tobila.com : 302 -> http://tobila.com/
1279|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1280|_http-xssed: No previously reported XSS vuln.
1281| vulscan: VulDB - https://vuldb.com:
1282| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1283| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1284| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1285| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1286| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1287| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1288| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1289| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1290| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1291| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1292| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1293| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1294| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1295| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1296| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1297| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1298| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1299| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1300| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1301| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1302| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1303| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1304| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1305| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1306| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1307| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1308| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1309| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1310| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1311| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1312| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1313| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1314| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1315| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1316| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1317| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1318| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1319| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1320| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1321| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1322| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1323| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1324| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1325| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1326| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1327| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1328| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1329| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1330| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1331| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1332| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1333| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1334| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1335| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1336| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1337| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1338| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1339| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1340| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1341| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1342| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1343| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1344| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1345| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1346| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1347| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1348| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1349| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1350| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1351| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1352| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1353| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1354| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1355| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1356| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1357| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1358| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1359| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1360| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1361| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1362| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1363| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1364| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1365| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1366| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1367| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1368| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1369| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1370| [136370] Apache Fineract up to 1.2.x sql injection
1371| [136369] Apache Fineract up to 1.2.x sql injection
1372| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1373| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1374| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1375| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1376| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1377| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1378| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1379| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1380| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1381| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1382| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1383| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1384| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1385| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1386| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1387| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1388| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1389| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1390| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1391| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1392| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1393| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1394| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1395| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1396| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1397| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1398| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1399| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1400| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1401| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1402| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1403| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1404| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1405| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1406| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1407| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1408| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1409| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1410| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1411| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1412| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1413| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1414| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1415| [130629] Apache Guacamole Cookie Flag weak encryption
1416| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1417| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1418| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1419| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1420| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1421| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1422| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1423| [130123] Apache Airflow up to 1.8.2 information disclosure
1424| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1425| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1426| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1427| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1428| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1429| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1430| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1431| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1432| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1433| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1434| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1435| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1436| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1437| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1438| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1439| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1440| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1441| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1442| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1443| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1444| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1445| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1446| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1447| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1448| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1449| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1450| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1451| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1452| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1453| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1454| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1455| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1456| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1457| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1458| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1459| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1460| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1461| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1462| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1463| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1464| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1465| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1466| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1467| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1468| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1469| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1470| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1471| [127007] Apache Spark Request Code Execution
1472| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1473| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1474| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1475| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1476| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1477| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1478| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1479| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1480| [126346] Apache Tomcat Path privilege escalation
1481| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1482| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1483| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1484| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1485| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1486| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1487| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1488| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1489| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1490| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1491| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1492| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1493| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1494| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1495| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1496| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1497| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1498| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1499| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1500| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1501| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1502| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1503| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1504| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1505| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1506| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1507| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1508| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1509| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1510| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1511| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1512| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1513| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1514| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1515| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1516| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1517| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1518| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1519| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1520| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1521| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1522| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1523| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1524| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1525| [123197] Apache Sentry up to 2.0.0 privilege escalation
1526| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1527| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1528| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1529| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1530| [122800] Apache Spark 1.3.0 REST API weak authentication
1531| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1532| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1533| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1534| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1535| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1536| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1537| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1538| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1539| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1540| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1541| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1542| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1543| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1544| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1545| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1546| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1547| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1548| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1549| [121354] Apache CouchDB HTTP API Code Execution
1550| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1551| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1552| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1553| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1554| [120168] Apache CXF weak authentication
1555| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1556| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1557| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1558| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1559| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1560| [119306] Apache MXNet Network Interface privilege escalation
1561| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1562| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1563| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1564| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1565| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1566| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1567| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1568| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1569| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1570| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1571| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1572| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1573| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1574| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1575| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1576| [117115] Apache Tika up to 1.17 tika-server command injection
1577| [116929] Apache Fineract getReportType Parameter privilege escalation
1578| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1579| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1580| [116926] Apache Fineract REST Parameter privilege escalation
1581| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1582| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1583| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1584| [115883] Apache Hive up to 2.3.2 privilege escalation
1585| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1586| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1587| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1588| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1589| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1590| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1591| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1592| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1593| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1594| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1595| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1596| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1597| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1598| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1599| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1600| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1601| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1602| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1603| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1604| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1605| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1606| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1607| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1608| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1609| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1610| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1611| [113895] Apache Geode up to 1.3.x Code Execution
1612| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1613| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1614| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1615| [113747] Apache Tomcat Servlets privilege escalation
1616| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1617| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1618| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1619| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1620| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1621| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1622| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1623| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1624| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1625| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1626| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1627| [112885] Apache Allura up to 1.8.0 File information disclosure
1628| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1629| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1630| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1631| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1632| [112625] Apache POI up to 3.16 Loop denial of service
1633| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1634| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1635| [112339] Apache NiFi 1.5.0 Header privilege escalation
1636| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
1637| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
1638| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1639| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
1640| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
1641| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
1642| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
1643| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
1644| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
1645| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
1646| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
1647| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
1648| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
1649| [112114] Oracle 9.1 Apache Log4j privilege escalation
1650| [112113] Oracle 9.1 Apache Log4j privilege escalation
1651| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
1652| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
1653| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
1654| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
1655| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
1656| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
1657| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
1658| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
1659| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
1660| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
1661| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
1662| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
1663| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
1664| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
1665| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
1666| [110701] Apache Fineract Query Parameter sql injection
1667| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
1668| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
1669| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
1670| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
1671| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
1672| [110106] Apache CXF Fediz Spring cross site request forgery
1673| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
1674| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
1675| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
1676| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
1677| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
1678| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
1679| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1680| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
1681| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
1682| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
1683| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
1684| [108938] Apple macOS up to 10.13.1 apache denial of service
1685| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
1686| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
1687| [108935] Apple macOS up to 10.13.1 apache denial of service
1688| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
1689| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
1690| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
1691| [108931] Apple macOS up to 10.13.1 apache denial of service
1692| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
1693| [108929] Apple macOS up to 10.13.1 apache denial of service
1694| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
1695| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
1696| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1697| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
1698| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
1699| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1700| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
1701| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
1702| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
1703| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
1704| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
1705| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
1706| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
1707| [108782] Apache Xerces2 XML Service denial of service
1708| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
1709| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
1710| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
1711| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
1712| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
1713| [108629] Apache OFBiz up to 10.04.01 privilege escalation
1714| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
1715| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1716| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
1717| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
1718| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1719| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
1720| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
1721| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
1722| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
1723| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
1724| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
1725| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
1726| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
1727| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
1728| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
1729| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
1730| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
1731| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1732| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1733| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
1734| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
1735| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
1736| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
1737| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
1738| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
1739| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
1740| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
1741| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
1742| [107639] Apache NiFi 1.4.0 XML External Entity
1743| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
1744| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
1745| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
1746| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
1747| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
1748| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
1749| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
1750| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
1751| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
1752| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
1753| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
1754| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1755| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1756| [107197] Apache Xerces Jelly Parser XML File XML External Entity
1757| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
1758| [107084] Apache Struts up to 2.3.19 cross site scripting
1759| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
1760| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
1761| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
1762| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
1763| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
1764| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1765| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
1766| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
1767| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1768| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
1769| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
1770| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1771| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1772| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1773| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
1774| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
1775| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
1776| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
1777| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
1778| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
1779| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
1780| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
1781| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
1782| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
1783| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
1784| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
1785| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
1786| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
1787| [105878] Apache Struts up to 2.3.24.0 privilege escalation
1788| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
1789| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
1790| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
1791| [105643] Apache Pony Mail up to 0.8b weak authentication
1792| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
1793| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
1794| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
1795| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
1796| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
1797| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
1798| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
1799| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
1800| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
1801| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
1802| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
1803| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
1804| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
1805| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
1806| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
1807| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
1808| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
1809| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
1810| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
1811| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
1812| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
1813| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
1814| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
1815| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
1816| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
1817| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
1818| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
1819| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
1820| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
1821| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
1822| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
1823| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
1824| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
1825| [103690] Apache OpenMeetings 1.0.0 sql injection
1826| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
1827| [103688] Apache OpenMeetings 1.0.0 weak encryption
1828| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
1829| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
1830| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
1831| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
1832| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
1833| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
1834| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
1835| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
1836| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
1837| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
1838| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
1839| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
1840| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
1841| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
1842| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
1843| [103352] Apache Solr Node weak authentication
1844| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
1845| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
1846| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
1847| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
1848| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
1849| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
1850| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
1851| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
1852| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
1853| [102536] Apache Ranger up to 0.6 Stored cross site scripting
1854| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
1855| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
1856| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
1857| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
1858| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
1859| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
1860| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
1861| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
1862| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
1863| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
1864| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
1865| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
1866| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
1867| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
1868| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
1869| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
1870| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
1871| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
1872| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
1873| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
1874| [99937] Apache Batik up to 1.8 privilege escalation
1875| [99936] Apache FOP up to 2.1 privilege escalation
1876| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
1877| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
1878| [99930] Apache Traffic Server up to 6.2.0 denial of service
1879| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
1880| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
1881| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
1882| [117569] Apache Hadoop up to 2.7.3 privilege escalation
1883| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
1884| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
1885| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
1886| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
1887| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
1888| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
1889| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
1890| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
1891| [99014] Apache Camel Jackson/JacksonXML privilege escalation
1892| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1893| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
1894| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1895| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
1896| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
1897| [98605] Apple macOS up to 10.12.3 Apache denial of service
1898| [98604] Apple macOS up to 10.12.3 Apache denial of service
1899| [98603] Apple macOS up to 10.12.3 Apache denial of service
1900| [98602] Apple macOS up to 10.12.3 Apache denial of service
1901| [98601] Apple macOS up to 10.12.3 Apache denial of service
1902| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
1903| [98405] Apache Hadoop up to 0.23.10 privilege escalation
1904| [98199] Apache Camel Validation XML External Entity
1905| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
1906| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
1907| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
1908| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
1909| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
1910| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
1911| [97081] Apache Tomcat HTTPS Request denial of service
1912| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
1913| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
1914| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
1915| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
1916| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
1917| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
1918| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
1919| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
1920| [95311] Apache Storm UI Daemon privilege escalation
1921| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
1922| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
1923| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
1924| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
1925| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
1926| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
1927| [94540] Apache Tika 1.9 tika-server File information disclosure
1928| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
1929| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
1930| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
1931| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
1932| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
1933| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
1934| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
1935| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
1936| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
1937| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
1938| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
1939| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
1940| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
1941| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
1942| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
1943| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
1944| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
1945| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
1946| [93532] Apache Commons Collections Library Java privilege escalation
1947| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
1948| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
1949| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
1950| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
1951| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
1952| [93098] Apache Commons FileUpload privilege escalation
1953| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
1954| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
1955| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
1956| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
1957| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
1958| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
1959| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
1960| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
1961| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
1962| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
1963| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
1964| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
1965| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
1966| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
1967| [92549] Apache Tomcat on Red Hat privilege escalation
1968| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
1969| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
1970| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
1971| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
1972| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
1973| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
1974| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
1975| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
1976| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
1977| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
1978| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
1979| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
1980| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
1981| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
1982| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
1983| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
1984| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
1985| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
1986| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
1987| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
1988| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
1989| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
1990| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
1991| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
1992| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
1993| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
1994| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
1995| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
1996| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
1997| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
1998| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
1999| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2000| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2001| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2002| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2003| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2004| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2005| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2006| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2007| [90263] Apache Archiva Header denial of service
2008| [90262] Apache Archiva Deserialize privilege escalation
2009| [90261] Apache Archiva XML DTD Connection privilege escalation
2010| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2011| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2012| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2013| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2014| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2015| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2016| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2017| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2018| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2019| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2020| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2021| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2022| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2023| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2024| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2025| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2026| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2027| [87765] Apache James Server 2.3.2 Command privilege escalation
2028| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2029| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2030| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2031| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2032| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2033| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2034| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2035| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2036| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2037| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2038| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2039| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2040| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2041| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2042| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2043| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2044| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2045| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2046| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2047| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2048| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2049| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2050| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2051| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2052| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2053| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2054| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2055| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2056| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2057| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2058| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2059| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2060| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2061| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2062| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2063| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2064| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2065| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2066| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2067| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2068| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2069| [82076] Apache Ranger up to 0.5.1 privilege escalation
2070| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2071| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2072| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2073| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2074| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2075| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2076| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2077| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2078| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2079| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2080| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2081| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2082| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2083| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2084| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2085| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2086| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2087| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2088| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2089| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2090| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2091| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2092| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2093| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2094| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2095| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2096| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2097| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2098| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2099| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2100| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2101| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2102| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2103| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2104| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2105| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2106| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2107| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2108| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2109| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2110| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2111| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2112| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2113| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2114| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2115| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2116| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2117| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2118| [78989] Apache Ambari up to 2.1.1 Open Redirect
2119| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2120| [78987] Apache Ambari up to 2.0.x cross site scripting
2121| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2122| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2123| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2124| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2125| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2126| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2127| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2128| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2129| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2130| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2131| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2132| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2133| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2134| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2135| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2136| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2137| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2138| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2139| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2140| [76567] Apache Struts 2.3.20 unknown vulnerability
2141| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2142| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2143| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2144| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2145| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2146| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2147| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2148| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2149| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2150| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2151| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2152| [74793] Apache Tomcat File Upload denial of service
2153| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2154| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2155| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2156| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2157| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2158| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2159| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2160| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2161| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2162| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2163| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2164| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2165| [74468] Apache Batik up to 1.6 denial of service
2166| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2167| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2168| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2169| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2170| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2171| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2172| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2173| [73731] Apache XML Security unknown vulnerability
2174| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2175| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2176| [73593] Apache Traffic Server up to 5.1.0 denial of service
2177| [73511] Apache POI up to 3.10 Deadlock denial of service
2178| [73510] Apache Solr up to 4.3.0 cross site scripting
2179| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2180| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2181| [73173] Apache CloudStack Stack-Based unknown vulnerability
2182| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2183| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2184| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2185| [72890] Apache Qpid 0.30 unknown vulnerability
2186| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2187| [72878] Apache Cordova 3.5.0 cross site request forgery
2188| [72877] Apache Cordova 3.5.0 cross site request forgery
2189| [72876] Apache Cordova 3.5.0 cross site request forgery
2190| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2191| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2192| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2193| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2194| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2195| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2196| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2197| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2198| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2199| [71629] Apache Axis2/C spoofing
2200| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2201| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2202| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2203| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2204| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2205| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2206| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2207| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2208| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2209| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2210| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2211| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2212| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2213| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2214| [70809] Apache POI up to 3.11 Crash denial of service
2215| [70808] Apache POI up to 3.10 unknown vulnerability
2216| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2217| [70749] Apache Axis up to 1.4 getCN spoofing
2218| [70701] Apache Traffic Server up to 3.3.5 denial of service
2219| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2220| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2221| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2222| [70661] Apache Subversion up to 1.6.17 denial of service
2223| [70660] Apache Subversion up to 1.6.17 spoofing
2224| [70659] Apache Subversion up to 1.6.17 spoofing
2225| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2226| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2227| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2228| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2229| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2230| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2231| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2232| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2233| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2234| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2235| [69846] Apache HBase up to 0.94.8 information disclosure
2236| [69783] Apache CouchDB up to 1.2.0 memory corruption
2237| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2238| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2239| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2240| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2241| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2242| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2243| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2244| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2245| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2246| [69431] Apache Archiva up to 1.3.6 cross site scripting
2247| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2248| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2249| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2250| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2251| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2252| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2253| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2254| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2255| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2256| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2257| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2258| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2259| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2260| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2261| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2262| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2263| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2264| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2265| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2266| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2267| [66356] Apache Wicket up to 6.8.0 information disclosure
2268| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2269| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2270| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2271| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2272| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2273| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2274| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2275| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2276| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2277| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2278| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2279| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2280| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2281| [65668] Apache Solr 4.0.0 Updater denial of service
2282| [65665] Apache Solr up to 4.3.0 denial of service
2283| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2284| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2285| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2286| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2287| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2288| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2289| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2290| [65410] Apache Struts 2.3.15.3 cross site scripting
2291| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2292| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2293| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2294| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2295| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2296| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2297| [65340] Apache Shindig 2.5.0 information disclosure
2298| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2299| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2300| [10826] Apache Struts 2 File privilege escalation
2301| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2302| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2303| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2304| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2305| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2306| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2307| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2308| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2309| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2310| [64722] Apache XML Security for C++ Heap-based memory corruption
2311| [64719] Apache XML Security for C++ Heap-based memory corruption
2312| [64718] Apache XML Security for C++ verify denial of service
2313| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2314| [64716] Apache XML Security for C++ spoofing
2315| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2316| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2317| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2318| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2319| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2320| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2321| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2322| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2323| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2324| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2325| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2326| [64467] Apache Geronimo 3.0 memory corruption
2327| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2328| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2329| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2330| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2331| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2332| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2333| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2334| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2335| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2336| [8873] Apache Struts 2.3.14 privilege escalation
2337| [8872] Apache Struts 2.3.14 privilege escalation
2338| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2339| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2340| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2341| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2342| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2343| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2344| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2345| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2346| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2347| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2348| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2349| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2350| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2351| [8427] Apache Tomcat Session Transaction weak authentication
2352| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2353| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2354| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2355| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2356| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2357| [63747] Apache Rave up to 0.20 User Account information disclosure
2358| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2359| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2360| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2361| [7687] Apache CXF up to 2.7.2 Token weak authentication
2362| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2363| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2364| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2365| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2366| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2367| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2368| [63090] Apache Tomcat up to 4.1.24 denial of service
2369| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2370| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2371| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2372| [62833] Apache CXF -/2.6.0 spoofing
2373| [62832] Apache Axis2 up to 1.6.2 spoofing
2374| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2375| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2376| [62826] Apache Libcloud up to 0.11.0 spoofing
2377| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2378| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2379| [62661] Apache Axis2 unknown vulnerability
2380| [62658] Apache Axis2 unknown vulnerability
2381| [62467] Apache Qpid up to 0.17 denial of service
2382| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2383| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2384| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2385| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2386| [62035] Apache Struts up to 2.3.4 denial of service
2387| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2388| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2389| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2390| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2391| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2392| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2393| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2394| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2395| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2396| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2397| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2398| [61229] Apache Sling up to 2.1.1 denial of service
2399| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2400| [61094] Apache Roller up to 5.0 cross site scripting
2401| [61093] Apache Roller up to 5.0 cross site request forgery
2402| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2403| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2404| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2405| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2406| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2407| [60708] Apache Qpid 0.12 unknown vulnerability
2408| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2409| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2410| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2411| [4882] Apache Wicket up to 1.5.4 directory traversal
2412| [4881] Apache Wicket up to 1.4.19 cross site scripting
2413| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2414| [60352] Apache Struts up to 2.2.3 memory corruption
2415| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2416| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2417| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2418| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2419| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2420| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2421| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2422| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2423| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2424| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2425| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2426| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2427| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2428| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2429| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2430| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2431| [59888] Apache Tomcat up to 6.0.6 denial of service
2432| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2433| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2434| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2435| [59850] Apache Geronimo up to 2.2.1 denial of service
2436| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2437| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2438| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2439| [58413] Apache Tomcat up to 6.0.10 spoofing
2440| [58381] Apache Wicket up to 1.4.17 cross site scripting
2441| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2442| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2443| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2444| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2445| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2446| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2447| [57568] Apache Archiva up to 1.3.4 cross site scripting
2448| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2449| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2450| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2451| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2452| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2453| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2454| [57025] Apache Tomcat up to 7.0.11 information disclosure
2455| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2456| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2457| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2458| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2459| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2460| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2461| [56512] Apache Continuum up to 1.4.0 cross site scripting
2462| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2463| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2464| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2465| [56441] Apache Tomcat up to 7.0.6 denial of service
2466| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2467| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2468| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2469| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2470| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2471| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2472| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2473| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2474| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2475| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2476| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2477| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2478| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2479| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2480| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2481| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2482| [54012] Apache Tomcat up to 6.0.10 denial of service
2483| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2484| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2485| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2486| [52894] Apache Tomcat up to 6.0.7 information disclosure
2487| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2488| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2489| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2490| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2491| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2492| [52584] Apache CouchDB up to 0.10.1 information disclosure
2493| [51757] Apache HTTP Server 2.0.44 cross site scripting
2494| [51756] Apache HTTP Server 2.0.44 spoofing
2495| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2496| [51690] Apache Tomcat up to 6.0 directory traversal
2497| [51689] Apache Tomcat up to 6.0 information disclosure
2498| [51688] Apache Tomcat up to 6.0 directory traversal
2499| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2500| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2501| [50626] Apache Solr 1.0.0 cross site scripting
2502| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2503| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2504| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2505| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2506| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2507| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2508| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2509| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2510| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2511| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2512| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2513| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2514| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2515| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2516| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2517| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2518| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2519| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2520| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2521| [47214] Apachefriends xampp 1.6.8 spoofing
2522| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2523| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2524| [47065] Apache Tomcat 4.1.23 cross site scripting
2525| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2526| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2527| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2528| [86625] Apache Struts directory traversal
2529| [44461] Apache Tomcat up to 5.5.0 information disclosure
2530| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2531| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2532| [43663] Apache Tomcat up to 6.0.16 directory traversal
2533| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2534| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2535| [43516] Apache Tomcat up to 4.1.20 directory traversal
2536| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2537| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2538| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2539| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2540| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2541| [40924] Apache Tomcat up to 6.0.15 information disclosure
2542| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2543| [40922] Apache Tomcat up to 6.0 information disclosure
2544| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2545| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2546| [40656] Apache Tomcat 5.5.20 information disclosure
2547| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2548| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2549| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2550| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2551| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2552| [40234] Apache Tomcat up to 6.0.15 directory traversal
2553| [40221] Apache HTTP Server 2.2.6 information disclosure
2554| [40027] David Castro Apache Authcas 0.4 sql injection
2555| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2556| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2557| [3414] Apache Tomcat WebDAV Stored privilege escalation
2558| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2559| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2560| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2561| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2562| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2563| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2564| [38524] Apache Geronimo 2.0 unknown vulnerability
2565| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2566| [38331] Apache Tomcat 4.1.24 information disclosure
2567| [38330] Apache Tomcat 4.1.24 information disclosure
2568| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2569| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2570| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2571| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2572| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2573| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2574| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2575| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2576| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2577| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2578| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2579| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2580| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2581| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2582| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2583| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2584| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2585| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2586| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2587| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2588| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2589| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2590| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2591| [34252] Apache HTTP Server denial of service
2592| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2593| [33877] Apache Opentaps 0.9.3 cross site scripting
2594| [33876] Apache Open For Business Project unknown vulnerability
2595| [33875] Apache Open For Business Project cross site scripting
2596| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2597| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2598|
2599| MITRE CVE - https://cve.mitre.org:
2600| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2601| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2602| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2603| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2604| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2605| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2606| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2607| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2608| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2609| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2610| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2611| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2612| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2613| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2614| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2615| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2616| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2617| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2618| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2619| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2620| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2621| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2622| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2623| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2624| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2625| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2626| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2627| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2628| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2629| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2630| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2631| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2632| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2633| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2634| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2635| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
2636| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
2637| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
2638| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
2639| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
2640| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
2641| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2642| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2643| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2644| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2645| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2646| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
2647| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
2648| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
2649| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
2650| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
2651| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
2652| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
2653| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
2654| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
2655| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
2656| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
2657| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
2658| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
2659| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2660| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
2661| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
2662| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
2663| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
2664| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2665| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
2666| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
2667| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
2668| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
2669| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2670| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
2671| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
2672| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
2673| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
2674| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
2675| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2676| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
2677| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
2678| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
2679| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
2680| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
2681| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
2682| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2683| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
2684| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
2685| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2686| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
2687| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
2688| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
2689| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
2690| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
2691| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
2692| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
2693| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
2694| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
2695| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
2696| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
2697| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
2698| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
2699| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
2700| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
2701| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
2702| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
2703| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
2704| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
2705| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
2706| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
2707| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
2708| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
2709| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
2710| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
2711| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
2712| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
2713| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
2714| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
2715| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
2716| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
2717| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
2718| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
2719| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
2720| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
2721| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2722| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
2723| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
2724| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2725| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2726| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
2727| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
2728| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
2729| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
2730| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
2731| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
2732| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
2733| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
2734| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
2735| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2736| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
2737| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
2738| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
2739| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
2740| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
2741| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
2742| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
2743| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
2744| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
2745| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
2746| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
2747| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
2748| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
2749| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
2750| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
2751| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
2752| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
2753| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
2754| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
2755| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
2756| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
2757| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
2758| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
2759| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
2760| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
2761| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
2762| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
2763| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2764| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
2765| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
2766| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
2767| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
2768| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
2769| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
2770| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
2771| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
2772| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
2773| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
2774| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
2775| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
2776| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
2777| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
2778| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
2779| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2780| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
2781| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
2782| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
2783| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
2784| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
2785| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
2786| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2787| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
2788| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
2789| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
2790| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
2791| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
2792| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
2793| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
2794| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
2795| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
2796| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
2797| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
2798| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
2799| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
2800| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
2801| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
2802| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
2803| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
2804| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
2805| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
2806| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
2807| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
2808| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
2809| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
2810| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
2811| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
2812| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
2813| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
2814| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
2815| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
2816| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
2817| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
2818| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
2819| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
2820| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2821| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
2822| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
2823| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
2824| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
2825| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
2826| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
2827| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
2828| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
2829| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
2830| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
2831| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
2832| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
2833| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
2834| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
2835| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2836| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
2837| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
2838| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
2839| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
2840| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
2841| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
2842| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
2843| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
2844| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
2845| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
2846| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
2847| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
2848| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
2849| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
2850| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
2851| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
2852| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
2853| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
2854| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
2855| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
2856| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
2857| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
2858| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
2859| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
2860| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
2861| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
2862| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
2863| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
2864| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
2865| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
2866| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
2867| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
2868| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
2869| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
2870| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
2871| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
2872| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
2873| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
2874| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
2875| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
2876| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
2877| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
2878| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
2879| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
2880| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
2881| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
2882| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
2883| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
2884| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
2885| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
2886| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
2887| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
2888| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
2889| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
2890| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
2891| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
2892| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
2893| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2894| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2895| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
2896| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
2897| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
2898| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
2899| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
2900| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
2901| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
2902| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
2903| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
2904| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
2905| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2906| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
2907| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
2908| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
2909| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
2910| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
2911| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
2912| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
2913| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
2914| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
2915| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
2916| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
2917| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
2918| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
2919| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2920| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
2921| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
2922| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
2923| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
2924| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
2925| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
2926| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
2927| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
2928| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
2929| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
2930| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
2931| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
2932| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
2933| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
2934| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
2935| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
2936| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
2937| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
2938| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
2939| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
2940| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
2941| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
2942| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
2943| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
2944| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
2945| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
2946| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
2947| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
2948| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
2949| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
2950| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
2951| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
2952| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2953| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
2954| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
2955| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
2956| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
2957| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
2958| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
2959| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
2960| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
2961| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
2962| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
2963| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
2964| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
2965| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
2966| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2967| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
2968| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
2969| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
2970| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
2971| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
2972| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
2973| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
2974| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
2975| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
2976| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
2977| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
2978| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
2979| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
2980| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
2981| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
2982| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
2983| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2984| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
2985| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
2986| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
2987| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
2988| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
2989| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
2990| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
2991| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
2992| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
2993| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
2994| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
2995| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2996| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
2997| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
2998| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
2999| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3000| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3001| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3002| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3003| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3004| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3005| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3006| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3007| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3008| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3009| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3010| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3011| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3012| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3013| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3014| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3015| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3016| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3017| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3018| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3019| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3020| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3021| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3022| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3023| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3024| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3025| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3026| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3027| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3028| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3029| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3030| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3031| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3032| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3033| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3034| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3035| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3036| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3037| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3038| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3039| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3040| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3041| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3042| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3043| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3044| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3045| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3046| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3047| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3048| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3049| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3050| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3051| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3052| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3053| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3054| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3055| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3056| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3057| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3058| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3059| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3060| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3061| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3062| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3063| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3064| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3065| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3066| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3067| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3068| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3069| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3070| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3071| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3072| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3073| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3074| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3075| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3076| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3077| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3078| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3079| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3080| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3081| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3082| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3083| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3084| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3085| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3086| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3087| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3088| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3089| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3090| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3091| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3092| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3093| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3094| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3095| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3096| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3097| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3098| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3099| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3100| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3101| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3102| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3103| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3104| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3105| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3106| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3107| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3108| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3109| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3110| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3111| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3112| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3113| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3114| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3115| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3116| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3117| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3118| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3119| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3120| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3121| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3122| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3123| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3124| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3125| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3126| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3127| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3128| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3129| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3130| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3131| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3132| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3133| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3134| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3135| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3136| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3137| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3138| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3139| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3140| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3141| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3142| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3143| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3144| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3145| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3146| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3147| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3148| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3149| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3150| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3151| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3152| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3153| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3154| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3155| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3156| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3157| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3158| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3159| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3160| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3161| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3162| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3163| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3164| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3165| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3166| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3167| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3168| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3169| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3170| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3171| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3172| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3173| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3174| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3175| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3176| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3177| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3178| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3179| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3180| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3181| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3182| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3183| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3184| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3185| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3186| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3187| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3188| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3189| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3190| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3191| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3192| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3193| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3194| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3195| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3196| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3197| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3198| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3199| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3200| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3201| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3202| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3203| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3204| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3205| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3206| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3207| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3208| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3209|
3210| SecurityFocus - https://www.securityfocus.com/bid/:
3211| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3212| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3213| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3214| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3215| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3216| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3217| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3218| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3219| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3220| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3221| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3222| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3223| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3224| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3225| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3226| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3227| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3228| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3229| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3230| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3231| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3232| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3233| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3234| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3235| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3236| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3237| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3238| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3239| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3240| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3241| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3242| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3243| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3244| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3245| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3246| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3247| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3248| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3249| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3250| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3251| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3252| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3253| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3254| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3255| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3256| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3257| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3258| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3259| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3260| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3261| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3262| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3263| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3264| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3265| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3266| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3267| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3268| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3269| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3270| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3271| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3272| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3273| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3274| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3275| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3276| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3277| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3278| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3279| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3280| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3281| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3282| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3283| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3284| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3285| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3286| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3287| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3288| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3289| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3290| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3291| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3292| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3293| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3294| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3295| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3296| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3297| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3298| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3299| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3300| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3301| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3302| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3303| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3304| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3305| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3306| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3307| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3308| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3309| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3310| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3311| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3312| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3313| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3314| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3315| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3316| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3317| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3318| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3319| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3320| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3321| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3322| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3323| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3324| [100447] Apache2Triad Multiple Security Vulnerabilities
3325| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3326| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3327| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3328| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3329| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3330| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3331| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3332| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3333| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3334| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3335| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3336| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3337| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3338| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3339| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3340| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3341| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3342| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3343| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3344| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3345| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3346| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3347| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3348| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3349| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3350| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3351| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3352| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3353| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3354| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3355| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3356| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3357| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3358| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3359| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3360| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3361| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3362| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3363| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3364| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3365| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3366| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3367| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3368| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3369| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3370| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3371| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3372| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3373| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3374| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3375| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3376| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3377| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3378| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3379| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3380| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3381| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3382| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3383| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3384| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3385| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3386| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3387| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3388| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3389| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3390| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3391| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3392| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3393| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3394| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3395| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3396| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3397| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3398| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3399| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3400| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3401| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3402| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3403| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3404| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3405| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3406| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3407| [95675] Apache Struts Remote Code Execution Vulnerability
3408| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3409| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3410| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3411| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3412| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3413| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3414| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3415| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3416| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3417| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3418| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3419| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3420| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3421| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3422| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3423| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3424| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3425| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3426| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3427| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3428| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3429| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3430| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3431| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3432| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3433| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3434| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3435| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3436| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3437| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3438| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3439| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3440| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3441| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3442| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3443| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3444| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3445| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3446| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3447| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3448| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3449| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3450| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3451| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3452| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3453| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3454| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3455| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3456| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3457| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3458| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3459| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3460| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3461| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3462| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3463| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3464| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3465| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3466| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3467| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3468| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3469| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3470| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3471| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3472| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3473| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3474| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3475| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3476| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3477| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3478| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3479| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3480| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3481| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3482| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3483| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3484| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3485| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3486| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3487| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3488| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3489| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3490| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3491| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3492| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3493| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3494| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3495| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3496| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3497| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3498| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3499| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3500| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3501| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3502| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3503| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3504| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3505| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3506| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3507| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3508| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3509| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3510| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3511| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3512| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3513| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3514| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3515| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3516| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3517| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3518| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3519| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3520| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3521| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3522| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3523| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3524| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3525| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3526| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3527| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3528| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3529| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3530| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3531| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3532| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3533| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3534| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3535| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3536| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3537| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3538| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3539| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3540| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3541| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3542| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3543| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3544| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3545| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3546| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3547| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3548| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3549| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3550| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3551| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3552| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3553| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3554| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3555| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3556| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3557| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3558| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3559| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3560| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3561| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3562| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3563| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3564| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3565| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3566| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3567| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3568| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3569| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3570| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3571| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3572| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3573| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3574| [76933] Apache James Server Unspecified Command Execution Vulnerability
3575| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3576| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3577| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3578| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3579| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3580| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3581| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3582| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3583| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3584| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3585| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3586| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3587| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3588| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3589| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3590| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3591| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3592| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3593| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3594| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3595| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3596| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3597| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3598| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3599| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3600| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3601| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3602| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3603| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3604| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3605| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3606| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3607| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3608| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3609| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3610| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3611| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3612| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3613| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3614| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3615| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3616| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3617| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3618| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3619| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3620| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3621| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3622| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3623| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3624| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3625| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3626| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3627| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3628| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3629| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3630| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3631| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3632| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3633| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3634| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3635| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
3636| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
3637| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
3638| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
3639| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
3640| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
3641| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
3642| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
3643| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
3644| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
3645| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
3646| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
3647| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
3648| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
3649| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
3650| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
3651| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
3652| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
3653| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
3654| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
3655| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
3656| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
3657| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
3658| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
3659| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
3660| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
3661| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
3662| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
3663| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
3664| [68229] Apache Harmony PRNG Entropy Weakness
3665| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
3666| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
3667| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
3668| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
3669| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
3670| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
3671| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
3672| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
3673| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
3674| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
3675| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
3676| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
3677| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
3678| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
3679| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
3680| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
3681| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
3682| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
3683| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
3684| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
3685| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
3686| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
3687| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
3688| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
3689| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
3690| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
3691| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
3692| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
3693| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
3694| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
3695| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
3696| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
3697| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
3698| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
3699| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
3700| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
3701| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
3702| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
3703| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
3704| [64780] Apache CloudStack Unauthorized Access Vulnerability
3705| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
3706| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
3707| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
3708| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
3709| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
3710| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
3711| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
3712| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
3713| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
3714| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
3715| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
3716| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3717| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
3718| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
3719| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
3720| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
3721| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
3722| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
3723| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
3724| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
3725| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
3726| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
3727| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
3728| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
3729| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
3730| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
3731| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
3732| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
3733| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
3734| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
3735| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
3736| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
3737| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
3738| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
3739| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
3740| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
3741| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
3742| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
3743| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
3744| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
3745| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
3746| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
3747| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
3748| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
3749| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
3750| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
3751| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
3752| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
3753| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
3754| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
3755| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
3756| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
3757| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
3758| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
3759| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
3760| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
3761| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
3762| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
3763| [59670] Apache VCL Multiple Input Validation Vulnerabilities
3764| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
3765| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
3766| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
3767| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
3768| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
3769| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
3770| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
3771| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
3772| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
3773| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
3774| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
3775| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
3776| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
3777| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
3778| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
3779| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
3780| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
3781| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
3782| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
3783| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
3784| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
3785| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
3786| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
3787| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
3788| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
3789| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
3790| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
3791| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
3792| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
3793| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
3794| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
3795| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
3796| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
3797| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
3798| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
3799| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
3800| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
3801| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
3802| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
3803| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
3804| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
3805| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
3806| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
3807| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
3808| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
3809| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
3810| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
3811| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
3812| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
3813| [54798] Apache Libcloud Man In The Middle Vulnerability
3814| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
3815| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
3816| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
3817| [54189] Apache Roller Cross Site Request Forgery Vulnerability
3818| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
3819| [53880] Apache CXF Child Policies Security Bypass Vulnerability
3820| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
3821| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
3822| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
3823| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
3824| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
3825| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
3826| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
3827| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
3828| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
3829| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
3830| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
3831| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
3832| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
3833| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
3834| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
3835| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
3836| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
3837| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
3838| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
3839| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
3840| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3841| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
3842| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
3843| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
3844| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
3845| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
3846| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
3847| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
3848| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
3849| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
3850| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
3851| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
3852| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
3853| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
3854| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3855| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
3856| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
3857| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
3858| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
3859| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
3860| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
3861| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
3862| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
3863| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
3864| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
3865| [49290] Apache Wicket Cross Site Scripting Vulnerability
3866| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
3867| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
3868| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
3869| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
3870| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
3871| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
3872| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
3873| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3874| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
3875| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
3876| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
3877| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
3878| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
3879| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
3880| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
3881| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
3882| [46953] Apache MPM-ITK Module Security Weakness
3883| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
3884| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
3885| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
3886| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
3887| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
3888| [46166] Apache Tomcat JVM Denial of Service Vulnerability
3889| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
3890| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
3891| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
3892| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
3893| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
3894| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
3895| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
3896| [44616] Apache Shiro Directory Traversal Vulnerability
3897| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
3898| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
3899| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
3900| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
3901| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
3902| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
3903| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
3904| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
3905| [42492] Apache CXF XML DTD Processing Security Vulnerability
3906| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
3907| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
3908| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
3909| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
3910| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
3911| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
3912| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
3913| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
3914| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
3915| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
3916| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
3917| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
3918| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
3919| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3920| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
3921| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
3922| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
3923| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
3924| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
3925| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
3926| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
3927| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
3928| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
3929| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
3930| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
3931| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
3932| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
3933| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
3934| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
3935| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
3936| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
3937| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
3938| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
3939| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
3940| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
3941| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
3942| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
3943| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
3944| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
3945| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
3946| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
3947| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
3948| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3949| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
3950| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
3951| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
3952| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
3953| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
3954| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
3955| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
3956| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
3957| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
3958| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
3959| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
3960| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
3961| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
3962| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
3963| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
3964| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
3965| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
3966| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
3967| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
3968| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
3969| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
3970| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
3971| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
3972| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
3973| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
3974| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
3975| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
3976| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
3977| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
3978| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
3979| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
3980| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
3981| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
3982| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
3983| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
3984| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
3985| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
3986| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
3987| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
3988| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
3989| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
3990| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
3991| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
3992| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
3993| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
3994| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
3995| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
3996| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
3997| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
3998| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
3999| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4000| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4001| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4002| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4003| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4004| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4005| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4006| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4007| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4008| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4009| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4010| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4011| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4012| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4013| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4014| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4015| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4016| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4017| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4018| [20527] Apache Mod_TCL Remote Format String Vulnerability
4019| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4020| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4021| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4022| [19106] Apache Tomcat Information Disclosure Vulnerability
4023| [18138] Apache James SMTP Denial Of Service Vulnerability
4024| [17342] Apache Struts Multiple Remote Vulnerabilities
4025| [17095] Apache Log4Net Denial Of Service Vulnerability
4026| [16916] Apache mod_python FileSession Code Execution Vulnerability
4027| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4028| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4029| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4030| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4031| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4032| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4033| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4034| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4035| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4036| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4037| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4038| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4039| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4040| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4041| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4042| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4043| [14106] Apache HTTP Request Smuggling Vulnerability
4044| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4045| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4046| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4047| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4048| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4049| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4050| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4051| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4052| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4053| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4054| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4055| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4056| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4057| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4058| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4059| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4060| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4061| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4062| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4063| [11094] Apache mod_ssl Denial Of Service Vulnerability
4064| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4065| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4066| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4067| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4068| [10478] ClueCentral Apache Suexec Patch Security Weakness
4069| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4070| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4071| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4072| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4073| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4074| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4075| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4076| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4077| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4078| [9733] Apache Cygwin Directory Traversal Vulnerability
4079| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4080| [9590] Apache-SSL Client Certificate Forging Vulnerability
4081| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4082| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4083| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4084| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4085| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4086| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4087| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4088| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4089| [8898] Red Hat Apache Directory Index Default Configuration Error
4090| [8883] Apache Cocoon Directory Traversal Vulnerability
4091| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4092| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4093| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4094| [8707] Apache htpasswd Password Entropy Weakness
4095| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4096| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4097| [8226] Apache HTTP Server Multiple Vulnerabilities
4098| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4099| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4100| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4101| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4102| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4103| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4104| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4105| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4106| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4107| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4108| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4109| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4110| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4111| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4112| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4113| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4114| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4115| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4116| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4117| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4118| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4119| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4120| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4121| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4122| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4123| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4124| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4125| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4126| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4127| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4128| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4129| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4130| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4131| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4132| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4133| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4134| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4135| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4136| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4137| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4138| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4139| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4140| [5485] Apache 2.0 Path Disclosure Vulnerability
4141| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4142| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4143| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4144| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4145| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4146| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4147| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4148| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4149| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4150| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4151| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4152| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4153| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4154| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4155| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4156| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4157| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4158| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4159| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4160| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4161| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4162| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4163| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4164| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4165| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4166| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4167| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4168| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4169| [3596] Apache Split-Logfile File Append Vulnerability
4170| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4171| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4172| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4173| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4174| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4175| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4176| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4177| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4178| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4179| [3169] Apache Server Address Disclosure Vulnerability
4180| [3009] Apache Possible Directory Index Disclosure Vulnerability
4181| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4182| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4183| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4184| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4185| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4186| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4187| [2216] Apache Web Server DoS Vulnerability
4188| [2182] Apache /tmp File Race Vulnerability
4189| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4190| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4191| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4192| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4193| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4194| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4195| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4196| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4197| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4198| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4199| [1457] Apache::ASP source.asp Example Script Vulnerability
4200| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4201| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4202|
4203| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4204| [86258] Apache CloudStack text fields cross-site scripting
4205| [85983] Apache Subversion mod_dav_svn module denial of service
4206| [85875] Apache OFBiz UEL code execution
4207| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4208| [85871] Apache HTTP Server mod_session_dbd unspecified
4209| [85756] Apache Struts OGNL expression command execution
4210| [85755] Apache Struts DefaultActionMapper class open redirect
4211| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4212| [85574] Apache HTTP Server mod_dav denial of service
4213| [85573] Apache Struts Showcase App OGNL code execution
4214| [85496] Apache CXF denial of service
4215| [85423] Apache Geronimo RMI classloader code execution
4216| [85326] Apache Santuario XML Security for C++ buffer overflow
4217| [85323] Apache Santuario XML Security for Java spoofing
4218| [85319] Apache Qpid Python client SSL spoofing
4219| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4220| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4221| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4222| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4223| [84952] Apache Tomcat CVE-2012-3544 denial of service
4224| [84763] Apache Struts CVE-2013-2135 security bypass
4225| [84762] Apache Struts CVE-2013-2134 security bypass
4226| [84719] Apache Subversion CVE-2013-2088 command execution
4227| [84718] Apache Subversion CVE-2013-2112 denial of service
4228| [84717] Apache Subversion CVE-2013-1968 denial of service
4229| [84577] Apache Tomcat security bypass
4230| [84576] Apache Tomcat symlink
4231| [84543] Apache Struts CVE-2013-2115 security bypass
4232| [84542] Apache Struts CVE-2013-1966 security bypass
4233| [84154] Apache Tomcat session hijacking
4234| [84144] Apache Tomcat denial of service
4235| [84143] Apache Tomcat information disclosure
4236| [84111] Apache HTTP Server command execution
4237| [84043] Apache Virtual Computing Lab cross-site scripting
4238| [84042] Apache Virtual Computing Lab cross-site scripting
4239| [83782] Apache CloudStack information disclosure
4240| [83781] Apache CloudStack security bypass
4241| [83720] Apache ActiveMQ cross-site scripting
4242| [83719] Apache ActiveMQ denial of service
4243| [83718] Apache ActiveMQ denial of service
4244| [83263] Apache Subversion denial of service
4245| [83262] Apache Subversion denial of service
4246| [83261] Apache Subversion denial of service
4247| [83259] Apache Subversion denial of service
4248| [83035] Apache mod_ruid2 security bypass
4249| [82852] Apache Qpid federation_tag security bypass
4250| [82851] Apache Qpid qpid::framing::Buffer denial of service
4251| [82758] Apache Rave User RPC API information disclosure
4252| [82663] Apache Subversion svn_fs_file_length() denial of service
4253| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4254| [82641] Apache Qpid AMQP denial of service
4255| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4256| [82618] Apache Commons FileUpload symlink
4257| [82360] Apache HTTP Server manager interface cross-site scripting
4258| [82359] Apache HTTP Server hostnames cross-site scripting
4259| [82338] Apache Tomcat log/logdir information disclosure
4260| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4261| [82268] Apache OpenJPA deserialization command execution
4262| [81981] Apache CXF UsernameTokens security bypass
4263| [81980] Apache CXF WS-Security security bypass
4264| [81398] Apache OFBiz cross-site scripting
4265| [81240] Apache CouchDB directory traversal
4266| [81226] Apache CouchDB JSONP code execution
4267| [81225] Apache CouchDB Futon user interface cross-site scripting
4268| [81211] Apache Axis2/C SSL spoofing
4269| [81167] Apache CloudStack DeployVM information disclosure
4270| [81166] Apache CloudStack AddHost API information disclosure
4271| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4272| [80518] Apache Tomcat cross-site request forgery security bypass
4273| [80517] Apache Tomcat FormAuthenticator security bypass
4274| [80516] Apache Tomcat NIO denial of service
4275| [80408] Apache Tomcat replay-countermeasure security bypass
4276| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4277| [80317] Apache Tomcat slowloris denial of service
4278| [79984] Apache Commons HttpClient SSL spoofing
4279| [79983] Apache CXF SSL spoofing
4280| [79830] Apache Axis2/Java SSL spoofing
4281| [79829] Apache Axis SSL spoofing
4282| [79809] Apache Tomcat DIGEST security bypass
4283| [79806] Apache Tomcat parseHeaders() denial of service
4284| [79540] Apache OFBiz unspecified
4285| [79487] Apache Axis2 SAML security bypass
4286| [79212] Apache Cloudstack code execution
4287| [78734] Apache CXF SOAP Action security bypass
4288| [78730] Apache Qpid broker denial of service
4289| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4290| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4291| [78562] Apache mod_pagespeed module security bypass
4292| [78454] Apache Axis2 security bypass
4293| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4294| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4295| [78321] Apache Wicket unspecified cross-site scripting
4296| [78183] Apache Struts parameters denial of service
4297| [78182] Apache Struts cross-site request forgery
4298| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4299| [77987] mod_rpaf module for Apache denial of service
4300| [77958] Apache Struts skill name code execution
4301| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4302| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4303| [77568] Apache Qpid broker security bypass
4304| [77421] Apache Libcloud spoofing
4305| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4306| [77046] Oracle Solaris Apache HTTP Server information disclosure
4307| [76837] Apache Hadoop information disclosure
4308| [76802] Apache Sling CopyFrom denial of service
4309| [76692] Apache Hadoop symlink
4310| [76535] Apache Roller console cross-site request forgery
4311| [76534] Apache Roller weblog cross-site scripting
4312| [76152] Apache CXF elements security bypass
4313| [76151] Apache CXF child policies security bypass
4314| [75983] MapServer for Windows Apache file include
4315| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4316| [75558] Apache POI denial of service
4317| [75545] PHP apache_request_headers() buffer overflow
4318| [75302] Apache Qpid SASL security bypass
4319| [75211] Debian GNU/Linux apache 2 cross-site scripting
4320| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4321| [74871] Apache OFBiz FlexibleStringExpander code execution
4322| [74870] Apache OFBiz multiple cross-site scripting
4323| [74750] Apache Hadoop unspecified spoofing
4324| [74319] Apache Struts XSLTResult.java file upload
4325| [74313] Apache Traffic Server header buffer overflow
4326| [74276] Apache Wicket directory traversal
4327| [74273] Apache Wicket unspecified cross-site scripting
4328| [74181] Apache HTTP Server mod_fcgid module denial of service
4329| [73690] Apache Struts OGNL code execution
4330| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4331| [73100] Apache MyFaces in directory traversal
4332| [73096] Apache APR hash denial of service
4333| [73052] Apache Struts name cross-site scripting
4334| [73030] Apache CXF UsernameToken security bypass
4335| [72888] Apache Struts lastName cross-site scripting
4336| [72758] Apache HTTP Server httpOnly information disclosure
4337| [72757] Apache HTTP Server MPM denial of service
4338| [72585] Apache Struts ParameterInterceptor security bypass
4339| [72438] Apache Tomcat Digest security bypass
4340| [72437] Apache Tomcat Digest security bypass
4341| [72436] Apache Tomcat DIGEST security bypass
4342| [72425] Apache Tomcat parameter denial of service
4343| [72422] Apache Tomcat request object information disclosure
4344| [72377] Apache HTTP Server scoreboard security bypass
4345| [72345] Apache HTTP Server HTTP request denial of service
4346| [72229] Apache Struts ExceptionDelegator command execution
4347| [72089] Apache Struts ParameterInterceptor directory traversal
4348| [72088] Apache Struts CookieInterceptor command execution
4349| [72047] Apache Geronimo hash denial of service
4350| [72016] Apache Tomcat hash denial of service
4351| [71711] Apache Struts OGNL expression code execution
4352| [71654] Apache Struts interfaces security bypass
4353| [71620] Apache ActiveMQ failover denial of service
4354| [71617] Apache HTTP Server mod_proxy module information disclosure
4355| [71508] Apache MyFaces EL security bypass
4356| [71445] Apache HTTP Server mod_proxy security bypass
4357| [71203] Apache Tomcat servlets privilege escalation
4358| [71181] Apache HTTP Server ap_pregsub() denial of service
4359| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4360| [70336] Apache HTTP Server mod_proxy information disclosure
4361| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4362| [69472] Apache Tomcat AJP security bypass
4363| [69396] Apache HTTP Server ByteRange filter denial of service
4364| [69394] Apache Wicket multi window support cross-site scripting
4365| [69176] Apache Tomcat XML information disclosure
4366| [69161] Apache Tomcat jsvc information disclosure
4367| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4368| [68541] Apache Tomcat sendfile information disclosure
4369| [68420] Apache XML Security denial of service
4370| [68238] Apache Tomcat JMX information disclosure
4371| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4372| [67804] Apache Subversion control rules information disclosure
4373| [67803] Apache Subversion control rules denial of service
4374| [67802] Apache Subversion baselined denial of service
4375| [67672] Apache Archiva multiple cross-site scripting
4376| [67671] Apache Archiva multiple cross-site request forgery
4377| [67564] Apache APR apr_fnmatch() denial of service
4378| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4379| [67515] Apache Tomcat annotations security bypass
4380| [67480] Apache Struts s:submit information disclosure
4381| [67414] Apache APR apr_fnmatch() denial of service
4382| [67356] Apache Struts javatemplates cross-site scripting
4383| [67354] Apache Struts Xwork cross-site scripting
4384| [66676] Apache Tomcat HTTP BIO information disclosure
4385| [66675] Apache Tomcat web.xml security bypass
4386| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4387| [66241] Apache HttpComponents information disclosure
4388| [66154] Apache Tomcat ServletSecurity security bypass
4389| [65971] Apache Tomcat ServletSecurity security bypass
4390| [65876] Apache Subversion mod_dav_svn denial of service
4391| [65343] Apache Continuum unspecified cross-site scripting
4392| [65162] Apache Tomcat NIO connector denial of service
4393| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4394| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4395| [65159] Apache Tomcat ServletContect security bypass
4396| [65050] Apache CouchDB web-based administration UI cross-site scripting
4397| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4398| [64473] Apache Subversion blame -g denial of service
4399| [64472] Apache Subversion walk() denial of service
4400| [64407] Apache Axis2 CVE-2010-0219 code execution
4401| [63926] Apache Archiva password privilege escalation
4402| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4403| [63493] Apache Archiva credentials cross-site request forgery
4404| [63477] Apache Tomcat HttpOnly session hijacking
4405| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4406| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4407| [62959] Apache Shiro filters security bypass
4408| [62790] Apache Perl cgi module denial of service
4409| [62576] Apache Qpid exchange denial of service
4410| [62575] Apache Qpid AMQP denial of service
4411| [62354] Apache Qpid SSL denial of service
4412| [62235] Apache APR-util apr_brigade_split_line() denial of service
4413| [62181] Apache XML-RPC SAX Parser information disclosure
4414| [61721] Apache Traffic Server cache poisoning
4415| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4416| [61186] Apache CouchDB Futon cross-site request forgery
4417| [61169] Apache CXF DTD denial of service
4418| [61070] Apache Jackrabbit search.jsp SQL injection
4419| [61006] Apache SLMS Quoting cross-site request forgery
4420| [60962] Apache Tomcat time cross-site scripting
4421| [60883] Apache mod_proxy_http information disclosure
4422| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4423| [60264] Apache Tomcat Transfer-Encoding denial of service
4424| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4425| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4426| [59413] Apache mod_proxy_http timeout information disclosure
4427| [59058] Apache MyFaces unencrypted view state cross-site scripting
4428| [58827] Apache Axis2 xsd file include
4429| [58790] Apache Axis2 modules cross-site scripting
4430| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4431| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4432| [58056] Apache ActiveMQ .jsp source code disclosure
4433| [58055] Apache Tomcat realm name information disclosure
4434| [58046] Apache HTTP Server mod_auth_shadow security bypass
4435| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4436| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4437| [57429] Apache CouchDB algorithms information disclosure
4438| [57398] Apache ActiveMQ Web console cross-site request forgery
4439| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4440| [56653] Apache HTTP Server DNS spoofing
4441| [56652] Apache HTTP Server DNS cross-site scripting
4442| [56625] Apache HTTP Server request header information disclosure
4443| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4444| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4445| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4446| [55857] Apache Tomcat WAR files directory traversal
4447| [55856] Apache Tomcat autoDeploy attribute security bypass
4448| [55855] Apache Tomcat WAR directory traversal
4449| [55210] Intuit component for Joomla! Apache information disclosure
4450| [54533] Apache Tomcat 404 error page cross-site scripting
4451| [54182] Apache Tomcat admin default password
4452| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4453| [53666] Apache HTTP Server Solaris pollset support denial of service
4454| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4455| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4456| [53041] mod_proxy_ftp module for Apache denial of service
4457| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4458| [51953] Apache Tomcat Path Disclosure
4459| [51952] Apache Tomcat Path Traversal
4460| [51951] Apache stronghold-status Information Disclosure
4461| [51950] Apache stronghold-info Information Disclosure
4462| [51949] Apache PHP Source Code Disclosure
4463| [51948] Apache Multiviews Attack
4464| [51946] Apache JServ Environment Status Information Disclosure
4465| [51945] Apache error_log Information Disclosure
4466| [51944] Apache Default Installation Page Pattern Found
4467| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4468| [51942] Apache AXIS XML External Entity File Retrieval
4469| [51941] Apache AXIS Sample Servlet Information Leak
4470| [51940] Apache access_log Information Disclosure
4471| [51626] Apache mod_deflate denial of service
4472| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4473| [51365] Apache Tomcat RequestDispatcher security bypass
4474| [51273] Apache HTTP Server Incomplete Request denial of service
4475| [51195] Apache Tomcat XML information disclosure
4476| [50994] Apache APR-util xml/apr_xml.c denial of service
4477| [50993] Apache APR-util apr_brigade_vprintf denial of service
4478| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4479| [50930] Apache Tomcat j_security_check information disclosure
4480| [50928] Apache Tomcat AJP denial of service
4481| [50884] Apache HTTP Server XML ENTITY denial of service
4482| [50808] Apache HTTP Server AllowOverride privilege escalation
4483| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4484| [50059] Apache mod_proxy_ajp information disclosure
4485| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4486| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4487| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4488| [49921] Apache ActiveMQ Web interface cross-site scripting
4489| [49898] Apache Geronimo Services/Repository directory traversal
4490| [49725] Apache Tomcat mod_jk module information disclosure
4491| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4492| [49712] Apache Struts unspecified cross-site scripting
4493| [49213] Apache Tomcat cal2.jsp cross-site scripting
4494| [48934] Apache Tomcat POST doRead method information disclosure
4495| [48211] Apache Tomcat header HTTP request smuggling
4496| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4497| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4498| [47709] Apache Roller "
4499| [47104] Novell Netware ApacheAdmin console security bypass
4500| [47086] Apache HTTP Server OS fingerprinting unspecified
4501| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4502| [45791] Apache Tomcat RemoteFilterValve security bypass
4503| [44435] Oracle WebLogic Apache Connector buffer overflow
4504| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4505| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4506| [44156] Apache Tomcat RequestDispatcher directory traversal
4507| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4508| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4509| [42987] Apache HTTP Server mod_proxy module denial of service
4510| [42915] Apache Tomcat JSP files path disclosure
4511| [42914] Apache Tomcat MS-DOS path disclosure
4512| [42892] Apache Tomcat unspecified unauthorized access
4513| [42816] Apache Tomcat Host Manager cross-site scripting
4514| [42303] Apache 403 error cross-site scripting
4515| [41618] Apache-SSL ExpandCert() authentication bypass
4516| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4517| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4518| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4519| [40562] Apache Geronimo init information disclosure
4520| [40478] Novell Web Manager webadmin-apache.conf security bypass
4521| [40411] Apache Tomcat exception handling information disclosure
4522| [40409] Apache Tomcat native (APR based) connector weak security
4523| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4524| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4525| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4526| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4527| [39804] Apache Tomcat SingleSignOn information disclosure
4528| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4529| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4530| [39608] Apache HTTP Server balancer manager cross-site request forgery
4531| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4532| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4533| [39472] Apache HTTP Server mod_status cross-site scripting
4534| [39201] Apache Tomcat JULI logging weak security
4535| [39158] Apache HTTP Server Windows SMB shares information disclosure
4536| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4537| [38951] Apache::AuthCAS Perl module cookie SQL injection
4538| [38800] Apache HTTP Server 413 error page cross-site scripting
4539| [38211] Apache Geronimo SQLLoginModule authentication bypass
4540| [37243] Apache Tomcat WebDAV directory traversal
4541| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4542| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4543| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4544| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4545| [36782] Apache Geronimo MEJB unauthorized access
4546| [36586] Apache HTTP Server UTF-7 cross-site scripting
4547| [36468] Apache Geronimo LoginModule security bypass
4548| [36467] Apache Tomcat functions.jsp cross-site scripting
4549| [36402] Apache Tomcat calendar cross-site request forgery
4550| [36354] Apache HTTP Server mod_proxy module denial of service
4551| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4552| [36336] Apache Derby lock table privilege escalation
4553| [36335] Apache Derby schema privilege escalation
4554| [36006] Apache Tomcat "
4555| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4556| [35999] Apache Tomcat \"
4557| [35795] Apache Tomcat CookieExample cross-site scripting
4558| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4559| [35384] Apache HTTP Server mod_cache module denial of service
4560| [35097] Apache HTTP Server mod_status module cross-site scripting
4561| [35095] Apache HTTP Server Prefork MPM module denial of service
4562| [34984] Apache HTTP Server recall_headers information disclosure
4563| [34966] Apache HTTP Server MPM content spoofing
4564| [34965] Apache HTTP Server MPM information disclosure
4565| [34963] Apache HTTP Server MPM multiple denial of service
4566| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4567| [34869] Apache Tomcat JSP example Web application cross-site scripting
4568| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4569| [34496] Apache Tomcat JK Connector security bypass
4570| [34377] Apache Tomcat hello.jsp cross-site scripting
4571| [34212] Apache Tomcat SSL configuration security bypass
4572| [34210] Apache Tomcat Accept-Language cross-site scripting
4573| [34209] Apache Tomcat calendar application cross-site scripting
4574| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4575| [34167] Apache Axis WSDL file path disclosure
4576| [34068] Apache Tomcat AJP connector information disclosure
4577| [33584] Apache HTTP Server suEXEC privilege escalation
4578| [32988] Apache Tomcat proxy module directory traversal
4579| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4580| [32708] Debian Apache tty privilege escalation
4581| [32441] ApacheStats extract() PHP call unspecified
4582| [32128] Apache Tomcat default account
4583| [31680] Apache Tomcat RequestParamExample cross-site scripting
4584| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4585| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4586| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4587| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4588| [29550] Apache mod_tcl set_var() format string
4589| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4590| [28357] Apache HTTP Server mod_alias script source information disclosure
4591| [28063] Apache mod_rewrite off-by-one buffer overflow
4592| [27902] Apache Tomcat URL information disclosure
4593| [26786] Apache James SMTP server denial of service
4594| [25680] libapache2 /tmp/svn file upload
4595| [25614] Apache Struts lookupMap cross-site scripting
4596| [25613] Apache Struts ActionForm denial of service
4597| [25612] Apache Struts isCancelled() security bypass
4598| [24965] Apache mod_python FileSession command execution
4599| [24716] Apache James spooler memory leak denial of service
4600| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4601| [24158] Apache Geronimo jsp-examples cross-site scripting
4602| [24030] Apache auth_ldap module multiple format strings
4603| [24008] Apache mod_ssl custom error message denial of service
4604| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4605| [23612] Apache mod_imap referer field cross-site scripting
4606| [23173] Apache Struts error message cross-site scripting
4607| [22942] Apache Tomcat directory listing denial of service
4608| [22858] Apache Multi-Processing Module code allows denial of service
4609| [22602] RHSA-2005:582 updates for Apache httpd not installed
4610| [22520] Apache mod-auth-shadow "
4611| [22466] ApacheTop symlink
4612| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4613| [22006] Apache HTTP Server byte-range filter denial of service
4614| [21567] Apache mod_ssl off-by-one buffer overflow
4615| [21195] Apache HTTP Server header HTTP request smuggling
4616| [20383] Apache HTTP Server htdigest buffer overflow
4617| [19681] Apache Tomcat AJP12 request denial of service
4618| [18993] Apache HTTP server check_forensic symlink attack
4619| [18790] Apache Tomcat Manager cross-site scripting
4620| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4621| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4622| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4623| [17961] Apache Web server ServerTokens has not been set
4624| [17930] Apache HTTP Server HTTP GET request denial of service
4625| [17785] Apache mod_include module buffer overflow
4626| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4627| [17473] Apache HTTP Server Satisfy directive allows access to resources
4628| [17413] Apache htpasswd buffer overflow
4629| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4630| [17382] Apache HTTP Server IPv6 apr_util denial of service
4631| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4632| [17273] Apache HTTP Server speculative mode denial of service
4633| [17200] Apache HTTP Server mod_ssl denial of service
4634| [16890] Apache HTTP Server server-info request has been detected
4635| [16889] Apache HTTP Server server-status request has been detected
4636| [16705] Apache mod_ssl format string attack
4637| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
4638| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
4639| [16230] Apache HTTP Server PHP denial of service
4640| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
4641| [15958] Apache HTTP Server authentication modules memory corruption
4642| [15547] Apache HTTP Server mod_disk_cache local information disclosure
4643| [15540] Apache HTTP Server socket starvation denial of service
4644| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
4645| [15422] Apache HTTP Server mod_access information disclosure
4646| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
4647| [15293] Apache for Cygwin "
4648| [15065] Apache-SSL has a default password
4649| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
4650| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
4651| [14751] Apache Mod_python output filter information disclosure
4652| [14125] Apache HTTP Server mod_userdir module information disclosure
4653| [14075] Apache HTTP Server mod_php file descriptor leak
4654| [13703] Apache HTTP Server account
4655| [13689] Apache HTTP Server configuration allows symlinks
4656| [13688] Apache HTTP Server configuration allows SSI
4657| [13687] Apache HTTP Server Server: header value
4658| [13685] Apache HTTP Server ServerTokens value
4659| [13684] Apache HTTP Server ServerSignature value
4660| [13672] Apache HTTP Server config allows directory autoindexing
4661| [13671] Apache HTTP Server default content
4662| [13670] Apache HTTP Server config file directive references outside content root
4663| [13668] Apache HTTP Server httpd not running in chroot environment
4664| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
4665| [13664] Apache HTTP Server config file contains ScriptAlias entry
4666| [13663] Apache HTTP Server CGI support modules loaded
4667| [13661] Apache HTTP Server config file contains AddHandler entry
4668| [13660] Apache HTTP Server 500 error page not CGI script
4669| [13659] Apache HTTP Server 413 error page not CGI script
4670| [13658] Apache HTTP Server 403 error page not CGI script
4671| [13657] Apache HTTP Server 401 error page not CGI script
4672| [13552] Apache HTTP Server mod_cgid module information disclosure
4673| [13550] Apache GET request directory traversal
4674| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
4675| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
4676| [13429] Apache Tomcat non-HTTP request denial of service
4677| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
4678| [13295] Apache weak password encryption
4679| [13254] Apache Tomcat .jsp cross-site scripting
4680| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
4681| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
4682| [12681] Apache HTTP Server mod_proxy could allow mail relaying
4683| [12662] Apache HTTP Server rotatelogs denial of service
4684| [12554] Apache Tomcat stores password in plain text
4685| [12553] Apache HTTP Server redirects and subrequests denial of service
4686| [12552] Apache HTTP Server FTP proxy server denial of service
4687| [12551] Apache HTTP Server prefork MPM denial of service
4688| [12550] Apache HTTP Server weaker than expected encryption
4689| [12549] Apache HTTP Server type-map file denial of service
4690| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
4691| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
4692| [12091] Apache HTTP Server apr_password_validate denial of service
4693| [12090] Apache HTTP Server apr_psprintf code execution
4694| [11804] Apache HTTP Server mod_access_referer denial of service
4695| [11750] Apache HTTP Server could leak sensitive file descriptors
4696| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
4697| [11703] Apache long slash path allows directory listing
4698| [11695] Apache HTTP Server LF (Line Feed) denial of service
4699| [11694] Apache HTTP Server filestat.c denial of service
4700| [11438] Apache HTTP Server MIME message boundaries information disclosure
4701| [11412] Apache HTTP Server error log terminal escape sequence injection
4702| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
4703| [11195] Apache Tomcat web.xml could be used to read files
4704| [11194] Apache Tomcat URL appended with a null character could list directories
4705| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
4706| [11126] Apache HTTP Server illegal character file disclosure
4707| [11125] Apache HTTP Server DOS device name HTTP POST code execution
4708| [11124] Apache HTTP Server DOS device name denial of service
4709| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
4710| [10938] Apache HTTP Server printenv test CGI cross-site scripting
4711| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
4712| [10575] Apache mod_php module could allow an attacker to take over the httpd process
4713| [10499] Apache HTTP Server WebDAV HTTP POST view source
4714| [10457] Apache HTTP Server mod_ssl "
4715| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
4716| [10414] Apache HTTP Server htdigest multiple buffer overflows
4717| [10413] Apache HTTP Server htdigest temporary file race condition
4718| [10412] Apache HTTP Server htpasswd temporary file race condition
4719| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
4720| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
4721| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
4722| [10280] Apache HTTP Server shared memory scorecard overwrite
4723| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
4724| [10241] Apache HTTP Server Host: header cross-site scripting
4725| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
4726| [10208] Apache HTTP Server mod_dav denial of service
4727| [10206] HP VVOS Apache mod_ssl denial of service
4728| [10200] Apache HTTP Server stderr denial of service
4729| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
4730| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
4731| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
4732| [10098] Slapper worm targets OpenSSL/Apache systems
4733| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
4734| [9875] Apache HTTP Server .var file request could disclose installation path
4735| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
4736| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
4737| [9623] Apache HTTP Server ap_log_rerror() path disclosure
4738| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
4739| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
4740| [9396] Apache Tomcat null character to threads denial of service
4741| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
4742| [9249] Apache HTTP Server chunked encoding heap buffer overflow
4743| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
4744| [8932] Apache Tomcat example class information disclosure
4745| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
4746| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
4747| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
4748| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
4749| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
4750| [8400] Apache HTTP Server mod_frontpage buffer overflows
4751| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
4752| [8308] Apache "
4753| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
4754| [8119] Apache and PHP OPTIONS request reveals "
4755| [8054] Apache is running on the system
4756| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
4757| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
4758| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
4759| [7836] Apache HTTP Server log directory denial of service
4760| [7815] Apache for Windows "
4761| [7810] Apache HTTP request could result in unexpected behavior
4762| [7599] Apache Tomcat reveals installation path
4763| [7494] Apache "
4764| [7419] Apache Web Server could allow remote attackers to overwrite .log files
4765| [7363] Apache Web Server hidden HTTP requests
4766| [7249] Apache mod_proxy denial of service
4767| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
4768| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
4769| [7059] Apache "
4770| [7057] Apache "
4771| [7056] Apache "
4772| [7055] Apache "
4773| [7054] Apache "
4774| [6997] Apache Jakarta Tomcat error message may reveal information
4775| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
4776| [6970] Apache crafted HTTP request could reveal the internal IP address
4777| [6921] Apache long slash path allows directory listing
4778| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
4779| [6527] Apache Web Server for Windows and OS2 denial of service
4780| [6316] Apache Jakarta Tomcat may reveal JSP source code
4781| [6305] Apache Jakarta Tomcat directory traversal
4782| [5926] Linux Apache symbolic link
4783| [5659] Apache Web server discloses files when used with php script
4784| [5310] Apache mod_rewrite allows attacker to view arbitrary files
4785| [5204] Apache WebDAV directory listings
4786| [5197] Apache Web server reveals CGI script source code
4787| [5160] Apache Jakarta Tomcat default installation
4788| [5099] Trustix Secure Linux installs Apache with world writable access
4789| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
4790| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
4791| [4931] Apache source.asp example file allows users to write to files
4792| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
4793| [4205] Apache Jakarta Tomcat delivers file contents
4794| [2084] Apache on Debian by default serves the /usr/doc directory
4795| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
4796| [697] Apache HTTP server beck exploit
4797| [331] Apache cookies buffer overflow
4798|
4799| Exploit-DB - https://www.exploit-db.com:
4800| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
4801| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4802| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4803| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
4804| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
4805| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
4806| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
4807| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
4808| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
4809| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4810| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
4811| [29859] Apache Roller OGNL Injection
4812| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
4813| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
4814| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
4815| [29290] Apache / PHP 5.x Remote Code Execution Exploit
4816| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
4817| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
4818| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
4819| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
4820| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
4821| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
4822| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
4823| [27096] Apache Geronimo 1.0 Error Page XSS
4824| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
4825| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
4826| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
4827| [25986] Plesk Apache Zeroday Remote Exploit
4828| [25980] Apache Struts includeParams Remote Code Execution
4829| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
4830| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
4831| [24874] Apache Struts ParametersInterceptor Remote Code Execution
4832| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
4833| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
4834| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
4835| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
4836| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
4837| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
4838| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
4839| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
4840| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
4841| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
4842| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
4843| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
4844| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
4845| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
4846| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
4847| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
4848| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4849| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
4850| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
4851| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4852| [21719] Apache 2.0 Path Disclosure Vulnerability
4853| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4854| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
4855| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
4856| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
4857| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
4858| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
4859| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
4860| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
4861| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
4862| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
4863| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
4864| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
4865| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
4866| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
4867| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
4868| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
4869| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
4870| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
4871| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
4872| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
4873| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
4874| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
4875| [20558] Apache 1.2 Web Server DoS Vulnerability
4876| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
4877| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
4878| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
4879| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
4880| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
4881| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
4882| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
4883| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
4884| [19231] PHP apache_request_headers Function Buffer Overflow
4885| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
4886| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
4887| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
4888| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
4889| [18442] Apache httpOnly Cookie Disclosure
4890| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
4891| [18221] Apache HTTP Server Denial of Service
4892| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
4893| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
4894| [17691] Apache Struts < 2.2.0 - Remote Command Execution
4895| [16798] Apache mod_jk 1.2.20 Buffer Overflow
4896| [16782] Apache Win32 Chunked Encoding
4897| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
4898| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
4899| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
4900| [15319] Apache 2.2 (Windows) Local Denial of Service
4901| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
4902| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
4903| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
4904| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
4905| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
4906| [12330] Apache OFBiz - Multiple XSS
4907| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
4908| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
4909| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
4910| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
4911| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
4912| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
4913| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
4914| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4915| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4916| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
4917| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
4918| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
4919| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
4920| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
4921| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
4922| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
4923| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
4924| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
4925| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
4926| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
4927| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
4928| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
4929| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
4930| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
4931| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
4932| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
4933| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
4934| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
4935| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
4936| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
4937| [466] htpasswd Apache 1.3.31 - Local Exploit
4938| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
4939| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
4940| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
4941| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
4942| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
4943| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
4944| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
4945| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
4946| [9] Apache HTTP Server 2.x Memory Leak Exploit
4947|
4948| OpenVAS (Nessus) - http://www.openvas.org:
4949| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
4950| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
4951| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4952| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
4953| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
4954| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4955| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4956| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
4957| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
4958| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
4959| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
4960| [900571] Apache APR-Utils Version Detection
4961| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
4962| [900496] Apache Tiles Multiple XSS Vulnerability
4963| [900493] Apache Tiles Version Detection
4964| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
4965| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
4966| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
4967| [870175] RedHat Update for apache RHSA-2008:0004-01
4968| [864591] Fedora Update for apache-poi FEDORA-2012-10835
4969| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
4970| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
4971| [864250] Fedora Update for apache-poi FEDORA-2012-7683
4972| [864249] Fedora Update for apache-poi FEDORA-2012-7686
4973| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
4974| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
4975| [855821] Solaris Update for Apache 1.3 122912-19
4976| [855812] Solaris Update for Apache 1.3 122911-19
4977| [855737] Solaris Update for Apache 1.3 122911-17
4978| [855731] Solaris Update for Apache 1.3 122912-17
4979| [855695] Solaris Update for Apache 1.3 122911-16
4980| [855645] Solaris Update for Apache 1.3 122912-16
4981| [855587] Solaris Update for kernel update and Apache 108529-29
4982| [855566] Solaris Update for Apache 116973-07
4983| [855531] Solaris Update for Apache 116974-07
4984| [855524] Solaris Update for Apache 2 120544-14
4985| [855494] Solaris Update for Apache 1.3 122911-15
4986| [855478] Solaris Update for Apache Security 114145-11
4987| [855472] Solaris Update for Apache Security 113146-12
4988| [855179] Solaris Update for Apache 1.3 122912-15
4989| [855147] Solaris Update for kernel update and Apache 108528-29
4990| [855077] Solaris Update for Apache 2 120543-14
4991| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
4992| [850088] SuSE Update for apache2 SUSE-SA:2007:061
4993| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
4994| [841209] Ubuntu Update for apache2 USN-1627-1
4995| [840900] Ubuntu Update for apache2 USN-1368-1
4996| [840798] Ubuntu Update for apache2 USN-1259-1
4997| [840734] Ubuntu Update for apache2 USN-1199-1
4998| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
4999| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5000| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5001| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5002| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5003| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5004| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5005| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5006| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5007| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5008| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5009| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5010| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5011| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5012| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5013| [835188] HP-UX Update for Apache HPSBUX02308
5014| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5015| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5016| [835172] HP-UX Update for Apache HPSBUX02365
5017| [835168] HP-UX Update for Apache HPSBUX02313
5018| [835148] HP-UX Update for Apache HPSBUX01064
5019| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5020| [835131] HP-UX Update for Apache HPSBUX00256
5021| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5022| [835104] HP-UX Update for Apache HPSBUX00224
5023| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5024| [835101] HP-UX Update for Apache HPSBUX01232
5025| [835080] HP-UX Update for Apache HPSBUX02273
5026| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5027| [835044] HP-UX Update for Apache HPSBUX01019
5028| [835040] HP-UX Update for Apache PHP HPSBUX00207
5029| [835025] HP-UX Update for Apache HPSBUX00197
5030| [835023] HP-UX Update for Apache HPSBUX01022
5031| [835022] HP-UX Update for Apache HPSBUX02292
5032| [835005] HP-UX Update for Apache HPSBUX02262
5033| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5034| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5035| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5036| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5037| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5038| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5039| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5040| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5041| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5042| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5043| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5044| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5045| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5046| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5047| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5048| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5049| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5050| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5051| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5052| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5053| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5054| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5055| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5056| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5057| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5058| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5059| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5060| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5061| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5062| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5063| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5064| [801942] Apache Archiva Multiple Vulnerabilities
5065| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5066| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5067| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5068| [801284] Apache Derby Information Disclosure Vulnerability
5069| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5070| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5071| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5072| [800680] Apache APR Version Detection
5073| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5074| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5075| [800677] Apache Roller Version Detection
5076| [800279] Apache mod_jk Module Version Detection
5077| [800278] Apache Struts Cross Site Scripting Vulnerability
5078| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5079| [800276] Apache Struts Version Detection
5080| [800271] Apache Struts Directory Traversal Vulnerability
5081| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5082| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5083| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5084| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5085| [103074] Apache Continuum Cross Site Scripting Vulnerability
5086| [103073] Apache Continuum Detection
5087| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5088| [101023] Apache Open For Business Weak Password security check
5089| [101020] Apache Open For Business HTML injection vulnerability
5090| [101019] Apache Open For Business service detection
5091| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5092| [100923] Apache Archiva Detection
5093| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5094| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5095| [100813] Apache Axis2 Detection
5096| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5097| [100795] Apache Derby Detection
5098| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5099| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5100| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5101| [100514] Apache Multiple Security Vulnerabilities
5102| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5103| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5104| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5105| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5106| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5107| [72612] FreeBSD Ports: apache22
5108| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5109| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5110| [71512] FreeBSD Ports: apache
5111| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5112| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5113| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5114| [70737] FreeBSD Ports: apache
5115| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5116| [70600] FreeBSD Ports: apache
5117| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5118| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5119| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5120| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5121| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5122| [67868] FreeBSD Ports: apache
5123| [66816] FreeBSD Ports: apache
5124| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5125| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5126| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5127| [66081] SLES11: Security update for Apache 2
5128| [66074] SLES10: Security update for Apache 2
5129| [66070] SLES9: Security update for Apache 2
5130| [65998] SLES10: Security update for apache2-mod_python
5131| [65893] SLES10: Security update for Apache 2
5132| [65888] SLES10: Security update for Apache 2
5133| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5134| [65510] SLES9: Security update for Apache 2
5135| [65472] SLES9: Security update for Apache
5136| [65467] SLES9: Security update for Apache
5137| [65450] SLES9: Security update for apache2
5138| [65390] SLES9: Security update for Apache2
5139| [65363] SLES9: Security update for Apache2
5140| [65309] SLES9: Security update for Apache and mod_ssl
5141| [65296] SLES9: Security update for webdav apache module
5142| [65283] SLES9: Security update for Apache2
5143| [65249] SLES9: Security update for Apache 2
5144| [65230] SLES9: Security update for Apache 2
5145| [65228] SLES9: Security update for Apache 2
5146| [65212] SLES9: Security update for apache2-mod_python
5147| [65209] SLES9: Security update for apache2-worker
5148| [65207] SLES9: Security update for Apache 2
5149| [65168] SLES9: Security update for apache2-mod_python
5150| [65142] SLES9: Security update for Apache2
5151| [65136] SLES9: Security update for Apache 2
5152| [65132] SLES9: Security update for apache
5153| [65131] SLES9: Security update for Apache 2 oes/CORE
5154| [65113] SLES9: Security update for apache2
5155| [65072] SLES9: Security update for apache and mod_ssl
5156| [65017] SLES9: Security update for Apache 2
5157| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5158| [64783] FreeBSD Ports: apache
5159| [64774] Ubuntu USN-802-2 (apache2)
5160| [64653] Ubuntu USN-813-2 (apache2)
5161| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5162| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5163| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5164| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5165| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5166| [64443] Ubuntu USN-802-1 (apache2)
5167| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5168| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5169| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5170| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5171| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5172| [64201] Ubuntu USN-787-1 (apache2)
5173| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5174| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5175| [63565] FreeBSD Ports: apache
5176| [63562] Ubuntu USN-731-1 (apache2)
5177| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5178| [61185] FreeBSD Ports: apache
5179| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5180| [60387] Slackware Advisory SSA:2008-045-02 apache
5181| [58826] FreeBSD Ports: apache-tomcat
5182| [58825] FreeBSD Ports: apache-tomcat
5183| [58804] FreeBSD Ports: apache
5184| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5185| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5186| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5187| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5188| [57335] Debian Security Advisory DSA 1167-1 (apache)
5189| [57201] Debian Security Advisory DSA 1131-1 (apache)
5190| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5191| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5192| [57145] FreeBSD Ports: apache
5193| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5194| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5195| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5196| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5197| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5198| [56067] FreeBSD Ports: apache
5199| [55803] Slackware Advisory SSA:2005-310-04 apache
5200| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5201| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5202| [55355] FreeBSD Ports: apache
5203| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5204| [55261] Debian Security Advisory DSA 805-1 (apache2)
5205| [55259] Debian Security Advisory DSA 803-1 (apache)
5206| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5207| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5208| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5209| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5210| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5211| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5212| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5213| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5214| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5215| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5216| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5217| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5218| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5219| [54439] FreeBSD Ports: apache
5220| [53931] Slackware Advisory SSA:2004-133-01 apache
5221| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5222| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5223| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5224| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5225| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5226| [53848] Debian Security Advisory DSA 131-1 (apache)
5227| [53784] Debian Security Advisory DSA 021-1 (apache)
5228| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5229| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5230| [53735] Debian Security Advisory DSA 187-1 (apache)
5231| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5232| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5233| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5234| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5235| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5236| [53282] Debian Security Advisory DSA 594-1 (apache)
5237| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5238| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5239| [53215] Debian Security Advisory DSA 525-1 (apache)
5240| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5241| [52529] FreeBSD Ports: apache+ssl
5242| [52501] FreeBSD Ports: apache
5243| [52461] FreeBSD Ports: apache
5244| [52390] FreeBSD Ports: apache
5245| [52389] FreeBSD Ports: apache
5246| [52388] FreeBSD Ports: apache
5247| [52383] FreeBSD Ports: apache
5248| [52339] FreeBSD Ports: apache+mod_ssl
5249| [52331] FreeBSD Ports: apache
5250| [52329] FreeBSD Ports: ru-apache+mod_ssl
5251| [52314] FreeBSD Ports: apache
5252| [52310] FreeBSD Ports: apache
5253| [15588] Detect Apache HTTPS
5254| [15555] Apache mod_proxy content-length buffer overflow
5255| [15554] Apache mod_include priviledge escalation
5256| [14771] Apache <= 1.3.33 htpasswd local overflow
5257| [14177] Apache mod_access rule bypass
5258| [13644] Apache mod_rootme Backdoor
5259| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5260| [12280] Apache Connection Blocking Denial of Service
5261| [12239] Apache Error Log Escape Sequence Injection
5262| [12123] Apache Tomcat source.jsp malformed request information disclosure
5263| [12085] Apache Tomcat servlet/JSP container default files
5264| [11438] Apache Tomcat Directory Listing and File disclosure
5265| [11204] Apache Tomcat Default Accounts
5266| [11092] Apache 2.0.39 Win32 directory traversal
5267| [11046] Apache Tomcat TroubleShooter Servlet Installed
5268| [11042] Apache Tomcat DOS Device Name XSS
5269| [11041] Apache Tomcat /servlet Cross Site Scripting
5270| [10938] Apache Remote Command Execution via .bat files
5271| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5272| [10773] MacOS X Finder reveals contents of Apache Web files
5273| [10766] Apache UserDir Sensitive Information Disclosure
5274| [10756] MacOS X Finder reveals contents of Apache Web directories
5275| [10752] Apache Auth Module SQL Insertion Attack
5276| [10704] Apache Directory Listing
5277| [10678] Apache /server-info accessible
5278| [10677] Apache /server-status accessible
5279| [10440] Check for Apache Multiple / vulnerability
5280|
5281| SecurityTracker - https://www.securitytracker.com:
5282| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5283| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5284| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5285| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5286| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5287| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5288| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5289| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5290| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5291| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5292| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5293| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5294| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5295| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5296| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5297| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5298| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5299| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5300| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5301| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5302| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5303| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5304| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5305| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5306| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5307| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5308| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5309| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5310| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5311| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5312| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5313| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5314| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5315| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5316| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5317| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5318| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5319| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5320| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5321| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5322| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5323| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5324| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5325| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5326| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5327| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5328| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5329| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5330| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5331| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5332| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5333| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5334| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5335| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5336| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5337| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5338| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5339| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5340| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5341| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5342| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5343| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5344| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5345| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5346| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5347| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5348| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5349| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5350| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5351| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5352| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5353| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5354| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5355| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5356| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5357| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5358| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5359| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5360| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5361| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5362| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5363| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5364| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5365| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5366| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5367| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5368| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5369| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5370| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5371| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5372| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5373| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5374| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5375| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5376| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5377| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5378| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5379| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5380| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5381| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5382| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5383| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5384| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5385| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5386| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5387| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5388| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5389| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5390| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5391| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5392| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5393| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5394| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5395| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5396| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5397| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5398| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5399| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5400| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5401| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5402| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5403| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5404| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5405| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5406| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5407| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5408| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5409| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5410| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5411| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5412| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5413| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5414| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5415| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5416| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5417| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5418| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5419| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5420| [1008920] Apache mod_digest May Validate Replayed Client Responses
5421| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5422| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5423| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5424| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5425| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5426| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5427| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5428| [1008029] Apache mod_alias Contains a Buffer Overflow
5429| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5430| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5431| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5432| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5433| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5434| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5435| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5436| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5437| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5438| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5439| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5440| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5441| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5442| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5443| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5444| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5445| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5446| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5447| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5448| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5449| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5450| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5451| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5452| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5453| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5454| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5455| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5456| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5457| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5458| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5459| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5460| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5461| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5462| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5463| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5464| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5465| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5466| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5467| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5468| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5469| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5470| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5471| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5472| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5473| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5474| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5475| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5476| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5477| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5478| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5479| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5480| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5481| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5482| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5483| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5484| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5485|
5486| OSVDB - http://www.osvdb.org:
5487| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5488| [96077] Apache CloudStack Global Settings Multiple Field XSS
5489| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5490| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5491| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5492| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5493| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5494| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5495| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5496| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5497| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5498| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5499| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5500| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5501| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5502| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5503| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5504| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5505| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5506| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5507| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5508| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5509| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5510| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5511| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5512| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5513| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5514| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5515| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5516| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5517| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5518| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5519| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5520| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5521| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5522| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5523| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5524| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5525| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5526| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5527| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5528| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5529| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5530| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5531| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5532| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5533| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5534| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5535| [94279] Apache Qpid CA Certificate Validation Bypass
5536| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5537| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5538| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5539| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5540| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5541| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5542| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5543| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5544| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5545| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5546| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5547| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5548| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5549| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5550| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5551| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5552| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5553| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5554| [93541] Apache Solr json.wrf Callback XSS
5555| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5556| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5557| [93520] Apache CloudStack Default SSL Key Weakness
5558| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5559| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5560| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5561| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5562| [93515] Apache HBase table.jsp name Parameter XSS
5563| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5564| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5565| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5566| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5567| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5568| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5569| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5570| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5571| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5572| [93252] Apache Tomcat FORM Authenticator Session Fixation
5573| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5574| [93171] Apache Sling HtmlResponse Error Message XSS
5575| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5576| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5577| [93168] Apache Click ErrorReport.java id Parameter XSS
5578| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5579| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5580| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5581| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5582| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5583| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5584| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5585| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5586| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5587| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5588| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5589| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5590| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5591| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5592| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5593| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5594| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5595| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5596| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5597| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5598| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5599| [93144] Apache Solr Admin Command Execution CSRF
5600| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5601| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5602| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5603| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5604| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5605| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5606| [92748] Apache CloudStack VM Console Access Restriction Bypass
5607| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5608| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5609| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5610| [92706] Apache ActiveMQ Debug Log Rendering XSS
5611| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5612| [92270] Apache Tomcat Unspecified CSRF
5613| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5614| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5615| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5616| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5617| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5618| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5619| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5620| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5621| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5622| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5623| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5624| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5625| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5626| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5627| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5628| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5629| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5630| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5631| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5632| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5633| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5634| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5635| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
5636| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
5637| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
5638| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
5639| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
5640| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
5641| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
5642| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
5643| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
5644| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
5645| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
5646| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
5647| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
5648| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
5649| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
5650| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
5651| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
5652| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
5653| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
5654| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
5655| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
5656| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
5657| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
5658| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
5659| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
5660| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
5661| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
5662| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
5663| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
5664| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
5665| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
5666| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
5667| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
5668| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
5669| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
5670| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
5671| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
5672| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
5673| [86901] Apache Tomcat Error Message Path Disclosure
5674| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
5675| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
5676| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
5677| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
5678| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
5679| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
5680| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
5681| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
5682| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
5683| [85430] Apache mod_pagespeed Module Unspecified XSS
5684| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
5685| [85249] Apache Wicket Unspecified XSS
5686| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
5687| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
5688| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
5689| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
5690| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
5691| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
5692| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
5693| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
5694| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
5695| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
5696| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
5697| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
5698| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
5699| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
5700| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
5701| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
5702| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
5703| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
5704| [83339] Apache Roller Blogger Roll Unspecified XSS
5705| [83270] Apache Roller Unspecified Admin Action CSRF
5706| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
5707| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
5708| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
5709| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
5710| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
5711| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
5712| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
5713| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
5714| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
5715| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
5716| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
5717| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
5718| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
5719| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
5720| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
5721| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
5722| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
5723| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
5724| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
5725| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
5726| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
5727| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
5728| [80300] Apache Wicket wicket:pageMapName Parameter XSS
5729| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
5730| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
5731| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
5732| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
5733| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
5734| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
5735| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
5736| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
5737| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
5738| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
5739| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
5740| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
5741| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
5742| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
5743| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
5744| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
5745| [78331] Apache Tomcat Request Object Recycling Information Disclosure
5746| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
5747| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
5748| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
5749| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
5750| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
5751| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
5752| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
5753| [77593] Apache Struts Conversion Error OGNL Expression Injection
5754| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
5755| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
5756| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
5757| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
5758| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
5759| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
5760| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
5761| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
5762| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
5763| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
5764| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
5765| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
5766| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
5767| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
5768| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
5769| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
5770| [74725] Apache Wicket Multi Window Support Unspecified XSS
5771| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
5772| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
5773| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
5774| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
5775| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
5776| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
5777| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
5778| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
5779| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
5780| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
5781| [73644] Apache XML Security Signature Key Parsing Overflow DoS
5782| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
5783| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
5784| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
5785| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
5786| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
5787| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
5788| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
5789| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
5790| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
5791| [73154] Apache Archiva Multiple Unspecified CSRF
5792| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
5793| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
5794| [72238] Apache Struts Action / Method Names <
5795| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
5796| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
5797| [71557] Apache Tomcat HTML Manager Multiple XSS
5798| [71075] Apache Archiva User Management Page XSS
5799| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
5800| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
5801| [70924] Apache Continuum Multiple Admin Function CSRF
5802| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
5803| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
5804| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
5805| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
5806| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
5807| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
5808| [69520] Apache Archiva Administrator Credential Manipulation CSRF
5809| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
5810| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
5811| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
5812| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
5813| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
5814| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
5815| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
5816| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
5817| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
5818| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
5819| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
5820| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
5821| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
5822| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
5823| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
5824| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
5825| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
5826| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
5827| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
5828| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
5829| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
5830| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
5831| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
5832| [65054] Apache ActiveMQ Jetty Error Handler XSS
5833| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
5834| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
5835| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
5836| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
5837| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
5838| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
5839| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
5840| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
5841| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
5842| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
5843| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
5844| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
5845| [63895] Apache HTTP Server mod_headers Unspecified Issue
5846| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
5847| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
5848| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
5849| [63140] Apache Thrift Service Malformed Data Remote DoS
5850| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
5851| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
5852| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
5853| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
5854| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
5855| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
5856| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
5857| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
5858| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
5859| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
5860| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
5861| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
5862| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
5863| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
5864| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
5865| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
5866| [60678] Apache Roller Comment Email Notification Manipulation DoS
5867| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
5868| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
5869| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
5870| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
5871| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
5872| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
5873| [60232] PHP on Apache php.exe Direct Request Remote DoS
5874| [60176] Apache Tomcat Windows Installer Admin Default Password
5875| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
5876| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
5877| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
5878| [59944] Apache Hadoop jobhistory.jsp XSS
5879| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
5880| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
5881| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
5882| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
5883| [59019] Apache mod_python Cookie Salting Weakness
5884| [59018] Apache Harmony Error Message Handling Overflow
5885| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
5886| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
5887| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
5888| [59010] Apache Solr get-file.jsp XSS
5889| [59009] Apache Solr action.jsp XSS
5890| [59008] Apache Solr analysis.jsp XSS
5891| [59007] Apache Solr schema.jsp Multiple Parameter XSS
5892| [59006] Apache Beehive select / checkbox Tag XSS
5893| [59005] Apache Beehive jpfScopeID Global Parameter XSS
5894| [59004] Apache Beehive Error Message XSS
5895| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
5896| [59002] Apache Jetspeed default-page.psml URI XSS
5897| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
5898| [59000] Apache CXF Unsigned Message Policy Bypass
5899| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
5900| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
5901| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
5902| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
5903| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
5904| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
5905| [58993] Apache Hadoop browseBlock.jsp XSS
5906| [58991] Apache Hadoop browseDirectory.jsp XSS
5907| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
5908| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
5909| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
5910| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
5911| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
5912| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
5913| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
5914| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
5915| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
5916| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
5917| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
5918| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
5919| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
5920| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
5921| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
5922| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
5923| [58974] Apache Sling /apps Script User Session Management Access Weakness
5924| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
5925| [58931] Apache Geronimo Cookie Parameters Validation Weakness
5926| [58930] Apache Xalan-C++ XPath Handling Remote DoS
5927| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
5928| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
5929| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
5930| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
5931| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
5932| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
5933| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
5934| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
5935| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
5936| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
5937| [58805] Apache Derby Unauthenticated Database / Admin Access
5938| [58804] Apache Wicket Header Contribution Unspecified Issue
5939| [58803] Apache Wicket Session Fixation
5940| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
5941| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
5942| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
5943| [58799] Apache Tapestry Logging Cleartext Password Disclosure
5944| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
5945| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
5946| [58796] Apache Jetspeed Unsalted Password Storage Weakness
5947| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
5948| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
5949| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
5950| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
5951| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
5952| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
5953| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
5954| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
5955| [58775] Apache JSPWiki preview.jsp action Parameter XSS
5956| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
5957| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
5958| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
5959| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
5960| [58770] Apache JSPWiki Group.jsp group Parameter XSS
5961| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
5962| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
5963| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
5964| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
5965| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
5966| [58763] Apache JSPWiki Include Tag Multiple Script XSS
5967| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
5968| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
5969| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
5970| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
5971| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
5972| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
5973| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
5974| [58755] Apache Harmony DRLVM Non-public Class Member Access
5975| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
5976| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
5977| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
5978| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
5979| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
5980| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
5981| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
5982| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
5983| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
5984| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
5985| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
5986| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
5987| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
5988| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
5989| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
5990| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
5991| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
5992| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
5993| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
5994| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
5995| [58725] Apache Tapestry Basic String ACL Bypass Weakness
5996| [58724] Apache Roller Logout Functionality Failure Session Persistence
5997| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
5998| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
5999| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6000| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6001| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6002| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6003| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6004| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6005| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6006| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6007| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6008| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6009| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6010| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6011| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6012| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6013| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6014| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6015| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6016| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6017| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6018| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6019| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6020| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6021| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6022| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6023| [58687] Apache Axis Invalid wsdl Request XSS
6024| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6025| [58685] Apache Velocity Template Designer Privileged Code Execution
6026| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6027| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6028| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6029| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6030| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6031| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6032| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6033| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6034| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6035| [58667] Apache Roller Database Cleartext Passwords Disclosure
6036| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6037| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6038| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6039| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6040| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6041| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6042| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6043| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6044| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6045| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6046| [56984] Apache Xerces2 Java Malformed XML Input DoS
6047| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6048| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6049| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6050| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6051| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6052| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6053| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6054| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6055| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6056| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6057| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6058| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6059| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6060| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6061| [55056] Apache Tomcat Cross-application TLD File Manipulation
6062| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6063| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6064| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6065| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6066| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6067| [54589] Apache Jserv Nonexistent JSP Request XSS
6068| [54122] Apache Struts s:a / s:url Tag href Element XSS
6069| [54093] Apache ActiveMQ Web Console JMS Message XSS
6070| [53932] Apache Geronimo Multiple Admin Function CSRF
6071| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6072| [53930] Apache Geronimo /console/portal/ URI XSS
6073| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6074| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6075| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6076| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6077| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6078| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6079| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6080| [53380] Apache Struts Unspecified XSS
6081| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6082| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6083| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6084| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6085| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6086| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6087| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6088| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6089| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6090| [51151] Apache Roller Search Function q Parameter XSS
6091| [50482] PHP with Apache php_value Order Unspecified Issue
6092| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6093| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6094| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6095| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6096| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6097| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6098| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6099| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6100| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6101| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6102| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6103| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6104| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6105| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6106| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6107| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6108| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6109| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6110| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6111| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6112| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6113| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6114| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6115| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6116| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6117| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6118| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6119| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6120| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6121| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6122| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6123| [43452] Apache Tomcat HTTP Request Smuggling
6124| [43309] Apache Geronimo LoginModule Login Method Bypass
6125| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6126| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6127| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6128| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6129| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6130| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6131| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6132| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6133| [42091] Apache Maven Site Plugin Installation Permission Weakness
6134| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6135| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6136| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6137| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6138| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6139| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6140| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6141| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6142| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6143| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6144| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6145| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6146| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6147| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6148| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6149| [40262] Apache HTTP Server mod_status refresh XSS
6150| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6151| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6152| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6153| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6154| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6155| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6156| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6157| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6158| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6159| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6160| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6161| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6162| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6163| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6164| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6165| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6166| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6167| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6168| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6169| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6170| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6171| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6172| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6173| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6174| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6175| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6176| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6177| [36079] Apache Tomcat Manager Uploaded Filename XSS
6178| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6179| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6180| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6181| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6182| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6183| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6184| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6185| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6186| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6187| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6188| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6189| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6190| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6191| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6192| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6193| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6194| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6195| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6196| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6197| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6198| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6199| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6200| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6201| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6202| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6203| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6204| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6205| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6206| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6207| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6208| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6209| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6210| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6211| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6212| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6213| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6214| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6215| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6216| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6217| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6218| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6219| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6220| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6221| [24365] Apache Struts Multiple Function Error Message XSS
6222| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6223| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6224| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6225| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6226| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6227| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6228| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6229| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6230| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6231| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6232| [22459] Apache Geronimo Error Page XSS
6233| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6234| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6235| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6236| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6237| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6238| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6239| [21021] Apache Struts Error Message XSS
6240| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6241| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6242| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6243| [20439] Apache Tomcat Directory Listing Saturation DoS
6244| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6245| [20285] Apache HTTP Server Log File Control Character Injection
6246| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6247| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6248| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6249| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6250| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6251| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6252| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6253| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6254| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6255| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6256| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6257| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6258| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6259| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6260| [18233] Apache HTTP Server htdigest user Variable Overfow
6261| [17738] Apache HTTP Server HTTP Request Smuggling
6262| [16586] Apache HTTP Server Win32 GET Overflow DoS
6263| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6264| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6265| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6266| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6267| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6268| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6269| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6270| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6271| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6272| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6273| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6274| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6275| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6276| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6277| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6278| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6279| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6280| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6281| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6282| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6283| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6284| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6285| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6286| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6287| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6288| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6289| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6290| [13304] Apache Tomcat realPath.jsp Path Disclosure
6291| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6292| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6293| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6294| [12848] Apache HTTP Server htdigest realm Variable Overflow
6295| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6296| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6297| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6298| [12557] Apache HTTP Server prefork MPM accept Error DoS
6299| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6300| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6301| [12231] Apache Tomcat web.xml Arbitrary File Access
6302| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6303| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6304| [12178] Apache Jakarta Lucene results.jsp XSS
6305| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6306| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6307| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6308| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6309| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6310| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6311| [10471] Apache Xerces-C++ XML Parser DoS
6312| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6313| [10068] Apache HTTP Server htpasswd Local Overflow
6314| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6315| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6316| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6317| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6318| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6319| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6320| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6321| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6322| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6323| [9714] Apache Authentication Module Threaded MPM DoS
6324| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6325| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6326| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6327| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6328| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6329| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6330| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6331| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6332| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6333| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6334| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6335| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6336| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6337| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6338| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6339| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6340| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6341| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6342| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6343| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6344| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6345| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6346| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6347| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6348| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6349| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6350| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6351| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6352| [9208] Apache Tomcat .jsp Encoded Newline XSS
6353| [9204] Apache Tomcat ROOT Application XSS
6354| [9203] Apache Tomcat examples Application XSS
6355| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6356| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6357| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6358| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6359| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6360| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6361| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6362| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6363| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6364| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6365| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6366| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6367| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6368| [7611] Apache HTTP Server mod_alias Local Overflow
6369| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6370| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6371| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6372| [6882] Apache mod_python Malformed Query String Variant DoS
6373| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6374| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6375| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6376| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6377| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6378| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6379| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6380| [5278] Apache Tomcat web.xml Restriction Bypass
6381| [5051] Apache Tomcat Null Character DoS
6382| [4973] Apache Tomcat servlet Mapping XSS
6383| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6384| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6385| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6386| [4568] mod_survey For Apache ENV Tags SQL Injection
6387| [4553] Apache HTTP Server ApacheBench Overflow DoS
6388| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6389| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6390| [4383] Apache HTTP Server Socket Race Condition DoS
6391| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6392| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6393| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6394| [4231] Apache Cocoon Error Page Server Path Disclosure
6395| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6396| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6397| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6398| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6399| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6400| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6401| [3322] mod_php for Apache HTTP Server Process Hijack
6402| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6403| [2885] Apache mod_python Malformed Query String DoS
6404| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6405| [2733] Apache HTTP Server mod_rewrite Local Overflow
6406| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6407| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6408| [2149] Apache::Gallery Privilege Escalation
6409| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6410| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6411| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6412| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6413| [872] Apache Tomcat Multiple Default Accounts
6414| [862] Apache HTTP Server SSI Error Page XSS
6415| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6416| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6417| [845] Apache Tomcat MSDOS Device XSS
6418| [844] Apache Tomcat Java Servlet Error Page XSS
6419| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6420| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6421| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6422| [775] Apache mod_python Module Importing Privilege Function Execution
6423| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6424| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6425| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6426| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6427| [637] Apache HTTP Server UserDir Directive Username Enumeration
6428| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6429| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6430| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6431| [561] Apache Web Servers mod_status /server-status Information Disclosure
6432| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6433| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6434| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6435| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6436| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6437| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6438| [376] Apache Tomcat contextAdmin Arbitrary File Access
6439| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6440| [222] Apache HTTP Server test-cgi Arbitrary File Access
6441| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6442| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6443|_
6444Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6445Device type: WAP|general purpose|router
6446Running: Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
6447OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
6448OS details: Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
6449Network Distance: 26 hops
6450
6451TRACEROUTE (using port 80/tcp)
6452HOP RTT ADDRESS
64531 62.93 ms 10.249.204.1
64542 93.07 ms 104.245.145.177
64553 93.10 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
64564 93.11 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
64575 93.11 ms te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169)
64586 93.13 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
64597 93.14 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
64608 93.16 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
64619 122.39 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
646210 93.19 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
646311 93.75 ms be3110.ccr22.sfo01.atlas.cogentco.com (154.54.44.141)
646412 145.48 ms be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14)
646513 145.48 ms 38.88.224.178
646614 116.26 ms 111.87.3.105
646715 279.83 ms 106.187.13.1
646816 279.80 ms 27.90.132.66
646917 225.65 ms 27.85.226.110
647018 279.81 ms nagJIN202.int-gw.kddi.ne.jp (210.132.125.253)
647119 279.80 ms 125.29.29.94
647220 249.58 ms r-210-173-150-82.commufa.jp (210.173.150.82)
647321 ...
647422 230.34 ms 218-216-186-22.dc.ctc.ad.jp (218.216.186.22)
647523 276.94 ms 218-216-186-206.dc.ctc.ad.jp (218.216.186.206)
647624 357.95 ms 218-216-177-250.dc.ctc.ad.jp (218.216.177.250)
647725 277.44 ms 218-216-177-250.dc.ctc.ad.jp (218.216.177.250)
647826 227.11 ms 223-29-54-96.tobila.com (223.29.54.96)
6479
6480NSE: Script Post-scanning.
6481Initiating NSE at 09:48
6482Completed NSE at 09:48, 0.00s elapsed
6483Initiating NSE at 09:48
6484Completed NSE at 09:48, 0.00s elapsed
6485######################################################################################################################################
6486Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:48 EST
6487NSE: Loaded 50 scripts for scanning.
6488NSE: Script Pre-scanning.
6489Initiating NSE at 09:48
6490Completed NSE at 09:48, 0.00s elapsed
6491Initiating NSE at 09:48
6492Completed NSE at 09:48, 0.00s elapsed
6493Initiating Ping Scan at 09:48
6494Scanning 223.29.54.96 [4 ports]
6495Completed Ping Scan at 09:48, 0.25s elapsed (1 total hosts)
6496Initiating Parallel DNS resolution of 1 host. at 09:48
6497Completed Parallel DNS resolution of 1 host. at 09:48, 0.02s elapsed
6498Initiating SYN Stealth Scan at 09:48
6499Scanning 223-29-54-96.tobila.com (223.29.54.96) [1 port]
6500Discovered open port 110/tcp on 223.29.54.96
6501Completed SYN Stealth Scan at 09:48, 0.29s elapsed (1 total ports)
6502Initiating Service scan at 09:48
6503Scanning 1 service on 223-29-54-96.tobila.com (223.29.54.96)
6504Completed Service scan at 09:48, 0.43s elapsed (1 service on 1 host)
6505Initiating OS detection (try #1) against 223-29-54-96.tobila.com (223.29.54.96)
6506Retrying OS detection (try #2) against 223-29-54-96.tobila.com (223.29.54.96)
6507Initiating Traceroute at 09:48
6508Completed Traceroute at 09:48, 0.68s elapsed
6509Initiating Parallel DNS resolution of 27 hosts. at 09:48
6510Completed Parallel DNS resolution of 27 hosts. at 09:48, 0.87s elapsed
6511NSE: Script scanning 223.29.54.96.
6512Initiating NSE at 09:48
6513NSE Timing: About 69.12% done; ETC: 09:50 (0:00:30 remaining)
6514Completed NSE at 09:50, 90.47s elapsed
6515Initiating NSE at 09:50
6516Completed NSE at 09:50, 0.05s elapsed
6517Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
6518Host is up (0.24s latency).
6519
6520PORT STATE SERVICE VERSION
6521110/tcp open pop3 Dovecot pop3d
6522|_pop3-capabilities: UIDL PIPELINING USER SASL(PLAIN) TOP AUTH-RESP-CODE CAPA STLS RESP-CODES
6523| vulscan: VulDB - https://vuldb.com:
6524| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
6525| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
6526| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
6527| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
6528| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
6529| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
6530| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
6531| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
6532| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
6533| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
6534| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
6535| [69835] Dovecot 2.2.0/2.2.1 denial of service
6536| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
6537| [65684] Dovecot up to 2.2.6 unknown vulnerability
6538| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
6539| [63692] Dovecot up to 2.0.15 spoofing
6540| [7062] Dovecot 2.1.10 mail-search.c denial of service
6541| [57517] Dovecot up to 2.0.12 Login directory traversal
6542| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
6543| [57515] Dovecot up to 2.0.12 Crash denial of service
6544| [54944] Dovecot up to 1.2.14 denial of service
6545| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
6546| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
6547| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
6548| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
6549| [53277] Dovecot up to 1.2.10 denial of service
6550| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
6551| [45256] Dovecot up to 1.1.5 directory traversal
6552| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
6553| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6554| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6555| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
6556| [40356] Dovecot 1.0.9 Cache unknown vulnerability
6557| [38222] Dovecot 1.0.2 directory traversal
6558| [36376] Dovecot up to 1.0.x directory traversal
6559| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
6560|
6561| MITRE CVE - https://cve.mitre.org:
6562| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
6563| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
6564| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
6565| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
6566| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
6567| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
6568| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
6569| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6570| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6571| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
6572| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
6573| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
6574| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
6575| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
6576| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
6577| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
6578| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
6579| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
6580| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
6581| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
6582| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
6583| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
6584| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
6585| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
6586| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
6587| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
6588| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
6589| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
6590| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
6591| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
6592| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
6593| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
6594| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
6595| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
6596| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
6597| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
6598| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
6599|
6600| SecurityFocus - https://www.securityfocus.com/bid/:
6601| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
6602| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
6603| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
6604| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
6605| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
6606| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
6607| [67306] Dovecot Denial of Service Vulnerability
6608| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
6609| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
6610| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
6611| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
6612| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
6613| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
6614| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
6615| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
6616| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
6617| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
6618| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
6619| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
6620| [39838] tpop3d Remote Denial of Service Vulnerability
6621| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
6622| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
6623| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
6624| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
6625| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
6626| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
6627| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
6628| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
6629| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
6630| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
6631| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
6632| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
6633| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
6634| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
6635| [17961] Dovecot Remote Information Disclosure Vulnerability
6636| [16672] Dovecot Double Free Denial of Service Vulnerability
6637| [8495] akpop3d User Name SQL Injection Vulnerability
6638| [8473] Vpop3d Remote Denial Of Service Vulnerability
6639| [3990] ZPop3D Bad Login Logging Failure Vulnerability
6640| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
6641|
6642| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6643| [86382] Dovecot POP3 Service denial of service
6644| [84396] Dovecot IMAP APPEND denial of service
6645| [80453] Dovecot mail-search.c denial of service
6646| [71354] Dovecot SSL Common Name (CN) weak security
6647| [67675] Dovecot script-login security bypass
6648| [67674] Dovecot script-login directory traversal
6649| [67589] Dovecot header name denial of service
6650| [63267] Apple Mac OS X Dovecot information disclosure
6651| [62340] Dovecot mailbox security bypass
6652| [62339] Dovecot IMAP or POP3 denial of service
6653| [62256] Dovecot mailbox security bypass
6654| [62255] Dovecot ACL entry security bypass
6655| [60639] Dovecot ACL plugin weak security
6656| [57267] Apple Mac OS X Dovecot Kerberos security bypass
6657| [56763] Dovecot header denial of service
6658| [54363] Dovecot base_dir privilege escalation
6659| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
6660| [46323] Dovecot dovecot.conf information disclosure
6661| [46227] Dovecot message parsing denial of service
6662| [45669] Dovecot ACL mailbox security bypass
6663| [45667] Dovecot ACL plugin rights security bypass
6664| [41085] Dovecot TAB characters authentication bypass
6665| [41009] Dovecot mail_extra_groups option unauthorized access
6666| [39342] Dovecot LDAP auth cache configuration security bypass
6667| [35767] Dovecot ACL plugin security bypass
6668| [34082] Dovecot mbox-storage.c directory traversal
6669| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
6670| [26578] Cyrus IMAP pop3d buffer overflow
6671| [26536] Dovecot IMAP LIST information disclosure
6672| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
6673| [24709] Dovecot APPEND command denial of service
6674| [13018] akpop3d authentication code SQL injection
6675| [7345] Slackware Linux imapd and ipop3d core dump
6676| [6269] imap, ipop2d and ipop3d buffer overflows
6677| [5923] Linuxconf vpop3d symbolic link
6678| [4918] IPOP3D, Buffer overflow attack
6679| [1560] IPOP3D, user login successful
6680| [1559] IPOP3D user login to remote host successful
6681| [1525] IPOP3D, user logout
6682| [1524] IPOP3D, user auto-logout
6683| [1523] IPOP3D, user login failure
6684| [1522] IPOP3D, brute force attack
6685| [1521] IPOP3D, user kiss of death logout
6686| [418] pop3d mktemp creates insecure temporary files
6687|
6688| Exploit-DB - https://www.exploit-db.com:
6689| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
6690| [23053] Vpop3d Remote Denial of Service Vulnerability
6691| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
6692| [11893] tPop3d 1.5.3 DoS
6693| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
6694| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
6695| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
6696| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
6697|
6698| OpenVAS (Nessus) - http://www.openvas.org:
6699| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
6700| [901025] Dovecot Version Detection
6701| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
6702| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
6703| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
6704| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
6705| [870607] RedHat Update for dovecot RHSA-2011:0600-01
6706| [870471] RedHat Update for dovecot RHSA-2011:1187-01
6707| [870153] RedHat Update for dovecot RHSA-2008:0297-02
6708| [863272] Fedora Update for dovecot FEDORA-2011-7612
6709| [863115] Fedora Update for dovecot FEDORA-2011-7258
6710| [861525] Fedora Update for dovecot FEDORA-2007-664
6711| [861394] Fedora Update for dovecot FEDORA-2007-493
6712| [861333] Fedora Update for dovecot FEDORA-2007-1485
6713| [860845] Fedora Update for dovecot FEDORA-2008-9202
6714| [860663] Fedora Update for dovecot FEDORA-2008-2475
6715| [860169] Fedora Update for dovecot FEDORA-2008-2464
6716| [860089] Fedora Update for dovecot FEDORA-2008-9232
6717| [840950] Ubuntu Update for dovecot USN-1295-1
6718| [840668] Ubuntu Update for dovecot USN-1143-1
6719| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
6720| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
6721| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
6722| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
6723| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
6724| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
6725| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
6726| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
6727| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
6728| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
6729| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
6730| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
6731| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
6732| [70259] FreeBSD Ports: dovecot
6733| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
6734| [66522] FreeBSD Ports: dovecot
6735| [65010] Ubuntu USN-838-1 (dovecot)
6736| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
6737| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
6738| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
6739| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
6740| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
6741| [62854] FreeBSD Ports: dovecot-managesieve
6742| [61916] FreeBSD Ports: dovecot
6743| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
6744| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
6745| [60528] FreeBSD Ports: dovecot
6746| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
6747| [60089] FreeBSD Ports: dovecot
6748| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
6749| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
6750|
6751| SecurityTracker - https://www.securitytracker.com:
6752| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
6753| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
6754| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
6755|
6756| OSVDB - http://www.osvdb.org:
6757| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
6758| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
6759| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
6760| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
6761| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
6762| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
6763| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
6764| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
6765| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
6766| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
6767| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
6768| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
6769| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
6770| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
6771| [66113] Dovecot Mail Root Directory Creation Permission Weakness
6772| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
6773| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
6774| [66110] Dovecot Multiple Unspecified Buffer Overflows
6775| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
6776| [64783] Dovecot E-mail Message Header Unspecified DoS
6777| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
6778| [62796] Dovecot mbox Format Email Header Handling DoS
6779| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
6780| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
6781| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
6782| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
6783| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
6784| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
6785| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
6786| [43137] Dovecot mail_extra_groups Symlink File Manipulation
6787| [42979] Dovecot passdbs Argument Injection Authentication Bypass
6788| [39876] Dovecot LDAP Auth Cache Security Bypass
6789| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
6790| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
6791| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
6792| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
6793| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
6794| [23281] Dovecot imap/pop3-login dovecot-auth DoS
6795| [23280] Dovecot Malformed APPEND Command DoS
6796| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
6797| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
6798| [5857] Linux pop3d Arbitrary Mail File Access
6799| [2471] akpop3d username SQL Injection
6800|_
6801Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6802Device type: general purpose
6803Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
6804OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
6805Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
6806No exact OS matches for host (test conditions non-ideal).
6807Uptime guess: 20.617 days (since Sun Dec 29 19:02:26 2019)
6808Network Distance: 27 hops
6809TCP Sequence Prediction: Difficulty=259 (Good luck!)
6810IP ID Sequence Generation: All zeros
6811
6812TRACEROUTE (using port 110/tcp)
6813HOP RTT ADDRESS
68141 60.07 ms 10.249.204.1
68152 94.09 ms 104.245.145.177
68163 94.12 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
68174 94.12 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
68185 94.12 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
68196 94.14 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
68207 94.15 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
68218 94.17 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
68229 129.97 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
682310 94.31 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
682411 101.61 ms be3109.ccr21.sfo01.atlas.cogentco.com (154.54.44.137)
682512 95.13 ms be3669.ccr41.sjc03.atlas.cogentco.com (154.54.43.10)
682613 155.11 ms 38.88.224.178
682714 155.11 ms 111.87.3.113
682815 234.30 ms 106.187.13.21
682916 295.45 ms 27.90.132.66
683017 295.44 ms 27.85.226.110
683118 295.45 ms nagJIN202.int-gw.kddi.ne.jp (210.132.125.253)
683219 295.45 ms 111.87.15.18
683320 265.22 ms r-210-173-150-82.commufa.jp (210.173.150.82)
683421 254.55 ms 218-216-186-38.dc.ctc.ad.jp (218.216.186.38)
683522 254.54 ms 218-216-186-41.dc.ctc.ad.jp (218.216.186.41)
683623 300.99 ms 218-216-186-22.dc.ctc.ad.jp (218.216.186.22)
683724 301.00 ms 218-216-186-206.dc.ctc.ad.jp (218.216.186.206)
683825 249.49 ms 218-216-177-250.dc.ctc.ad.jp (218.216.177.250)
683926 265.12 ms 223.29.54.1
684027 265.11 ms 223-29-54-96.tobila.com (223.29.54.96)
6841
6842NSE: Script Post-scanning.
6843Initiating NSE at 09:50
6844Completed NSE at 09:50, 0.00s elapsed
6845Initiating NSE at 09:50
6846Completed NSE at 09:50, 0.00s elapsed
6847######################################################################################################################################
6848Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:50 EST
6849NSE: Loaded 162 scripts for scanning.
6850NSE: Script Pre-scanning.
6851Initiating NSE at 09:50
6852Completed NSE at 09:50, 0.00s elapsed
6853Initiating NSE at 09:50
6854Completed NSE at 09:50, 0.00s elapsed
6855Initiating Parallel DNS resolution of 1 host. at 09:50
6856Completed Parallel DNS resolution of 1 host. at 09:50, 0.02s elapsed
6857Initiating SYN Stealth Scan at 09:50
6858Scanning 223-29-54-96.tobila.com (223.29.54.96) [1 port]
6859Discovered open port 443/tcp on 223.29.54.96
6860Completed SYN Stealth Scan at 09:50, 0.25s elapsed (1 total ports)
6861Initiating Service scan at 09:50
6862Scanning 1 service on 223-29-54-96.tobila.com (223.29.54.96)
6863Completed Service scan at 09:50, 13.75s elapsed (1 service on 1 host)
6864Initiating OS detection (try #1) against 223-29-54-96.tobila.com (223.29.54.96)
6865Retrying OS detection (try #2) against 223-29-54-96.tobila.com (223.29.54.96)
6866WARNING: OS didn't match until try #2
6867Initiating Traceroute at 09:50
6868Completed Traceroute at 09:50, 3.22s elapsed
6869Initiating Parallel DNS resolution of 25 hosts. at 09:50
6870Completed Parallel DNS resolution of 25 hosts. at 09:50, 1.28s elapsed
6871NSE: Script scanning 223.29.54.96.
6872Initiating NSE at 09:50
6873Completed NSE at 09:52, 90.37s elapsed
6874Initiating NSE at 09:52
6875Completed NSE at 09:52, 2.80s elapsed
6876Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
6877Host is up (0.24s latency).
6878
6879PORT STATE SERVICE VERSION
6880443/tcp open ssl/http Apache httpd
6881| http-brute:
6882|_ Path "/" does not require authentication
6883| http-cakephp-version: Version of codebase: 1.3.x
6884| Version of icons: 1.2.x
6885|_Default stylesheet has an unknown hash: fb48182a635f5b8f97fa119e100f31ee
6886|_http-chrono: Request times for /; avg: 230.55ms; min: 201.02ms; max: 345.48ms
6887|_http-csrf: Couldn't find any CSRF vulnerabilities.
6888|_http-date: Sun, 19 Jan 2020 14:51:05 GMT; -6s from local time.
6889|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
6890|_http-dombased-xss: Couldn't find any DOM based XSS.
6891|_http-errors: ERROR: Script execution failed (use -d to debug)
6892|_http-feed: Couldn't find any feeds.
6893|_http-fetch: Please enter the complete path of the directory to save data in.
6894| http-headers:
6895| Date: Sun, 19 Jan 2020 14:51:20 GMT
6896| Server: Apache
6897| Content-Length: 1354
6898| Strict-Transport-Security: max-age=315360000; includeSubDomains
6899| Connection: close
6900| Content-Type: text/html; charset=UTF-8
6901|
6902|_ (Request type: GET)
6903|_http-jsonp-detection: Couldn't find any JSONP endpoints.
6904| http-methods:
6905|_ Supported Methods: POST
6906|_http-mobileversion-checker: No mobile version detected.
6907| http-security-headers:
6908| Strict_Transport_Security:
6909|_ Header: Strict-Transport-Security: max-age=315360000; includeSubDomains
6910|_http-server-header: Apache
6911| http-sitemap-generator:
6912| Directory structure:
6913| Longest directory structure:
6914| Depth: 0
6915| Dir: /
6916| Total files found (by extension):
6917|_
6918|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
6919|_http-title: 400 Bad Request
6920|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
6921| http-vhosts:
6922| 125 names had status 404
6923| www.tobila.com : 302 -> http://tobila.com/
6924|_mobile.tobila.com : 400
6925| http-waf-detect: IDS/IPS/WAF detected:
6926|_223-29-54-96.tobila.com:443/?p4yl04d3=<script>alert(document.cookie)</script>
6927|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
6928|_http-xssed: No previously reported XSS vuln.
6929| vulscan: VulDB - https://vuldb.com:
6930| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
6931| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
6932| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
6933| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
6934| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
6935| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
6936| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
6937| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
6938| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
6939| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
6940| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
6941| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
6942| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
6943| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
6944| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
6945| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
6946| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
6947| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
6948| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
6949| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
6950| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
6951| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
6952| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
6953| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
6954| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
6955| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
6956| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
6957| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
6958| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
6959| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
6960| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
6961| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
6962| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6963| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
6964| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
6965| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
6966| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
6967| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
6968| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
6969| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
6970| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6971| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
6972| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
6973| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
6974| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
6975| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6976| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
6977| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
6978| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
6979| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6980| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
6981| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
6982| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
6983| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
6984| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
6985| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
6986| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
6987| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
6988| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
6989| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
6990| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
6991| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6992| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
6993| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
6994| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
6995| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
6996| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
6997| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
6998| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
6999| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7000| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7001| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7002| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7003| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7004| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7005| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7006| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7007| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7008| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7009| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7010| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7011| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7012| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7013| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7014| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7015| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7016| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7017| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7018| [136370] Apache Fineract up to 1.2.x sql injection
7019| [136369] Apache Fineract up to 1.2.x sql injection
7020| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7021| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7022| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7023| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7024| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7025| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7026| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7027| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7028| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7029| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7030| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7031| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7032| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7033| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7034| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7035| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7036| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7037| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7038| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7039| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7040| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7041| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7042| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7043| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7044| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7045| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7046| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7047| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7048| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7049| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7050| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7051| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7052| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7053| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7054| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7055| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7056| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7057| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7058| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7059| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7060| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7061| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7062| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7063| [130629] Apache Guacamole Cookie Flag weak encryption
7064| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7065| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7066| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7067| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7068| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7069| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7070| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7071| [130123] Apache Airflow up to 1.8.2 information disclosure
7072| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7073| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7074| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7075| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7076| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7077| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7078| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7079| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7080| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7081| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7082| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7083| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7084| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7085| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7086| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7087| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7088| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7089| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7090| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7091| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7092| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7093| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7094| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7095| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7096| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7097| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7098| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7099| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7100| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7101| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7102| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7103| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7104| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7105| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7106| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7107| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7108| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7109| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7110| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7111| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7112| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7113| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7114| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7115| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7116| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7117| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7118| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7119| [127007] Apache Spark Request Code Execution
7120| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7121| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7122| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7123| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7124| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7125| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7126| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7127| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7128| [126346] Apache Tomcat Path privilege escalation
7129| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7130| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7131| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7132| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7133| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7134| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7135| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7136| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7137| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7138| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7139| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7140| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7141| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7142| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7143| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7144| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7145| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7146| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7147| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7148| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7149| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7150| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7151| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7152| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7153| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7154| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7155| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7156| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7157| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7158| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7159| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7160| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7161| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7162| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7163| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7164| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7165| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7166| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7167| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7168| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7169| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7170| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7171| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7172| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7173| [123197] Apache Sentry up to 2.0.0 privilege escalation
7174| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7175| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7176| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7177| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7178| [122800] Apache Spark 1.3.0 REST API weak authentication
7179| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7180| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7181| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7182| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7183| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7184| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7185| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7186| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7187| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7188| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7189| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7190| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7191| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7192| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7193| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7194| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7195| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7196| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7197| [121354] Apache CouchDB HTTP API Code Execution
7198| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7199| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7200| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7201| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7202| [120168] Apache CXF weak authentication
7203| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7204| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7205| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7206| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7207| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7208| [119306] Apache MXNet Network Interface privilege escalation
7209| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7210| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7211| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7212| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7213| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7214| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7215| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7216| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7217| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7218| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7219| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7220| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7221| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7222| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7223| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7224| [117115] Apache Tika up to 1.17 tika-server command injection
7225| [116929] Apache Fineract getReportType Parameter privilege escalation
7226| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7227| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7228| [116926] Apache Fineract REST Parameter privilege escalation
7229| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7230| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7231| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7232| [115883] Apache Hive up to 2.3.2 privilege escalation
7233| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7234| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7235| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7236| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7237| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7238| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7239| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7240| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7241| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7242| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7243| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7244| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7245| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7246| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7247| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7248| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7249| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7250| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7251| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7252| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7253| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7254| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7255| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7256| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7257| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7258| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7259| [113895] Apache Geode up to 1.3.x Code Execution
7260| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7261| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7262| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7263| [113747] Apache Tomcat Servlets privilege escalation
7264| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7265| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7266| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7267| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7268| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7269| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7270| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7271| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7272| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7273| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7274| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7275| [112885] Apache Allura up to 1.8.0 File information disclosure
7276| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7277| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7278| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7279| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7280| [112625] Apache POI up to 3.16 Loop denial of service
7281| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7282| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7283| [112339] Apache NiFi 1.5.0 Header privilege escalation
7284| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7285| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7286| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7287| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7288| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7289| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7290| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7291| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7292| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7293| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7294| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7295| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7296| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7297| [112114] Oracle 9.1 Apache Log4j privilege escalation
7298| [112113] Oracle 9.1 Apache Log4j privilege escalation
7299| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7300| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7301| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7302| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7303| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7304| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7305| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7306| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7307| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7308| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7309| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7310| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7311| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7312| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7313| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7314| [110701] Apache Fineract Query Parameter sql injection
7315| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7316| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7317| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7318| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7319| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7320| [110106] Apache CXF Fediz Spring cross site request forgery
7321| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7322| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7323| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7324| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7325| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7326| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7327| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7328| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7329| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7330| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7331| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7332| [108938] Apple macOS up to 10.13.1 apache denial of service
7333| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7334| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7335| [108935] Apple macOS up to 10.13.1 apache denial of service
7336| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7337| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7338| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7339| [108931] Apple macOS up to 10.13.1 apache denial of service
7340| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7341| [108929] Apple macOS up to 10.13.1 apache denial of service
7342| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7343| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7344| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7345| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7346| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7347| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7348| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7349| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7350| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7351| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7352| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7353| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7354| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7355| [108782] Apache Xerces2 XML Service denial of service
7356| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7357| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7358| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7359| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7360| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7361| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7362| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7363| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7364| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7365| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7366| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7367| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7368| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7369| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7370| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7371| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7372| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7373| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7374| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7375| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7376| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7377| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7378| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7379| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7380| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7381| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7382| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7383| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7384| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7385| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7386| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7387| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7388| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7389| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7390| [107639] Apache NiFi 1.4.0 XML External Entity
7391| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7392| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7393| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7394| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7395| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7396| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7397| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7398| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7399| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7400| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7401| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7402| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7403| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7404| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7405| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7406| [107084] Apache Struts up to 2.3.19 cross site scripting
7407| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7408| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7409| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7410| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7411| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7412| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7413| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7414| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7415| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7416| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7417| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7418| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7419| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7420| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7421| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7422| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7423| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7424| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7425| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7426| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7427| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7428| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7429| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7430| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7431| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7432| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7433| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7434| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7435| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7436| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7437| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7438| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7439| [105643] Apache Pony Mail up to 0.8b weak authentication
7440| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7441| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7442| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7443| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7444| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7445| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7446| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7447| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7448| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7449| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7450| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7451| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7452| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7453| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7454| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7455| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7456| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7457| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7458| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7459| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7460| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7461| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7462| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7463| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7464| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7465| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7466| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7467| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7468| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7469| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7470| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7471| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7472| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7473| [103690] Apache OpenMeetings 1.0.0 sql injection
7474| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7475| [103688] Apache OpenMeetings 1.0.0 weak encryption
7476| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7477| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7478| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7479| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7480| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7481| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7482| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7483| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7484| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7485| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7486| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7487| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7488| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7489| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7490| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7491| [103352] Apache Solr Node weak authentication
7492| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7493| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7494| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7495| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7496| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7497| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7498| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7499| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7500| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7501| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7502| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7503| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7504| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7505| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7506| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7507| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7508| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7509| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7510| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7511| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7512| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7513| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7514| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7515| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7516| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7517| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7518| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7519| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7520| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7521| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7522| [99937] Apache Batik up to 1.8 privilege escalation
7523| [99936] Apache FOP up to 2.1 privilege escalation
7524| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7525| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7526| [99930] Apache Traffic Server up to 6.2.0 denial of service
7527| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7528| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7529| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7530| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7531| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7532| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7533| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7534| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7535| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7536| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7537| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7538| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7539| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7540| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7541| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7542| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7543| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7544| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7545| [98605] Apple macOS up to 10.12.3 Apache denial of service
7546| [98604] Apple macOS up to 10.12.3 Apache denial of service
7547| [98603] Apple macOS up to 10.12.3 Apache denial of service
7548| [98602] Apple macOS up to 10.12.3 Apache denial of service
7549| [98601] Apple macOS up to 10.12.3 Apache denial of service
7550| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7551| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7552| [98199] Apache Camel Validation XML External Entity
7553| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7554| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7555| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7556| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7557| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7558| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7559| [97081] Apache Tomcat HTTPS Request denial of service
7560| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7561| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7562| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7563| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7564| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7565| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7566| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7567| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7568| [95311] Apache Storm UI Daemon privilege escalation
7569| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7570| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7571| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7572| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7573| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7574| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7575| [94540] Apache Tika 1.9 tika-server File information disclosure
7576| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7577| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7578| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7579| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7580| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7581| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7582| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7583| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7584| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7585| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7586| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7587| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7588| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7589| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7590| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7591| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7592| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7593| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7594| [93532] Apache Commons Collections Library Java privilege escalation
7595| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7596| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7597| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7598| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7599| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7600| [93098] Apache Commons FileUpload privilege escalation
7601| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7602| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7603| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7604| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7605| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7606| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7607| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7608| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7609| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7610| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7611| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7612| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7613| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7614| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7615| [92549] Apache Tomcat on Red Hat privilege escalation
7616| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7617| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7618| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7619| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7620| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7621| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7622| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7623| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7624| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7625| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7626| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7627| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7628| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7629| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7630| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7631| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7632| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7633| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7634| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7635| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7636| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7637| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7638| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7639| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7640| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7641| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7642| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7643| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7644| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7645| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7646| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7647| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7648| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7649| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7650| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7651| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7652| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7653| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7654| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7655| [90263] Apache Archiva Header denial of service
7656| [90262] Apache Archiva Deserialize privilege escalation
7657| [90261] Apache Archiva XML DTD Connection privilege escalation
7658| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7659| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7660| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7661| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7662| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7663| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7664| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7665| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7666| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7667| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7668| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7669| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7670| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7671| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7672| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7673| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7674| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7675| [87765] Apache James Server 2.3.2 Command privilege escalation
7676| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7677| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7678| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7679| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7680| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7681| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7682| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7683| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7684| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7685| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7686| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7687| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7688| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7689| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7690| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7691| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7692| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7693| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7694| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7695| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7696| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7697| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7698| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7699| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7700| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7701| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7702| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7703| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7704| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7705| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7706| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7707| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7708| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7709| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7710| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7711| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7712| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7713| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7714| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7715| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7716| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7717| [82076] Apache Ranger up to 0.5.1 privilege escalation
7718| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7719| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7720| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7721| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7722| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7723| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7724| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7725| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7726| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7727| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7728| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7729| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7730| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7731| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7732| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7733| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7734| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7735| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7736| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7737| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7738| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7739| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7740| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7741| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7742| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7743| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7744| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7745| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7746| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7747| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7748| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7749| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7750| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7751| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7752| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7753| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7754| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7755| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
7756| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
7757| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
7758| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
7759| [79791] Cisco Products Apache Commons Collections Library privilege escalation
7760| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7761| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
7762| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
7763| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
7764| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
7765| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
7766| [78989] Apache Ambari up to 2.1.1 Open Redirect
7767| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
7768| [78987] Apache Ambari up to 2.0.x cross site scripting
7769| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
7770| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7771| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
7772| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7773| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7774| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7775| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7776| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
7777| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
7778| [77406] Apache Flex BlazeDS AMF Message XML External Entity
7779| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
7780| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
7781| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
7782| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
7783| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
7784| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
7785| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
7786| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
7787| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
7788| [76567] Apache Struts 2.3.20 unknown vulnerability
7789| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
7790| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
7791| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
7792| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
7793| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
7794| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
7795| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
7796| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
7797| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
7798| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
7799| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
7800| [74793] Apache Tomcat File Upload denial of service
7801| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
7802| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
7803| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
7804| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
7805| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
7806| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
7807| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
7808| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
7809| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
7810| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
7811| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
7812| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
7813| [74468] Apache Batik up to 1.6 denial of service
7814| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
7815| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
7816| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
7817| [74174] Apache WSS4J up to 2.0.0 privilege escalation
7818| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
7819| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
7820| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
7821| [73731] Apache XML Security unknown vulnerability
7822| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
7823| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
7824| [73593] Apache Traffic Server up to 5.1.0 denial of service
7825| [73511] Apache POI up to 3.10 Deadlock denial of service
7826| [73510] Apache Solr up to 4.3.0 cross site scripting
7827| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
7828| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
7829| [73173] Apache CloudStack Stack-Based unknown vulnerability
7830| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
7831| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
7832| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
7833| [72890] Apache Qpid 0.30 unknown vulnerability
7834| [72887] Apache Hive 0.13.0 File Permission privilege escalation
7835| [72878] Apache Cordova 3.5.0 cross site request forgery
7836| [72877] Apache Cordova 3.5.0 cross site request forgery
7837| [72876] Apache Cordova 3.5.0 cross site request forgery
7838| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
7839| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
7840| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
7841| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
7842| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7843| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
7844| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
7845| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
7846| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
7847| [71629] Apache Axis2/C spoofing
7848| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
7849| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
7850| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
7851| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
7852| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
7853| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
7854| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
7855| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
7856| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
7857| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
7858| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
7859| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
7860| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
7861| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
7862| [70809] Apache POI up to 3.11 Crash denial of service
7863| [70808] Apache POI up to 3.10 unknown vulnerability
7864| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
7865| [70749] Apache Axis up to 1.4 getCN spoofing
7866| [70701] Apache Traffic Server up to 3.3.5 denial of service
7867| [70700] Apache OFBiz up to 12.04.03 cross site scripting
7868| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
7869| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
7870| [70661] Apache Subversion up to 1.6.17 denial of service
7871| [70660] Apache Subversion up to 1.6.17 spoofing
7872| [70659] Apache Subversion up to 1.6.17 spoofing
7873| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
7874| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
7875| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
7876| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
7877| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
7878| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
7879| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
7880| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
7881| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
7882| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
7883| [69846] Apache HBase up to 0.94.8 information disclosure
7884| [69783] Apache CouchDB up to 1.2.0 memory corruption
7885| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
7886| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
7887| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
7888| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
7889| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
7890| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
7891| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
7892| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
7893| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
7894| [69431] Apache Archiva up to 1.3.6 cross site scripting
7895| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
7896| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
7897| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
7898| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
7899| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
7900| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
7901| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
7902| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
7903| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
7904| [66739] Apache Camel up to 2.12.2 unknown vulnerability
7905| [66738] Apache Camel up to 2.12.2 unknown vulnerability
7906| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
7907| [66695] Apache CouchDB up to 1.2.0 cross site scripting
7908| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
7909| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
7910| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
7911| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
7912| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
7913| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
7914| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
7915| [66356] Apache Wicket up to 6.8.0 information disclosure
7916| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
7917| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
7918| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
7919| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
7920| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
7921| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7922| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
7923| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
7924| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
7925| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
7926| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
7927| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
7928| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
7929| [65668] Apache Solr 4.0.0 Updater denial of service
7930| [65665] Apache Solr up to 4.3.0 denial of service
7931| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
7932| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
7933| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
7934| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
7935| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
7936| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
7937| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
7938| [65410] Apache Struts 2.3.15.3 cross site scripting
7939| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
7940| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
7941| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
7942| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
7943| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
7944| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
7945| [65340] Apache Shindig 2.5.0 information disclosure
7946| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
7947| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
7948| [10826] Apache Struts 2 File privilege escalation
7949| [65204] Apache Camel up to 2.10.1 unknown vulnerability
7950| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
7951| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
7952| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
7953| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
7954| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
7955| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
7956| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
7957| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
7958| [64722] Apache XML Security for C++ Heap-based memory corruption
7959| [64719] Apache XML Security for C++ Heap-based memory corruption
7960| [64718] Apache XML Security for C++ verify denial of service
7961| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
7962| [64716] Apache XML Security for C++ spoofing
7963| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
7964| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
7965| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
7966| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
7967| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
7968| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
7969| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
7970| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
7971| [64485] Apache Struts up to 2.2.3.0 privilege escalation
7972| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
7973| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
7974| [64467] Apache Geronimo 3.0 memory corruption
7975| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
7976| [64457] Apache Struts up to 2.2.3.0 cross site scripting
7977| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
7978| [9184] Apache Qpid up to 0.20 SSL misconfiguration
7979| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
7980| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
7981| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
7982| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
7983| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
7984| [8873] Apache Struts 2.3.14 privilege escalation
7985| [8872] Apache Struts 2.3.14 privilege escalation
7986| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
7987| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
7988| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
7989| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
7990| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
7991| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7992| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
7993| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
7994| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
7995| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
7996| [64006] Apache ActiveMQ up to 5.7.0 denial of service
7997| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
7998| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
7999| [8427] Apache Tomcat Session Transaction weak authentication
8000| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8001| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8002| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8003| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8004| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8005| [63747] Apache Rave up to 0.20 User Account information disclosure
8006| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8007| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8008| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8009| [7687] Apache CXF up to 2.7.2 Token weak authentication
8010| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8011| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8012| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8013| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8014| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8015| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8016| [63090] Apache Tomcat up to 4.1.24 denial of service
8017| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8018| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8019| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8020| [62833] Apache CXF -/2.6.0 spoofing
8021| [62832] Apache Axis2 up to 1.6.2 spoofing
8022| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8023| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8024| [62826] Apache Libcloud up to 0.11.0 spoofing
8025| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8026| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8027| [62661] Apache Axis2 unknown vulnerability
8028| [62658] Apache Axis2 unknown vulnerability
8029| [62467] Apache Qpid up to 0.17 denial of service
8030| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8031| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8032| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8033| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8034| [62035] Apache Struts up to 2.3.4 denial of service
8035| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8036| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8037| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8038| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8039| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8040| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8041| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8042| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8043| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8044| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8045| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8046| [61229] Apache Sling up to 2.1.1 denial of service
8047| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8048| [61094] Apache Roller up to 5.0 cross site scripting
8049| [61093] Apache Roller up to 5.0 cross site request forgery
8050| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8051| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8052| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8053| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8054| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8055| [60708] Apache Qpid 0.12 unknown vulnerability
8056| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8057| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8058| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8059| [4882] Apache Wicket up to 1.5.4 directory traversal
8060| [4881] Apache Wicket up to 1.4.19 cross site scripting
8061| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8062| [60352] Apache Struts up to 2.2.3 memory corruption
8063| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8064| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8065| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8066| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8067| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8068| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8069| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8070| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8071| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8072| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8073| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8074| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8075| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8076| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8077| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8078| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8079| [59888] Apache Tomcat up to 6.0.6 denial of service
8080| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8081| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8082| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8083| [59850] Apache Geronimo up to 2.2.1 denial of service
8084| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8085| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8086| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8087| [58413] Apache Tomcat up to 6.0.10 spoofing
8088| [58381] Apache Wicket up to 1.4.17 cross site scripting
8089| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8090| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8091| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8092| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8093| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8094| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8095| [57568] Apache Archiva up to 1.3.4 cross site scripting
8096| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8097| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8098| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8099| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8100| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8101| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8102| [57025] Apache Tomcat up to 7.0.11 information disclosure
8103| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8104| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8105| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8106| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8107| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8108| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8109| [56512] Apache Continuum up to 1.4.0 cross site scripting
8110| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8111| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8112| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8113| [56441] Apache Tomcat up to 7.0.6 denial of service
8114| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8115| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8116| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8117| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8118| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8119| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8120| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8121| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8122| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8123| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8124| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8125| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8126| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8127| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8128| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8129| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8130| [54012] Apache Tomcat up to 6.0.10 denial of service
8131| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8132| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8133| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8134| [52894] Apache Tomcat up to 6.0.7 information disclosure
8135| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8136| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8137| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8138| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8139| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8140| [52584] Apache CouchDB up to 0.10.1 information disclosure
8141| [51757] Apache HTTP Server 2.0.44 cross site scripting
8142| [51756] Apache HTTP Server 2.0.44 spoofing
8143| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8144| [51690] Apache Tomcat up to 6.0 directory traversal
8145| [51689] Apache Tomcat up to 6.0 information disclosure
8146| [51688] Apache Tomcat up to 6.0 directory traversal
8147| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8148| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8149| [50626] Apache Solr 1.0.0 cross site scripting
8150| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8151| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8152| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8153| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8154| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8155| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8156| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8157| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8158| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8159| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8160| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8161| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8162| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8163| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8164| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8165| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8166| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8167| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8168| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8169| [47214] Apachefriends xampp 1.6.8 spoofing
8170| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8171| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8172| [47065] Apache Tomcat 4.1.23 cross site scripting
8173| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8174| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8175| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8176| [86625] Apache Struts directory traversal
8177| [44461] Apache Tomcat up to 5.5.0 information disclosure
8178| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8179| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8180| [43663] Apache Tomcat up to 6.0.16 directory traversal
8181| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8182| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8183| [43516] Apache Tomcat up to 4.1.20 directory traversal
8184| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8185| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8186| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8187| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8188| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8189| [40924] Apache Tomcat up to 6.0.15 information disclosure
8190| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8191| [40922] Apache Tomcat up to 6.0 information disclosure
8192| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8193| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8194| [40656] Apache Tomcat 5.5.20 information disclosure
8195| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8196| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8197| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8198| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8199| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8200| [40234] Apache Tomcat up to 6.0.15 directory traversal
8201| [40221] Apache HTTP Server 2.2.6 information disclosure
8202| [40027] David Castro Apache Authcas 0.4 sql injection
8203| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8204| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8205| [3414] Apache Tomcat WebDAV Stored privilege escalation
8206| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8207| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8208| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8209| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8210| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8211| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8212| [38524] Apache Geronimo 2.0 unknown vulnerability
8213| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8214| [38331] Apache Tomcat 4.1.24 information disclosure
8215| [38330] Apache Tomcat 4.1.24 information disclosure
8216| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8217| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8218| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8219| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8220| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8221| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8222| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8223| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8224| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8225| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8226| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8227| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8228| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8229| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8230| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8231| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8232| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8233| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8234| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8235| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8236| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8237| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8238| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8239| [34252] Apache HTTP Server denial of service
8240| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8241| [33877] Apache Opentaps 0.9.3 cross site scripting
8242| [33876] Apache Open For Business Project unknown vulnerability
8243| [33875] Apache Open For Business Project cross site scripting
8244| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8245| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8246|
8247| MITRE CVE - https://cve.mitre.org:
8248| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8249| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8250| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8251| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8252| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8253| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8254| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8255| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8256| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8257| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8258| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8259| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8260| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8261| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8262| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8263| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8264| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8265| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8266| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8267| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8268| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8269| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8270| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8271| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8272| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8273| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8274| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8275| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8276| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8277| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8278| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8279| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8280| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8281| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8282| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8283| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8284| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8285| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8286| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8287| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8288| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8289| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8290| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8291| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8292| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8293| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8294| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8295| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8296| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8297| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8298| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8299| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8300| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8301| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8302| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8303| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8304| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8305| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8306| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8307| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8308| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8309| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8310| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8311| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8312| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8313| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8314| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8315| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8316| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8317| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8318| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8319| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8320| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8321| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8322| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8323| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8324| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8325| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8326| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8327| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8328| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8329| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8330| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8331| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8332| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8333| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8334| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8335| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8336| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8337| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8338| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8339| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8340| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8341| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8342| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8343| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8344| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8345| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8346| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8347| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8348| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8349| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8350| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8351| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8352| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8353| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8354| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8355| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8356| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8357| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8358| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8359| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8360| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8361| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8362| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8363| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8364| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8365| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8366| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8367| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8368| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8369| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8370| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8371| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8372| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8373| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8374| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8375| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8376| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8377| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8378| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8379| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8380| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8381| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8382| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8383| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8384| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8385| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8386| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8387| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8388| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8389| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8390| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8391| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8392| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8393| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8394| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8395| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8396| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8397| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8398| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8399| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8400| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8401| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8402| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8403| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8404| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8405| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8406| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8407| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8408| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8409| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8410| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8411| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8412| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8413| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8414| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8415| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8416| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8417| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8418| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8419| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8420| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8421| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8422| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8423| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8424| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8425| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8426| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8427| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8428| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8429| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8430| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8431| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8432| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8433| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8434| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8435| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8436| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8437| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8438| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8439| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8440| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8441| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8442| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8443| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8444| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8445| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8446| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8447| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8448| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8449| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8450| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8451| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8452| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8453| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8454| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8455| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8456| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8457| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8458| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8459| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8460| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8461| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8462| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8463| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8464| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8465| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8466| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8467| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8468| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8469| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8470| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8471| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8472| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8473| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8474| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8475| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8476| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8477| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8478| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8479| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8480| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8481| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8482| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8483| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8484| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8485| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8486| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8487| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8488| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8489| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8490| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8491| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8492| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8493| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8494| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8495| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8496| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8497| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8498| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8499| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8500| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8501| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8502| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8503| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8504| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8505| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8506| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8507| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8508| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8509| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8510| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8511| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8512| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8513| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8514| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8515| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8516| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8517| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8518| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8519| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8520| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8521| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8522| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8523| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8524| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8525| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8526| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8527| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8528| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8529| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8530| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8531| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8532| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8533| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8534| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8535| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8536| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8537| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8538| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8539| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8540| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8541| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8542| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8543| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8544| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8545| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8546| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8547| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8548| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8549| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8550| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8551| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8552| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8553| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8554| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8555| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8556| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8557| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8558| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8559| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8560| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8561| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8562| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8563| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8564| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8565| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8566| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8567| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8568| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8569| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8570| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8571| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8572| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8573| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8574| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8575| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8576| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8577| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8578| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8579| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8580| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8581| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8582| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8583| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8584| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8585| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8586| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8587| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8588| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8589| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8590| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8591| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8592| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8593| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8594| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8595| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8596| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8597| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8598| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8599| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8600| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8601| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8602| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8603| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8604| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8605| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8606| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8607| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8608| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8609| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8610| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8611| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8612| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8613| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8614| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8615| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8616| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8617| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8618| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8619| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8620| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8621| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8622| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8623| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8624| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8625| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8626| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8627| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8628| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8629| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8630| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8631| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8632| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8633| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8634| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8635| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8636| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8637| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8638| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8639| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8640| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8641| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8642| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8643| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8644| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8645| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8646| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8647| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8648| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8649| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8650| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8651| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8652| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8653| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8654| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8655| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8656| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8657| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8658| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8659| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8660| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8661| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8662| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8663| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8664| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8665| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8666| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8667| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8668| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8669| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8670| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8671| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8672| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8673| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8674| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8675| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8676| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8677| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8678| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8679| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8680| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8681| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8682| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8683| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8684| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8685| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8686| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8687| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8688| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8689| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8690| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8691| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8692| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8693| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8694| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8695| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8696| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8697| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8698| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8699| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8700| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8701| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8702| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8703| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8704| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8705| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8706| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8707| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8708| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8709| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8710| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8711| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8712| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8713| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8714| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8715| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8716| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8717| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8718| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8719| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8720| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8721| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8722| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8723| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8724| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8725| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8726| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8727| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8728| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8729| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8730| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8731| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8732| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8733| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8734| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8735| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8736| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8737| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8738| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8739| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8740| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8741| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8742| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8743| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8744| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8745| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8746| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8747| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8748| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8749| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8750| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8751| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8752| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8753| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8754| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8755| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
8756| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
8757| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
8758| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
8759| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
8760| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
8761| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
8762| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
8763| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
8764| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
8765| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
8766| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
8767| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
8768| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
8769| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
8770| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
8771| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
8772| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
8773| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
8774| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
8775| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
8776| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
8777| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
8778| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
8779| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
8780| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
8781| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
8782| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8783| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
8784| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
8785| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
8786| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
8787| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
8788| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
8789| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
8790| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
8791| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
8792| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
8793| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
8794| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
8795| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
8796| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
8797| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
8798| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
8799| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
8800| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
8801| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
8802| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
8803| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
8804| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
8805| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
8806| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
8807| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
8808| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
8809| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
8810| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
8811| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
8812| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
8813| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
8814| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8815| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
8816| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
8817| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
8818| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
8819| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
8820| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
8821| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
8822| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
8823| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
8824| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
8825| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
8826| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
8827| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
8828| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
8829| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
8830| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
8831| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
8832| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
8833| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
8834| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
8835| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
8836| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
8837| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
8838| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
8839| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
8840| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
8841| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
8842| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
8843| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
8844| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
8845| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
8846| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
8847| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
8848| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
8849| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
8850| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
8851| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
8852| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
8853| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
8854| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
8855| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
8856| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
8857|
8858| SecurityFocus - https://www.securityfocus.com/bid/:
8859| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
8860| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
8861| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
8862| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
8863| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
8864| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
8865| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
8866| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
8867| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
8868| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
8869| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
8870| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
8871| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
8872| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
8873| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
8874| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
8875| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
8876| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
8877| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
8878| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
8879| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
8880| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
8881| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
8882| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
8883| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
8884| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
8885| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
8886| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
8887| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
8888| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
8889| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
8890| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
8891| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
8892| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
8893| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
8894| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
8895| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
8896| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
8897| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
8898| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
8899| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
8900| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
8901| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
8902| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
8903| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
8904| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
8905| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
8906| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
8907| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
8908| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
8909| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
8910| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
8911| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
8912| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
8913| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
8914| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
8915| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
8916| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
8917| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
8918| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
8919| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
8920| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
8921| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
8922| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
8923| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
8924| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
8925| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
8926| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
8927| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
8928| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
8929| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
8930| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
8931| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
8932| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
8933| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
8934| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
8935| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
8936| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
8937| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
8938| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
8939| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
8940| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
8941| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
8942| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
8943| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
8944| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
8945| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
8946| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
8947| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
8948| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
8949| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
8950| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
8951| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
8952| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
8953| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
8954| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
8955| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
8956| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
8957| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
8958| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
8959| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
8960| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
8961| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
8962| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
8963| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
8964| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
8965| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
8966| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
8967| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
8968| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
8969| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
8970| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
8971| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
8972| [100447] Apache2Triad Multiple Security Vulnerabilities
8973| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
8974| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
8975| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
8976| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
8977| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
8978| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
8979| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
8980| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
8981| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
8982| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
8983| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
8984| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
8985| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
8986| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
8987| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
8988| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
8989| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
8990| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
8991| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
8992| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
8993| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
8994| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
8995| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
8996| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
8997| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
8998| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
8999| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9000| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9001| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9002| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9003| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9004| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9005| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9006| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9007| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9008| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9009| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9010| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9011| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9012| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9013| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9014| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9015| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9016| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9017| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9018| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9019| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9020| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9021| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9022| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9023| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9024| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9025| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9026| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9027| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9028| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9029| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9030| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9031| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9032| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9033| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9034| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9035| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9036| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9037| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9038| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9039| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9040| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9041| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9042| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9043| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9044| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9045| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9046| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9047| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9048| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9049| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9050| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9051| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9052| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9053| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9054| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9055| [95675] Apache Struts Remote Code Execution Vulnerability
9056| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9057| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9058| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9059| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9060| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9061| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9062| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9063| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9064| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9065| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9066| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9067| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9068| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9069| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9070| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9071| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9072| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9073| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9074| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9075| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9076| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9077| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9078| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9079| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9080| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9081| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9082| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9083| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9084| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9085| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9086| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9087| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9088| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9089| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9090| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9091| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9092| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9093| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9094| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9095| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9096| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9097| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9098| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9099| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9100| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9101| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9102| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9103| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9104| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9105| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9106| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9107| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9108| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9109| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9110| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9111| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9112| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9113| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9114| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9115| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9116| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9117| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9118| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9119| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9120| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9121| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9122| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9123| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9124| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9125| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9126| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9127| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9128| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9129| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9130| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9131| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9132| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9133| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9134| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9135| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9136| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9137| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9138| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9139| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9140| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9141| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9142| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9143| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9144| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9145| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9146| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9147| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9148| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9149| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9150| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9151| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9152| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9153| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9154| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9155| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9156| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9157| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9158| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9159| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9160| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9161| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9162| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9163| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9164| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9165| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9166| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9167| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9168| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9169| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9170| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9171| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9172| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9173| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9174| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9175| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9176| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9177| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9178| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9179| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9180| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9181| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9182| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9183| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9184| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9185| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9186| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9187| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9188| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9189| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9190| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9191| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9192| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9193| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9194| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9195| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9196| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9197| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9198| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9199| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9200| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9201| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9202| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9203| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9204| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9205| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9206| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9207| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9208| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9209| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9210| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9211| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9212| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9213| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9214| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9215| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9216| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9217| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9218| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9219| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9220| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9221| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9222| [76933] Apache James Server Unspecified Command Execution Vulnerability
9223| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9224| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9225| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9226| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9227| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9228| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9229| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9230| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9231| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9232| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9233| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9234| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9235| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9236| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9237| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9238| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9239| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9240| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9241| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9242| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9243| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9244| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9245| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9246| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9247| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9248| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9249| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9250| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9251| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9252| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9253| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9254| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9255| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9256| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9257| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9258| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9259| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9260| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9261| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9262| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9263| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9264| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9265| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9266| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9267| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9268| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9269| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9270| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9271| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9272| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9273| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9274| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9275| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9276| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9277| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9278| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9279| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9280| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9281| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9282| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9283| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9284| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9285| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9286| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9287| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9288| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9289| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9290| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9291| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9292| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9293| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9294| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9295| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9296| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9297| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9298| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9299| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9300| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9301| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9302| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9303| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9304| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9305| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9306| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9307| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9308| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9309| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9310| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9311| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9312| [68229] Apache Harmony PRNG Entropy Weakness
9313| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9314| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9315| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9316| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9317| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9318| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9319| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9320| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9321| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9322| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9323| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9324| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9325| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9326| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9327| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9328| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9329| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9330| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9331| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9332| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9333| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9334| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9335| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9336| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9337| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9338| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9339| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9340| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9341| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9342| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9343| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9344| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9345| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9346| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9347| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9348| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9349| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9350| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9351| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9352| [64780] Apache CloudStack Unauthorized Access Vulnerability
9353| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9354| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9355| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9356| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9357| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9358| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9359| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9360| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9361| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9362| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9363| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9364| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9365| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9366| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9367| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9368| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9369| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9370| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9371| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9372| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9373| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9374| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9375| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9376| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9377| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9378| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9379| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9380| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9381| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9382| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9383| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9384| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9385| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9386| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9387| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9388| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9389| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9390| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9391| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9392| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9393| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9394| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9395| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9396| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9397| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9398| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9399| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9400| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9401| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9402| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9403| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9404| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9405| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9406| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9407| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9408| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9409| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9410| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9411| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9412| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9413| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9414| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9415| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9416| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9417| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9418| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9419| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9420| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9421| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9422| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9423| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9424| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9425| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9426| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9427| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9428| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9429| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9430| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9431| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9432| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9433| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9434| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9435| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9436| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9437| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9438| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9439| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9440| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9441| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9442| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9443| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9444| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9445| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9446| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9447| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9448| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9449| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9450| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9451| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9452| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9453| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9454| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9455| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9456| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9457| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9458| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9459| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9460| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9461| [54798] Apache Libcloud Man In The Middle Vulnerability
9462| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9463| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9464| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9465| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9466| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9467| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9468| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9469| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9470| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9471| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9472| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9473| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9474| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9475| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9476| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9477| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9478| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9479| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9480| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9481| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9482| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9483| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9484| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9485| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9486| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9487| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9488| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9489| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9490| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9491| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9492| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9493| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9494| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9495| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9496| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9497| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9498| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9499| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9500| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9501| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9502| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9503| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9504| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9505| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9506| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9507| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9508| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9509| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9510| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9511| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9512| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9513| [49290] Apache Wicket Cross Site Scripting Vulnerability
9514| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9515| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9516| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9517| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9518| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9519| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9520| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9521| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9522| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9523| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9524| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9525| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9526| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9527| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9528| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9529| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9530| [46953] Apache MPM-ITK Module Security Weakness
9531| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9532| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9533| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9534| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9535| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9536| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9537| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9538| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9539| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9540| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9541| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9542| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9543| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9544| [44616] Apache Shiro Directory Traversal Vulnerability
9545| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9546| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9547| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9548| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9549| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9550| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9551| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9552| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9553| [42492] Apache CXF XML DTD Processing Security Vulnerability
9554| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9555| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9556| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9557| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9558| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9559| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9560| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9561| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9562| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9563| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9564| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9565| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9566| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9567| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9568| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9569| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9570| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9571| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9572| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9573| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9574| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9575| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9576| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9577| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9578| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9579| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9580| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9581| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9582| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9583| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9584| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9585| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9586| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9587| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9588| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9589| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9590| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9591| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9592| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9593| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9594| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9595| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9596| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9597| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9598| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9599| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9600| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9601| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9602| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9603| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9604| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9605| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9606| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9607| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9608| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9609| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9610| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9611| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9612| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9613| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9614| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9615| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9616| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9617| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9618| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9619| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9620| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9621| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9622| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9623| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9624| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9625| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9626| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9627| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9628| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9629| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9630| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9631| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9632| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9633| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9634| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9635| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9636| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9637| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9638| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9639| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9640| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9641| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9642| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9643| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9644| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9645| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9646| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9647| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9648| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9649| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9650| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9651| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9652| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9653| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9654| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9655| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9656| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9657| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9658| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9659| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9660| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9661| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9662| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9663| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9664| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9665| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9666| [20527] Apache Mod_TCL Remote Format String Vulnerability
9667| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9668| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9669| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9670| [19106] Apache Tomcat Information Disclosure Vulnerability
9671| [18138] Apache James SMTP Denial Of Service Vulnerability
9672| [17342] Apache Struts Multiple Remote Vulnerabilities
9673| [17095] Apache Log4Net Denial Of Service Vulnerability
9674| [16916] Apache mod_python FileSession Code Execution Vulnerability
9675| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9676| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9677| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9678| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9679| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9680| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9681| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9682| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9683| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9684| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9685| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9686| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9687| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9688| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9689| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9690| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9691| [14106] Apache HTTP Request Smuggling Vulnerability
9692| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9693| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9694| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9695| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9696| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9697| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9698| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9699| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9700| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9701| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9702| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9703| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9704| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9705| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9706| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9707| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9708| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9709| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9710| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9711| [11094] Apache mod_ssl Denial Of Service Vulnerability
9712| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9713| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9714| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9715| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9716| [10478] ClueCentral Apache Suexec Patch Security Weakness
9717| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9718| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9719| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9720| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9721| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9722| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9723| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9724| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9725| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9726| [9733] Apache Cygwin Directory Traversal Vulnerability
9727| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9728| [9590] Apache-SSL Client Certificate Forging Vulnerability
9729| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9730| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9731| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9732| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9733| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9734| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9735| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9736| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9737| [8898] Red Hat Apache Directory Index Default Configuration Error
9738| [8883] Apache Cocoon Directory Traversal Vulnerability
9739| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9740| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9741| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9742| [8707] Apache htpasswd Password Entropy Weakness
9743| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9744| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9745| [8226] Apache HTTP Server Multiple Vulnerabilities
9746| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9747| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9748| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9749| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9750| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9751| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9752| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9753| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9754| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9755| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
9756| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
9757| [7255] Apache Web Server File Descriptor Leakage Vulnerability
9758| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
9759| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
9760| [6939] Apache Web Server ETag Header Information Disclosure Weakness
9761| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
9762| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
9763| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
9764| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
9765| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
9766| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
9767| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
9768| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
9769| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
9770| [6117] Apache mod_php File Descriptor Leakage Vulnerability
9771| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
9772| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
9773| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
9774| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
9775| [5992] Apache HTDigest Insecure Temporary File Vulnerability
9776| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
9777| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
9778| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
9779| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
9780| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
9781| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
9782| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
9783| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
9784| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
9785| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
9786| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
9787| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
9788| [5485] Apache 2.0 Path Disclosure Vulnerability
9789| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
9790| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
9791| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
9792| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
9793| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
9794| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
9795| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
9796| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
9797| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
9798| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
9799| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
9800| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
9801| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
9802| [4437] Apache Error Message Cross-Site Scripting Vulnerability
9803| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
9804| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
9805| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
9806| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
9807| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
9808| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
9809| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
9810| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
9811| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
9812| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
9813| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
9814| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
9815| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
9816| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
9817| [3596] Apache Split-Logfile File Append Vulnerability
9818| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
9819| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
9820| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
9821| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
9822| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
9823| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
9824| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
9825| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
9826| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
9827| [3169] Apache Server Address Disclosure Vulnerability
9828| [3009] Apache Possible Directory Index Disclosure Vulnerability
9829| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
9830| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
9831| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
9832| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
9833| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
9834| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
9835| [2216] Apache Web Server DoS Vulnerability
9836| [2182] Apache /tmp File Race Vulnerability
9837| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
9838| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
9839| [1821] Apache mod_cookies Buffer Overflow Vulnerability
9840| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
9841| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
9842| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
9843| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
9844| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
9845| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
9846| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
9847| [1457] Apache::ASP source.asp Example Script Vulnerability
9848| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
9849| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
9850|
9851| IBM X-Force - https://exchange.xforce.ibmcloud.com:
9852| [86258] Apache CloudStack text fields cross-site scripting
9853| [85983] Apache Subversion mod_dav_svn module denial of service
9854| [85875] Apache OFBiz UEL code execution
9855| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
9856| [85871] Apache HTTP Server mod_session_dbd unspecified
9857| [85756] Apache Struts OGNL expression command execution
9858| [85755] Apache Struts DefaultActionMapper class open redirect
9859| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
9860| [85574] Apache HTTP Server mod_dav denial of service
9861| [85573] Apache Struts Showcase App OGNL code execution
9862| [85496] Apache CXF denial of service
9863| [85423] Apache Geronimo RMI classloader code execution
9864| [85326] Apache Santuario XML Security for C++ buffer overflow
9865| [85323] Apache Santuario XML Security for Java spoofing
9866| [85319] Apache Qpid Python client SSL spoofing
9867| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
9868| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
9869| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
9870| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
9871| [84952] Apache Tomcat CVE-2012-3544 denial of service
9872| [84763] Apache Struts CVE-2013-2135 security bypass
9873| [84762] Apache Struts CVE-2013-2134 security bypass
9874| [84719] Apache Subversion CVE-2013-2088 command execution
9875| [84718] Apache Subversion CVE-2013-2112 denial of service
9876| [84717] Apache Subversion CVE-2013-1968 denial of service
9877| [84577] Apache Tomcat security bypass
9878| [84576] Apache Tomcat symlink
9879| [84543] Apache Struts CVE-2013-2115 security bypass
9880| [84542] Apache Struts CVE-2013-1966 security bypass
9881| [84154] Apache Tomcat session hijacking
9882| [84144] Apache Tomcat denial of service
9883| [84143] Apache Tomcat information disclosure
9884| [84111] Apache HTTP Server command execution
9885| [84043] Apache Virtual Computing Lab cross-site scripting
9886| [84042] Apache Virtual Computing Lab cross-site scripting
9887| [83782] Apache CloudStack information disclosure
9888| [83781] Apache CloudStack security bypass
9889| [83720] Apache ActiveMQ cross-site scripting
9890| [83719] Apache ActiveMQ denial of service
9891| [83718] Apache ActiveMQ denial of service
9892| [83263] Apache Subversion denial of service
9893| [83262] Apache Subversion denial of service
9894| [83261] Apache Subversion denial of service
9895| [83259] Apache Subversion denial of service
9896| [83035] Apache mod_ruid2 security bypass
9897| [82852] Apache Qpid federation_tag security bypass
9898| [82851] Apache Qpid qpid::framing::Buffer denial of service
9899| [82758] Apache Rave User RPC API information disclosure
9900| [82663] Apache Subversion svn_fs_file_length() denial of service
9901| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
9902| [82641] Apache Qpid AMQP denial of service
9903| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
9904| [82618] Apache Commons FileUpload symlink
9905| [82360] Apache HTTP Server manager interface cross-site scripting
9906| [82359] Apache HTTP Server hostnames cross-site scripting
9907| [82338] Apache Tomcat log/logdir information disclosure
9908| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
9909| [82268] Apache OpenJPA deserialization command execution
9910| [81981] Apache CXF UsernameTokens security bypass
9911| [81980] Apache CXF WS-Security security bypass
9912| [81398] Apache OFBiz cross-site scripting
9913| [81240] Apache CouchDB directory traversal
9914| [81226] Apache CouchDB JSONP code execution
9915| [81225] Apache CouchDB Futon user interface cross-site scripting
9916| [81211] Apache Axis2/C SSL spoofing
9917| [81167] Apache CloudStack DeployVM information disclosure
9918| [81166] Apache CloudStack AddHost API information disclosure
9919| [81165] Apache CloudStack createSSHKeyPair API information disclosure
9920| [80518] Apache Tomcat cross-site request forgery security bypass
9921| [80517] Apache Tomcat FormAuthenticator security bypass
9922| [80516] Apache Tomcat NIO denial of service
9923| [80408] Apache Tomcat replay-countermeasure security bypass
9924| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
9925| [80317] Apache Tomcat slowloris denial of service
9926| [79984] Apache Commons HttpClient SSL spoofing
9927| [79983] Apache CXF SSL spoofing
9928| [79830] Apache Axis2/Java SSL spoofing
9929| [79829] Apache Axis SSL spoofing
9930| [79809] Apache Tomcat DIGEST security bypass
9931| [79806] Apache Tomcat parseHeaders() denial of service
9932| [79540] Apache OFBiz unspecified
9933| [79487] Apache Axis2 SAML security bypass
9934| [79212] Apache Cloudstack code execution
9935| [78734] Apache CXF SOAP Action security bypass
9936| [78730] Apache Qpid broker denial of service
9937| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
9938| [78563] Apache mod_pagespeed module unspecified cross-site scripting
9939| [78562] Apache mod_pagespeed module security bypass
9940| [78454] Apache Axis2 security bypass
9941| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
9942| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
9943| [78321] Apache Wicket unspecified cross-site scripting
9944| [78183] Apache Struts parameters denial of service
9945| [78182] Apache Struts cross-site request forgery
9946| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
9947| [77987] mod_rpaf module for Apache denial of service
9948| [77958] Apache Struts skill name code execution
9949| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
9950| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
9951| [77568] Apache Qpid broker security bypass
9952| [77421] Apache Libcloud spoofing
9953| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
9954| [77046] Oracle Solaris Apache HTTP Server information disclosure
9955| [76837] Apache Hadoop information disclosure
9956| [76802] Apache Sling CopyFrom denial of service
9957| [76692] Apache Hadoop symlink
9958| [76535] Apache Roller console cross-site request forgery
9959| [76534] Apache Roller weblog cross-site scripting
9960| [76152] Apache CXF elements security bypass
9961| [76151] Apache CXF child policies security bypass
9962| [75983] MapServer for Windows Apache file include
9963| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
9964| [75558] Apache POI denial of service
9965| [75545] PHP apache_request_headers() buffer overflow
9966| [75302] Apache Qpid SASL security bypass
9967| [75211] Debian GNU/Linux apache 2 cross-site scripting
9968| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
9969| [74871] Apache OFBiz FlexibleStringExpander code execution
9970| [74870] Apache OFBiz multiple cross-site scripting
9971| [74750] Apache Hadoop unspecified spoofing
9972| [74319] Apache Struts XSLTResult.java file upload
9973| [74313] Apache Traffic Server header buffer overflow
9974| [74276] Apache Wicket directory traversal
9975| [74273] Apache Wicket unspecified cross-site scripting
9976| [74181] Apache HTTP Server mod_fcgid module denial of service
9977| [73690] Apache Struts OGNL code execution
9978| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
9979| [73100] Apache MyFaces in directory traversal
9980| [73096] Apache APR hash denial of service
9981| [73052] Apache Struts name cross-site scripting
9982| [73030] Apache CXF UsernameToken security bypass
9983| [72888] Apache Struts lastName cross-site scripting
9984| [72758] Apache HTTP Server httpOnly information disclosure
9985| [72757] Apache HTTP Server MPM denial of service
9986| [72585] Apache Struts ParameterInterceptor security bypass
9987| [72438] Apache Tomcat Digest security bypass
9988| [72437] Apache Tomcat Digest security bypass
9989| [72436] Apache Tomcat DIGEST security bypass
9990| [72425] Apache Tomcat parameter denial of service
9991| [72422] Apache Tomcat request object information disclosure
9992| [72377] Apache HTTP Server scoreboard security bypass
9993| [72345] Apache HTTP Server HTTP request denial of service
9994| [72229] Apache Struts ExceptionDelegator command execution
9995| [72089] Apache Struts ParameterInterceptor directory traversal
9996| [72088] Apache Struts CookieInterceptor command execution
9997| [72047] Apache Geronimo hash denial of service
9998| [72016] Apache Tomcat hash denial of service
9999| [71711] Apache Struts OGNL expression code execution
10000| [71654] Apache Struts interfaces security bypass
10001| [71620] Apache ActiveMQ failover denial of service
10002| [71617] Apache HTTP Server mod_proxy module information disclosure
10003| [71508] Apache MyFaces EL security bypass
10004| [71445] Apache HTTP Server mod_proxy security bypass
10005| [71203] Apache Tomcat servlets privilege escalation
10006| [71181] Apache HTTP Server ap_pregsub() denial of service
10007| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10008| [70336] Apache HTTP Server mod_proxy information disclosure
10009| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10010| [69472] Apache Tomcat AJP security bypass
10011| [69396] Apache HTTP Server ByteRange filter denial of service
10012| [69394] Apache Wicket multi window support cross-site scripting
10013| [69176] Apache Tomcat XML information disclosure
10014| [69161] Apache Tomcat jsvc information disclosure
10015| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10016| [68541] Apache Tomcat sendfile information disclosure
10017| [68420] Apache XML Security denial of service
10018| [68238] Apache Tomcat JMX information disclosure
10019| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10020| [67804] Apache Subversion control rules information disclosure
10021| [67803] Apache Subversion control rules denial of service
10022| [67802] Apache Subversion baselined denial of service
10023| [67672] Apache Archiva multiple cross-site scripting
10024| [67671] Apache Archiva multiple cross-site request forgery
10025| [67564] Apache APR apr_fnmatch() denial of service
10026| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10027| [67515] Apache Tomcat annotations security bypass
10028| [67480] Apache Struts s:submit information disclosure
10029| [67414] Apache APR apr_fnmatch() denial of service
10030| [67356] Apache Struts javatemplates cross-site scripting
10031| [67354] Apache Struts Xwork cross-site scripting
10032| [66676] Apache Tomcat HTTP BIO information disclosure
10033| [66675] Apache Tomcat web.xml security bypass
10034| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10035| [66241] Apache HttpComponents information disclosure
10036| [66154] Apache Tomcat ServletSecurity security bypass
10037| [65971] Apache Tomcat ServletSecurity security bypass
10038| [65876] Apache Subversion mod_dav_svn denial of service
10039| [65343] Apache Continuum unspecified cross-site scripting
10040| [65162] Apache Tomcat NIO connector denial of service
10041| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10042| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10043| [65159] Apache Tomcat ServletContect security bypass
10044| [65050] Apache CouchDB web-based administration UI cross-site scripting
10045| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10046| [64473] Apache Subversion blame -g denial of service
10047| [64472] Apache Subversion walk() denial of service
10048| [64407] Apache Axis2 CVE-2010-0219 code execution
10049| [63926] Apache Archiva password privilege escalation
10050| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10051| [63493] Apache Archiva credentials cross-site request forgery
10052| [63477] Apache Tomcat HttpOnly session hijacking
10053| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10054| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10055| [62959] Apache Shiro filters security bypass
10056| [62790] Apache Perl cgi module denial of service
10057| [62576] Apache Qpid exchange denial of service
10058| [62575] Apache Qpid AMQP denial of service
10059| [62354] Apache Qpid SSL denial of service
10060| [62235] Apache APR-util apr_brigade_split_line() denial of service
10061| [62181] Apache XML-RPC SAX Parser information disclosure
10062| [61721] Apache Traffic Server cache poisoning
10063| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10064| [61186] Apache CouchDB Futon cross-site request forgery
10065| [61169] Apache CXF DTD denial of service
10066| [61070] Apache Jackrabbit search.jsp SQL injection
10067| [61006] Apache SLMS Quoting cross-site request forgery
10068| [60962] Apache Tomcat time cross-site scripting
10069| [60883] Apache mod_proxy_http information disclosure
10070| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10071| [60264] Apache Tomcat Transfer-Encoding denial of service
10072| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10073| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10074| [59413] Apache mod_proxy_http timeout information disclosure
10075| [59058] Apache MyFaces unencrypted view state cross-site scripting
10076| [58827] Apache Axis2 xsd file include
10077| [58790] Apache Axis2 modules cross-site scripting
10078| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10079| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10080| [58056] Apache ActiveMQ .jsp source code disclosure
10081| [58055] Apache Tomcat realm name information disclosure
10082| [58046] Apache HTTP Server mod_auth_shadow security bypass
10083| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10084| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10085| [57429] Apache CouchDB algorithms information disclosure
10086| [57398] Apache ActiveMQ Web console cross-site request forgery
10087| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10088| [56653] Apache HTTP Server DNS spoofing
10089| [56652] Apache HTTP Server DNS cross-site scripting
10090| [56625] Apache HTTP Server request header information disclosure
10091| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10092| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10093| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10094| [55857] Apache Tomcat WAR files directory traversal
10095| [55856] Apache Tomcat autoDeploy attribute security bypass
10096| [55855] Apache Tomcat WAR directory traversal
10097| [55210] Intuit component for Joomla! Apache information disclosure
10098| [54533] Apache Tomcat 404 error page cross-site scripting
10099| [54182] Apache Tomcat admin default password
10100| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10101| [53666] Apache HTTP Server Solaris pollset support denial of service
10102| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10103| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10104| [53041] mod_proxy_ftp module for Apache denial of service
10105| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10106| [51953] Apache Tomcat Path Disclosure
10107| [51952] Apache Tomcat Path Traversal
10108| [51951] Apache stronghold-status Information Disclosure
10109| [51950] Apache stronghold-info Information Disclosure
10110| [51949] Apache PHP Source Code Disclosure
10111| [51948] Apache Multiviews Attack
10112| [51946] Apache JServ Environment Status Information Disclosure
10113| [51945] Apache error_log Information Disclosure
10114| [51944] Apache Default Installation Page Pattern Found
10115| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10116| [51942] Apache AXIS XML External Entity File Retrieval
10117| [51941] Apache AXIS Sample Servlet Information Leak
10118| [51940] Apache access_log Information Disclosure
10119| [51626] Apache mod_deflate denial of service
10120| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10121| [51365] Apache Tomcat RequestDispatcher security bypass
10122| [51273] Apache HTTP Server Incomplete Request denial of service
10123| [51195] Apache Tomcat XML information disclosure
10124| [50994] Apache APR-util xml/apr_xml.c denial of service
10125| [50993] Apache APR-util apr_brigade_vprintf denial of service
10126| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10127| [50930] Apache Tomcat j_security_check information disclosure
10128| [50928] Apache Tomcat AJP denial of service
10129| [50884] Apache HTTP Server XML ENTITY denial of service
10130| [50808] Apache HTTP Server AllowOverride privilege escalation
10131| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10132| [50059] Apache mod_proxy_ajp information disclosure
10133| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10134| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10135| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10136| [49921] Apache ActiveMQ Web interface cross-site scripting
10137| [49898] Apache Geronimo Services/Repository directory traversal
10138| [49725] Apache Tomcat mod_jk module information disclosure
10139| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10140| [49712] Apache Struts unspecified cross-site scripting
10141| [49213] Apache Tomcat cal2.jsp cross-site scripting
10142| [48934] Apache Tomcat POST doRead method information disclosure
10143| [48211] Apache Tomcat header HTTP request smuggling
10144| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10145| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10146| [47709] Apache Roller "
10147| [47104] Novell Netware ApacheAdmin console security bypass
10148| [47086] Apache HTTP Server OS fingerprinting unspecified
10149| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10150| [45791] Apache Tomcat RemoteFilterValve security bypass
10151| [44435] Oracle WebLogic Apache Connector buffer overflow
10152| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10153| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10154| [44156] Apache Tomcat RequestDispatcher directory traversal
10155| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10156| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10157| [42987] Apache HTTP Server mod_proxy module denial of service
10158| [42915] Apache Tomcat JSP files path disclosure
10159| [42914] Apache Tomcat MS-DOS path disclosure
10160| [42892] Apache Tomcat unspecified unauthorized access
10161| [42816] Apache Tomcat Host Manager cross-site scripting
10162| [42303] Apache 403 error cross-site scripting
10163| [41618] Apache-SSL ExpandCert() authentication bypass
10164| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10165| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10166| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10167| [40562] Apache Geronimo init information disclosure
10168| [40478] Novell Web Manager webadmin-apache.conf security bypass
10169| [40411] Apache Tomcat exception handling information disclosure
10170| [40409] Apache Tomcat native (APR based) connector weak security
10171| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10172| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10173| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10174| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10175| [39804] Apache Tomcat SingleSignOn information disclosure
10176| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10177| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10178| [39608] Apache HTTP Server balancer manager cross-site request forgery
10179| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10180| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10181| [39472] Apache HTTP Server mod_status cross-site scripting
10182| [39201] Apache Tomcat JULI logging weak security
10183| [39158] Apache HTTP Server Windows SMB shares information disclosure
10184| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10185| [38951] Apache::AuthCAS Perl module cookie SQL injection
10186| [38800] Apache HTTP Server 413 error page cross-site scripting
10187| [38211] Apache Geronimo SQLLoginModule authentication bypass
10188| [37243] Apache Tomcat WebDAV directory traversal
10189| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10190| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10191| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10192| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10193| [36782] Apache Geronimo MEJB unauthorized access
10194| [36586] Apache HTTP Server UTF-7 cross-site scripting
10195| [36468] Apache Geronimo LoginModule security bypass
10196| [36467] Apache Tomcat functions.jsp cross-site scripting
10197| [36402] Apache Tomcat calendar cross-site request forgery
10198| [36354] Apache HTTP Server mod_proxy module denial of service
10199| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10200| [36336] Apache Derby lock table privilege escalation
10201| [36335] Apache Derby schema privilege escalation
10202| [36006] Apache Tomcat "
10203| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10204| [35999] Apache Tomcat \"
10205| [35795] Apache Tomcat CookieExample cross-site scripting
10206| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10207| [35384] Apache HTTP Server mod_cache module denial of service
10208| [35097] Apache HTTP Server mod_status module cross-site scripting
10209| [35095] Apache HTTP Server Prefork MPM module denial of service
10210| [34984] Apache HTTP Server recall_headers information disclosure
10211| [34966] Apache HTTP Server MPM content spoofing
10212| [34965] Apache HTTP Server MPM information disclosure
10213| [34963] Apache HTTP Server MPM multiple denial of service
10214| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10215| [34869] Apache Tomcat JSP example Web application cross-site scripting
10216| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10217| [34496] Apache Tomcat JK Connector security bypass
10218| [34377] Apache Tomcat hello.jsp cross-site scripting
10219| [34212] Apache Tomcat SSL configuration security bypass
10220| [34210] Apache Tomcat Accept-Language cross-site scripting
10221| [34209] Apache Tomcat calendar application cross-site scripting
10222| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10223| [34167] Apache Axis WSDL file path disclosure
10224| [34068] Apache Tomcat AJP connector information disclosure
10225| [33584] Apache HTTP Server suEXEC privilege escalation
10226| [32988] Apache Tomcat proxy module directory traversal
10227| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10228| [32708] Debian Apache tty privilege escalation
10229| [32441] ApacheStats extract() PHP call unspecified
10230| [32128] Apache Tomcat default account
10231| [31680] Apache Tomcat RequestParamExample cross-site scripting
10232| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10233| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10234| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10235| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10236| [29550] Apache mod_tcl set_var() format string
10237| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10238| [28357] Apache HTTP Server mod_alias script source information disclosure
10239| [28063] Apache mod_rewrite off-by-one buffer overflow
10240| [27902] Apache Tomcat URL information disclosure
10241| [26786] Apache James SMTP server denial of service
10242| [25680] libapache2 /tmp/svn file upload
10243| [25614] Apache Struts lookupMap cross-site scripting
10244| [25613] Apache Struts ActionForm denial of service
10245| [25612] Apache Struts isCancelled() security bypass
10246| [24965] Apache mod_python FileSession command execution
10247| [24716] Apache James spooler memory leak denial of service
10248| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10249| [24158] Apache Geronimo jsp-examples cross-site scripting
10250| [24030] Apache auth_ldap module multiple format strings
10251| [24008] Apache mod_ssl custom error message denial of service
10252| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10253| [23612] Apache mod_imap referer field cross-site scripting
10254| [23173] Apache Struts error message cross-site scripting
10255| [22942] Apache Tomcat directory listing denial of service
10256| [22858] Apache Multi-Processing Module code allows denial of service
10257| [22602] RHSA-2005:582 updates for Apache httpd not installed
10258| [22520] Apache mod-auth-shadow "
10259| [22466] ApacheTop symlink
10260| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10261| [22006] Apache HTTP Server byte-range filter denial of service
10262| [21567] Apache mod_ssl off-by-one buffer overflow
10263| [21195] Apache HTTP Server header HTTP request smuggling
10264| [20383] Apache HTTP Server htdigest buffer overflow
10265| [19681] Apache Tomcat AJP12 request denial of service
10266| [18993] Apache HTTP server check_forensic symlink attack
10267| [18790] Apache Tomcat Manager cross-site scripting
10268| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10269| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10270| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10271| [17961] Apache Web server ServerTokens has not been set
10272| [17930] Apache HTTP Server HTTP GET request denial of service
10273| [17785] Apache mod_include module buffer overflow
10274| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10275| [17473] Apache HTTP Server Satisfy directive allows access to resources
10276| [17413] Apache htpasswd buffer overflow
10277| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10278| [17382] Apache HTTP Server IPv6 apr_util denial of service
10279| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10280| [17273] Apache HTTP Server speculative mode denial of service
10281| [17200] Apache HTTP Server mod_ssl denial of service
10282| [16890] Apache HTTP Server server-info request has been detected
10283| [16889] Apache HTTP Server server-status request has been detected
10284| [16705] Apache mod_ssl format string attack
10285| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10286| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10287| [16230] Apache HTTP Server PHP denial of service
10288| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10289| [15958] Apache HTTP Server authentication modules memory corruption
10290| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10291| [15540] Apache HTTP Server socket starvation denial of service
10292| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10293| [15422] Apache HTTP Server mod_access information disclosure
10294| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10295| [15293] Apache for Cygwin "
10296| [15065] Apache-SSL has a default password
10297| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10298| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10299| [14751] Apache Mod_python output filter information disclosure
10300| [14125] Apache HTTP Server mod_userdir module information disclosure
10301| [14075] Apache HTTP Server mod_php file descriptor leak
10302| [13703] Apache HTTP Server account
10303| [13689] Apache HTTP Server configuration allows symlinks
10304| [13688] Apache HTTP Server configuration allows SSI
10305| [13687] Apache HTTP Server Server: header value
10306| [13685] Apache HTTP Server ServerTokens value
10307| [13684] Apache HTTP Server ServerSignature value
10308| [13672] Apache HTTP Server config allows directory autoindexing
10309| [13671] Apache HTTP Server default content
10310| [13670] Apache HTTP Server config file directive references outside content root
10311| [13668] Apache HTTP Server httpd not running in chroot environment
10312| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10313| [13664] Apache HTTP Server config file contains ScriptAlias entry
10314| [13663] Apache HTTP Server CGI support modules loaded
10315| [13661] Apache HTTP Server config file contains AddHandler entry
10316| [13660] Apache HTTP Server 500 error page not CGI script
10317| [13659] Apache HTTP Server 413 error page not CGI script
10318| [13658] Apache HTTP Server 403 error page not CGI script
10319| [13657] Apache HTTP Server 401 error page not CGI script
10320| [13552] Apache HTTP Server mod_cgid module information disclosure
10321| [13550] Apache GET request directory traversal
10322| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10323| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10324| [13429] Apache Tomcat non-HTTP request denial of service
10325| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10326| [13295] Apache weak password encryption
10327| [13254] Apache Tomcat .jsp cross-site scripting
10328| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10329| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10330| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10331| [12662] Apache HTTP Server rotatelogs denial of service
10332| [12554] Apache Tomcat stores password in plain text
10333| [12553] Apache HTTP Server redirects and subrequests denial of service
10334| [12552] Apache HTTP Server FTP proxy server denial of service
10335| [12551] Apache HTTP Server prefork MPM denial of service
10336| [12550] Apache HTTP Server weaker than expected encryption
10337| [12549] Apache HTTP Server type-map file denial of service
10338| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10339| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10340| [12091] Apache HTTP Server apr_password_validate denial of service
10341| [12090] Apache HTTP Server apr_psprintf code execution
10342| [11804] Apache HTTP Server mod_access_referer denial of service
10343| [11750] Apache HTTP Server could leak sensitive file descriptors
10344| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10345| [11703] Apache long slash path allows directory listing
10346| [11695] Apache HTTP Server LF (Line Feed) denial of service
10347| [11694] Apache HTTP Server filestat.c denial of service
10348| [11438] Apache HTTP Server MIME message boundaries information disclosure
10349| [11412] Apache HTTP Server error log terminal escape sequence injection
10350| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10351| [11195] Apache Tomcat web.xml could be used to read files
10352| [11194] Apache Tomcat URL appended with a null character could list directories
10353| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10354| [11126] Apache HTTP Server illegal character file disclosure
10355| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10356| [11124] Apache HTTP Server DOS device name denial of service
10357| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10358| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10359| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10360| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10361| [10499] Apache HTTP Server WebDAV HTTP POST view source
10362| [10457] Apache HTTP Server mod_ssl "
10363| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10364| [10414] Apache HTTP Server htdigest multiple buffer overflows
10365| [10413] Apache HTTP Server htdigest temporary file race condition
10366| [10412] Apache HTTP Server htpasswd temporary file race condition
10367| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10368| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10369| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10370| [10280] Apache HTTP Server shared memory scorecard overwrite
10371| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10372| [10241] Apache HTTP Server Host: header cross-site scripting
10373| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10374| [10208] Apache HTTP Server mod_dav denial of service
10375| [10206] HP VVOS Apache mod_ssl denial of service
10376| [10200] Apache HTTP Server stderr denial of service
10377| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10378| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10379| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10380| [10098] Slapper worm targets OpenSSL/Apache systems
10381| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10382| [9875] Apache HTTP Server .var file request could disclose installation path
10383| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10384| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10385| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10386| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10387| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10388| [9396] Apache Tomcat null character to threads denial of service
10389| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10390| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10391| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10392| [8932] Apache Tomcat example class information disclosure
10393| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10394| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10395| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10396| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10397| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10398| [8400] Apache HTTP Server mod_frontpage buffer overflows
10399| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10400| [8308] Apache "
10401| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10402| [8119] Apache and PHP OPTIONS request reveals "
10403| [8054] Apache is running on the system
10404| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10405| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10406| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10407| [7836] Apache HTTP Server log directory denial of service
10408| [7815] Apache for Windows "
10409| [7810] Apache HTTP request could result in unexpected behavior
10410| [7599] Apache Tomcat reveals installation path
10411| [7494] Apache "
10412| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10413| [7363] Apache Web Server hidden HTTP requests
10414| [7249] Apache mod_proxy denial of service
10415| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10416| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10417| [7059] Apache "
10418| [7057] Apache "
10419| [7056] Apache "
10420| [7055] Apache "
10421| [7054] Apache "
10422| [6997] Apache Jakarta Tomcat error message may reveal information
10423| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10424| [6970] Apache crafted HTTP request could reveal the internal IP address
10425| [6921] Apache long slash path allows directory listing
10426| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10427| [6527] Apache Web Server for Windows and OS2 denial of service
10428| [6316] Apache Jakarta Tomcat may reveal JSP source code
10429| [6305] Apache Jakarta Tomcat directory traversal
10430| [5926] Linux Apache symbolic link
10431| [5659] Apache Web server discloses files when used with php script
10432| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10433| [5204] Apache WebDAV directory listings
10434| [5197] Apache Web server reveals CGI script source code
10435| [5160] Apache Jakarta Tomcat default installation
10436| [5099] Trustix Secure Linux installs Apache with world writable access
10437| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10438| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10439| [4931] Apache source.asp example file allows users to write to files
10440| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10441| [4205] Apache Jakarta Tomcat delivers file contents
10442| [2084] Apache on Debian by default serves the /usr/doc directory
10443| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10444| [697] Apache HTTP server beck exploit
10445| [331] Apache cookies buffer overflow
10446|
10447| Exploit-DB - https://www.exploit-db.com:
10448| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10449| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10450| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10451| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10452| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10453| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10454| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10455| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10456| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10457| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10458| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10459| [29859] Apache Roller OGNL Injection
10460| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10461| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10462| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10463| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10464| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10465| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10466| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10467| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10468| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10469| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10470| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10471| [27096] Apache Geronimo 1.0 Error Page XSS
10472| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10473| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10474| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10475| [25986] Plesk Apache Zeroday Remote Exploit
10476| [25980] Apache Struts includeParams Remote Code Execution
10477| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10478| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10479| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10480| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10481| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10482| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10483| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10484| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10485| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10486| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10487| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10488| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10489| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10490| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10491| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10492| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10493| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10494| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10495| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10496| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10497| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10498| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10499| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10500| [21719] Apache 2.0 Path Disclosure Vulnerability
10501| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10502| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10503| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10504| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10505| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10506| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10507| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10508| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10509| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10510| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10511| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10512| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10513| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10514| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10515| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10516| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10517| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10518| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10519| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10520| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10521| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10522| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10523| [20558] Apache 1.2 Web Server DoS Vulnerability
10524| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10525| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10526| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10527| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10528| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10529| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10530| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10531| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10532| [19231] PHP apache_request_headers Function Buffer Overflow
10533| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10534| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10535| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10536| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10537| [18442] Apache httpOnly Cookie Disclosure
10538| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10539| [18221] Apache HTTP Server Denial of Service
10540| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10541| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10542| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10543| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10544| [16782] Apache Win32 Chunked Encoding
10545| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10546| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10547| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10548| [15319] Apache 2.2 (Windows) Local Denial of Service
10549| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10550| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10551| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10552| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10553| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10554| [12330] Apache OFBiz - Multiple XSS
10555| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10556| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10557| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10558| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10559| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10560| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10561| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10562| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10563| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10564| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10565| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10566| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10567| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10568| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10569| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10570| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10571| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10572| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10573| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10574| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10575| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10576| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10577| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10578| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10579| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10580| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10581| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10582| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10583| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10584| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10585| [466] htpasswd Apache 1.3.31 - Local Exploit
10586| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10587| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10588| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10589| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10590| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10591| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10592| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10593| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10594| [9] Apache HTTP Server 2.x Memory Leak Exploit
10595|
10596| OpenVAS (Nessus) - http://www.openvas.org:
10597| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10598| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10599| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10600| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10601| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10602| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10603| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10604| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10605| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10606| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10607| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10608| [900571] Apache APR-Utils Version Detection
10609| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10610| [900496] Apache Tiles Multiple XSS Vulnerability
10611| [900493] Apache Tiles Version Detection
10612| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10613| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10614| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10615| [870175] RedHat Update for apache RHSA-2008:0004-01
10616| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10617| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10618| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10619| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10620| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10621| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10622| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10623| [855821] Solaris Update for Apache 1.3 122912-19
10624| [855812] Solaris Update for Apache 1.3 122911-19
10625| [855737] Solaris Update for Apache 1.3 122911-17
10626| [855731] Solaris Update for Apache 1.3 122912-17
10627| [855695] Solaris Update for Apache 1.3 122911-16
10628| [855645] Solaris Update for Apache 1.3 122912-16
10629| [855587] Solaris Update for kernel update and Apache 108529-29
10630| [855566] Solaris Update for Apache 116973-07
10631| [855531] Solaris Update for Apache 116974-07
10632| [855524] Solaris Update for Apache 2 120544-14
10633| [855494] Solaris Update for Apache 1.3 122911-15
10634| [855478] Solaris Update for Apache Security 114145-11
10635| [855472] Solaris Update for Apache Security 113146-12
10636| [855179] Solaris Update for Apache 1.3 122912-15
10637| [855147] Solaris Update for kernel update and Apache 108528-29
10638| [855077] Solaris Update for Apache 2 120543-14
10639| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10640| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10641| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10642| [841209] Ubuntu Update for apache2 USN-1627-1
10643| [840900] Ubuntu Update for apache2 USN-1368-1
10644| [840798] Ubuntu Update for apache2 USN-1259-1
10645| [840734] Ubuntu Update for apache2 USN-1199-1
10646| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10647| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10648| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10649| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10650| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10651| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10652| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10653| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10654| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10655| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10656| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10657| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10658| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10659| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10660| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10661| [835188] HP-UX Update for Apache HPSBUX02308
10662| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10663| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10664| [835172] HP-UX Update for Apache HPSBUX02365
10665| [835168] HP-UX Update for Apache HPSBUX02313
10666| [835148] HP-UX Update for Apache HPSBUX01064
10667| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10668| [835131] HP-UX Update for Apache HPSBUX00256
10669| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10670| [835104] HP-UX Update for Apache HPSBUX00224
10671| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10672| [835101] HP-UX Update for Apache HPSBUX01232
10673| [835080] HP-UX Update for Apache HPSBUX02273
10674| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10675| [835044] HP-UX Update for Apache HPSBUX01019
10676| [835040] HP-UX Update for Apache PHP HPSBUX00207
10677| [835025] HP-UX Update for Apache HPSBUX00197
10678| [835023] HP-UX Update for Apache HPSBUX01022
10679| [835022] HP-UX Update for Apache HPSBUX02292
10680| [835005] HP-UX Update for Apache HPSBUX02262
10681| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10682| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10683| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10684| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10685| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10686| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10687| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10688| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10689| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10690| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10691| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10692| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10693| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10694| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10695| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10696| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10697| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10698| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10699| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10700| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10701| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10702| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10703| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10704| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10705| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10706| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10707| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10708| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10709| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10710| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10711| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10712| [801942] Apache Archiva Multiple Vulnerabilities
10713| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10714| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10715| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10716| [801284] Apache Derby Information Disclosure Vulnerability
10717| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10718| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10719| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10720| [800680] Apache APR Version Detection
10721| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10722| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10723| [800677] Apache Roller Version Detection
10724| [800279] Apache mod_jk Module Version Detection
10725| [800278] Apache Struts Cross Site Scripting Vulnerability
10726| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10727| [800276] Apache Struts Version Detection
10728| [800271] Apache Struts Directory Traversal Vulnerability
10729| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10730| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10731| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10732| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10733| [103074] Apache Continuum Cross Site Scripting Vulnerability
10734| [103073] Apache Continuum Detection
10735| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10736| [101023] Apache Open For Business Weak Password security check
10737| [101020] Apache Open For Business HTML injection vulnerability
10738| [101019] Apache Open For Business service detection
10739| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10740| [100923] Apache Archiva Detection
10741| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10742| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10743| [100813] Apache Axis2 Detection
10744| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10745| [100795] Apache Derby Detection
10746| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10747| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10748| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10749| [100514] Apache Multiple Security Vulnerabilities
10750| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10751| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10752| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10753| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10754| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10755| [72612] FreeBSD Ports: apache22
10756| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
10757| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
10758| [71512] FreeBSD Ports: apache
10759| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
10760| [71256] Debian Security Advisory DSA 2452-1 (apache2)
10761| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
10762| [70737] FreeBSD Ports: apache
10763| [70724] Debian Security Advisory DSA 2405-1 (apache2)
10764| [70600] FreeBSD Ports: apache
10765| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
10766| [70235] Debian Security Advisory DSA 2298-2 (apache2)
10767| [70233] Debian Security Advisory DSA 2298-1 (apache2)
10768| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
10769| [69338] Debian Security Advisory DSA 2202-1 (apache2)
10770| [67868] FreeBSD Ports: apache
10771| [66816] FreeBSD Ports: apache
10772| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
10773| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
10774| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
10775| [66081] SLES11: Security update for Apache 2
10776| [66074] SLES10: Security update for Apache 2
10777| [66070] SLES9: Security update for Apache 2
10778| [65998] SLES10: Security update for apache2-mod_python
10779| [65893] SLES10: Security update for Apache 2
10780| [65888] SLES10: Security update for Apache 2
10781| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
10782| [65510] SLES9: Security update for Apache 2
10783| [65472] SLES9: Security update for Apache
10784| [65467] SLES9: Security update for Apache
10785| [65450] SLES9: Security update for apache2
10786| [65390] SLES9: Security update for Apache2
10787| [65363] SLES9: Security update for Apache2
10788| [65309] SLES9: Security update for Apache and mod_ssl
10789| [65296] SLES9: Security update for webdav apache module
10790| [65283] SLES9: Security update for Apache2
10791| [65249] SLES9: Security update for Apache 2
10792| [65230] SLES9: Security update for Apache 2
10793| [65228] SLES9: Security update for Apache 2
10794| [65212] SLES9: Security update for apache2-mod_python
10795| [65209] SLES9: Security update for apache2-worker
10796| [65207] SLES9: Security update for Apache 2
10797| [65168] SLES9: Security update for apache2-mod_python
10798| [65142] SLES9: Security update for Apache2
10799| [65136] SLES9: Security update for Apache 2
10800| [65132] SLES9: Security update for apache
10801| [65131] SLES9: Security update for Apache 2 oes/CORE
10802| [65113] SLES9: Security update for apache2
10803| [65072] SLES9: Security update for apache and mod_ssl
10804| [65017] SLES9: Security update for Apache 2
10805| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
10806| [64783] FreeBSD Ports: apache
10807| [64774] Ubuntu USN-802-2 (apache2)
10808| [64653] Ubuntu USN-813-2 (apache2)
10809| [64559] Debian Security Advisory DSA 1834-2 (apache2)
10810| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
10811| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
10812| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
10813| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
10814| [64443] Ubuntu USN-802-1 (apache2)
10815| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
10816| [64423] Debian Security Advisory DSA 1834-1 (apache2)
10817| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
10818| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
10819| [64251] Debian Security Advisory DSA 1816-1 (apache2)
10820| [64201] Ubuntu USN-787-1 (apache2)
10821| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
10822| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
10823| [63565] FreeBSD Ports: apache
10824| [63562] Ubuntu USN-731-1 (apache2)
10825| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
10826| [61185] FreeBSD Ports: apache
10827| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
10828| [60387] Slackware Advisory SSA:2008-045-02 apache
10829| [58826] FreeBSD Ports: apache-tomcat
10830| [58825] FreeBSD Ports: apache-tomcat
10831| [58804] FreeBSD Ports: apache
10832| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
10833| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
10834| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
10835| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
10836| [57335] Debian Security Advisory DSA 1167-1 (apache)
10837| [57201] Debian Security Advisory DSA 1131-1 (apache)
10838| [57200] Debian Security Advisory DSA 1132-1 (apache2)
10839| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
10840| [57145] FreeBSD Ports: apache
10841| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
10842| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
10843| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
10844| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
10845| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
10846| [56067] FreeBSD Ports: apache
10847| [55803] Slackware Advisory SSA:2005-310-04 apache
10848| [55519] Debian Security Advisory DSA 839-1 (apachetop)
10849| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
10850| [55355] FreeBSD Ports: apache
10851| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
10852| [55261] Debian Security Advisory DSA 805-1 (apache2)
10853| [55259] Debian Security Advisory DSA 803-1 (apache)
10854| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
10855| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
10856| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
10857| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
10858| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
10859| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
10860| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
10861| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
10862| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
10863| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
10864| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
10865| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
10866| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
10867| [54439] FreeBSD Ports: apache
10868| [53931] Slackware Advisory SSA:2004-133-01 apache
10869| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
10870| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
10871| [53878] Slackware Advisory SSA:2003-308-01 apache security update
10872| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
10873| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
10874| [53848] Debian Security Advisory DSA 131-1 (apache)
10875| [53784] Debian Security Advisory DSA 021-1 (apache)
10876| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
10877| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
10878| [53735] Debian Security Advisory DSA 187-1 (apache)
10879| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
10880| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
10881| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
10882| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
10883| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
10884| [53282] Debian Security Advisory DSA 594-1 (apache)
10885| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
10886| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
10887| [53215] Debian Security Advisory DSA 525-1 (apache)
10888| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
10889| [52529] FreeBSD Ports: apache+ssl
10890| [52501] FreeBSD Ports: apache
10891| [52461] FreeBSD Ports: apache
10892| [52390] FreeBSD Ports: apache
10893| [52389] FreeBSD Ports: apache
10894| [52388] FreeBSD Ports: apache
10895| [52383] FreeBSD Ports: apache
10896| [52339] FreeBSD Ports: apache+mod_ssl
10897| [52331] FreeBSD Ports: apache
10898| [52329] FreeBSD Ports: ru-apache+mod_ssl
10899| [52314] FreeBSD Ports: apache
10900| [52310] FreeBSD Ports: apache
10901| [15588] Detect Apache HTTPS
10902| [15555] Apache mod_proxy content-length buffer overflow
10903| [15554] Apache mod_include priviledge escalation
10904| [14771] Apache <= 1.3.33 htpasswd local overflow
10905| [14177] Apache mod_access rule bypass
10906| [13644] Apache mod_rootme Backdoor
10907| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
10908| [12280] Apache Connection Blocking Denial of Service
10909| [12239] Apache Error Log Escape Sequence Injection
10910| [12123] Apache Tomcat source.jsp malformed request information disclosure
10911| [12085] Apache Tomcat servlet/JSP container default files
10912| [11438] Apache Tomcat Directory Listing and File disclosure
10913| [11204] Apache Tomcat Default Accounts
10914| [11092] Apache 2.0.39 Win32 directory traversal
10915| [11046] Apache Tomcat TroubleShooter Servlet Installed
10916| [11042] Apache Tomcat DOS Device Name XSS
10917| [11041] Apache Tomcat /servlet Cross Site Scripting
10918| [10938] Apache Remote Command Execution via .bat files
10919| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
10920| [10773] MacOS X Finder reveals contents of Apache Web files
10921| [10766] Apache UserDir Sensitive Information Disclosure
10922| [10756] MacOS X Finder reveals contents of Apache Web directories
10923| [10752] Apache Auth Module SQL Insertion Attack
10924| [10704] Apache Directory Listing
10925| [10678] Apache /server-info accessible
10926| [10677] Apache /server-status accessible
10927| [10440] Check for Apache Multiple / vulnerability
10928|
10929| SecurityTracker - https://www.securitytracker.com:
10930| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
10931| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
10932| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
10933| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
10934| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10935| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10936| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10937| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
10938| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
10939| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
10940| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
10941| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
10942| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
10943| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
10944| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
10945| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
10946| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
10947| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
10948| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
10949| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
10950| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
10951| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
10952| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
10953| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
10954| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
10955| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10956| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
10957| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
10958| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
10959| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
10960| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
10961| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
10962| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
10963| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
10964| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
10965| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
10966| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
10967| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
10968| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
10969| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
10970| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
10971| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
10972| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
10973| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
10974| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
10975| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
10976| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
10977| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
10978| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
10979| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
10980| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
10981| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
10982| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
10983| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
10984| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
10985| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
10986| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
10987| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
10988| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
10989| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
10990| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
10991| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
10992| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
10993| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
10994| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
10995| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
10996| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
10997| [1024096] Apache mod_proxy_http May Return Results for a Different Request
10998| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
10999| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11000| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11001| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11002| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11003| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11004| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11005| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11006| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11007| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11008| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11009| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11010| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11011| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11012| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11013| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11014| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11015| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11016| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11017| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11018| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11019| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11020| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11021| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11022| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11023| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11024| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11025| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11026| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11027| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11028| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11029| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11030| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11031| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11032| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11033| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11034| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11035| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11036| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11037| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11038| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11039| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11040| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11041| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11042| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11043| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11044| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11045| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11046| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11047| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11048| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11049| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11050| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11051| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11052| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11053| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11054| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11055| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11056| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11057| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11058| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11059| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11060| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11061| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11062| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11063| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11064| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11065| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11066| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11067| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11068| [1008920] Apache mod_digest May Validate Replayed Client Responses
11069| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11070| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11071| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11072| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11073| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11074| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11075| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11076| [1008029] Apache mod_alias Contains a Buffer Overflow
11077| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11078| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11079| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11080| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11081| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11082| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11083| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11084| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11085| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11086| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11087| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11088| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11089| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11090| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11091| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11092| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11093| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11094| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11095| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11096| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11097| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11098| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11099| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11100| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11101| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11102| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11103| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11104| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11105| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11106| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11107| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11108| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11109| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11110| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11111| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11112| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11113| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11114| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11115| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11116| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11117| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11118| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11119| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11120| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11121| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11122| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11123| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11124| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11125| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11126| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11127| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11128| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11129| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11130| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11131| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11132| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11133|
11134| OSVDB - http://www.osvdb.org:
11135| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11136| [96077] Apache CloudStack Global Settings Multiple Field XSS
11137| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11138| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11139| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11140| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11141| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11142| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11143| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11144| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11145| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11146| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11147| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11148| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11149| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11150| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11151| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11152| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11153| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11154| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11155| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11156| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11157| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11158| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11159| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11160| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11161| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11162| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11163| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11164| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11165| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11166| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11167| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11168| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11169| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11170| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11171| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11172| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11173| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11174| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11175| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11176| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11177| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11178| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11179| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11180| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11181| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11182| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11183| [94279] Apache Qpid CA Certificate Validation Bypass
11184| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11185| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11186| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11187| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11188| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11189| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11190| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11191| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11192| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11193| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11194| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11195| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11196| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11197| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11198| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11199| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11200| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11201| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11202| [93541] Apache Solr json.wrf Callback XSS
11203| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11204| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11205| [93520] Apache CloudStack Default SSL Key Weakness
11206| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11207| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11208| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11209| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11210| [93515] Apache HBase table.jsp name Parameter XSS
11211| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11212| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11213| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11214| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11215| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11216| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11217| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11218| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11219| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11220| [93252] Apache Tomcat FORM Authenticator Session Fixation
11221| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11222| [93171] Apache Sling HtmlResponse Error Message XSS
11223| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11224| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11225| [93168] Apache Click ErrorReport.java id Parameter XSS
11226| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11227| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11228| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11229| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11230| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11231| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11232| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11233| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11234| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11235| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11236| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11237| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11238| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11239| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11240| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11241| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11242| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11243| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11244| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11245| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11246| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11247| [93144] Apache Solr Admin Command Execution CSRF
11248| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11249| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11250| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11251| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11252| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11253| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11254| [92748] Apache CloudStack VM Console Access Restriction Bypass
11255| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11256| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11257| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11258| [92706] Apache ActiveMQ Debug Log Rendering XSS
11259| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11260| [92270] Apache Tomcat Unspecified CSRF
11261| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11262| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11263| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11264| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11265| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11266| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11267| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11268| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11269| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11270| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11271| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11272| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11273| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11274| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11275| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11276| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11277| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11278| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11279| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11280| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11281| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11282| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11283| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11284| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11285| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11286| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11287| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11288| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11289| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11290| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11291| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11292| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11293| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11294| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11295| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11296| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11297| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11298| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11299| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11300| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11301| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11302| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11303| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11304| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11305| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11306| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11307| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11308| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11309| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11310| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11311| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11312| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11313| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11314| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11315| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11316| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11317| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11318| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11319| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11320| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11321| [86901] Apache Tomcat Error Message Path Disclosure
11322| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11323| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11324| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11325| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11326| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11327| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11328| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11329| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11330| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11331| [85430] Apache mod_pagespeed Module Unspecified XSS
11332| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11333| [85249] Apache Wicket Unspecified XSS
11334| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11335| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11336| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11337| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11338| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11339| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11340| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11341| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11342| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11343| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11344| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11345| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11346| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11347| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11348| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11349| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11350| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11351| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11352| [83339] Apache Roller Blogger Roll Unspecified XSS
11353| [83270] Apache Roller Unspecified Admin Action CSRF
11354| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11355| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11356| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11357| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11358| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11359| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11360| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11361| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11362| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11363| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11364| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11365| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11366| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11367| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11368| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11369| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11370| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11371| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11372| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11373| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11374| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11375| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11376| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11377| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11378| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11379| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11380| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11381| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11382| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11383| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11384| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11385| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11386| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11387| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11388| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11389| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11390| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11391| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11392| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11393| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11394| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11395| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11396| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11397| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11398| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11399| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11400| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11401| [77593] Apache Struts Conversion Error OGNL Expression Injection
11402| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11403| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11404| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11405| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11406| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11407| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11408| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11409| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11410| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11411| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11412| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11413| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11414| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11415| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11416| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11417| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11418| [74725] Apache Wicket Multi Window Support Unspecified XSS
11419| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11420| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11421| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11422| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11423| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11424| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11425| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11426| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11427| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11428| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11429| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11430| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11431| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11432| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11433| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11434| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11435| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11436| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11437| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11438| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11439| [73154] Apache Archiva Multiple Unspecified CSRF
11440| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11441| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11442| [72238] Apache Struts Action / Method Names <
11443| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11444| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11445| [71557] Apache Tomcat HTML Manager Multiple XSS
11446| [71075] Apache Archiva User Management Page XSS
11447| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11448| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11449| [70924] Apache Continuum Multiple Admin Function CSRF
11450| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11451| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11452| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11453| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11454| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11455| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11456| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11457| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11458| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11459| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11460| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11461| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11462| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11463| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11464| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11465| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11466| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11467| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11468| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11469| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11470| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11471| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11472| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11473| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11474| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11475| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11476| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11477| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11478| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11479| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11480| [65054] Apache ActiveMQ Jetty Error Handler XSS
11481| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11482| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11483| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11484| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11485| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11486| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11487| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11488| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11489| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11490| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11491| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11492| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11493| [63895] Apache HTTP Server mod_headers Unspecified Issue
11494| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11495| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11496| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11497| [63140] Apache Thrift Service Malformed Data Remote DoS
11498| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11499| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11500| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11501| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11502| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11503| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11504| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11505| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11506| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11507| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11508| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11509| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11510| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11511| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11512| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11513| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11514| [60678] Apache Roller Comment Email Notification Manipulation DoS
11515| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11516| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11517| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11518| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11519| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11520| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11521| [60232] PHP on Apache php.exe Direct Request Remote DoS
11522| [60176] Apache Tomcat Windows Installer Admin Default Password
11523| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11524| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11525| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11526| [59944] Apache Hadoop jobhistory.jsp XSS
11527| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11528| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11529| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11530| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11531| [59019] Apache mod_python Cookie Salting Weakness
11532| [59018] Apache Harmony Error Message Handling Overflow
11533| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11534| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11535| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11536| [59010] Apache Solr get-file.jsp XSS
11537| [59009] Apache Solr action.jsp XSS
11538| [59008] Apache Solr analysis.jsp XSS
11539| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11540| [59006] Apache Beehive select / checkbox Tag XSS
11541| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11542| [59004] Apache Beehive Error Message XSS
11543| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11544| [59002] Apache Jetspeed default-page.psml URI XSS
11545| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11546| [59000] Apache CXF Unsigned Message Policy Bypass
11547| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11548| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11549| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11550| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11551| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11552| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11553| [58993] Apache Hadoop browseBlock.jsp XSS
11554| [58991] Apache Hadoop browseDirectory.jsp XSS
11555| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11556| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11557| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11558| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11559| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11560| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11561| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11562| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11563| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11564| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11565| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11566| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11567| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11568| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11569| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11570| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11571| [58974] Apache Sling /apps Script User Session Management Access Weakness
11572| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11573| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11574| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11575| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11576| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11577| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11578| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11579| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11580| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11581| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11582| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11583| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11584| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11585| [58805] Apache Derby Unauthenticated Database / Admin Access
11586| [58804] Apache Wicket Header Contribution Unspecified Issue
11587| [58803] Apache Wicket Session Fixation
11588| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11589| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11590| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11591| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11592| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11593| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11594| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11595| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11596| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11597| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11598| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11599| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11600| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11601| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11602| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11603| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11604| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11605| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11606| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11607| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11608| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11609| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11610| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11611| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11612| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11613| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11614| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11615| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11616| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11617| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11618| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11619| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11620| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11621| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11622| [58755] Apache Harmony DRLVM Non-public Class Member Access
11623| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11624| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11625| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11626| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11627| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11628| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11629| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11630| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11631| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11632| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11633| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11634| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11635| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11636| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11637| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11638| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11639| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11640| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11641| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11642| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11643| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11644| [58724] Apache Roller Logout Functionality Failure Session Persistence
11645| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11646| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11647| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11648| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11649| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11650| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11651| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11652| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11653| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11654| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11655| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11656| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11657| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11658| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11659| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11660| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11661| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11662| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11663| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11664| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11665| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11666| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11667| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11668| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11669| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11670| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11671| [58687] Apache Axis Invalid wsdl Request XSS
11672| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11673| [58685] Apache Velocity Template Designer Privileged Code Execution
11674| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11675| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11676| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11677| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11678| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11679| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11680| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11681| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11682| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11683| [58667] Apache Roller Database Cleartext Passwords Disclosure
11684| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11685| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11686| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11687| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11688| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11689| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11690| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11691| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11692| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11693| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11694| [56984] Apache Xerces2 Java Malformed XML Input DoS
11695| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11696| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11697| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11698| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11699| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11700| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11701| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11702| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11703| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11704| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11705| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11706| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11707| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11708| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11709| [55056] Apache Tomcat Cross-application TLD File Manipulation
11710| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11711| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11712| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11713| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11714| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11715| [54589] Apache Jserv Nonexistent JSP Request XSS
11716| [54122] Apache Struts s:a / s:url Tag href Element XSS
11717| [54093] Apache ActiveMQ Web Console JMS Message XSS
11718| [53932] Apache Geronimo Multiple Admin Function CSRF
11719| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11720| [53930] Apache Geronimo /console/portal/ URI XSS
11721| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11722| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11723| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11724| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11725| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11726| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11727| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11728| [53380] Apache Struts Unspecified XSS
11729| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11730| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11731| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11732| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11733| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11734| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11735| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11736| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11737| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11738| [51151] Apache Roller Search Function q Parameter XSS
11739| [50482] PHP with Apache php_value Order Unspecified Issue
11740| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11741| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11742| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11743| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11744| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11745| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11746| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11747| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11748| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11749| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11750| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11751| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11752| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11753| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11754| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11755| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
11756| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
11757| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
11758| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
11759| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
11760| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
11761| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
11762| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
11763| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
11764| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
11765| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
11766| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
11767| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
11768| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
11769| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
11770| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
11771| [43452] Apache Tomcat HTTP Request Smuggling
11772| [43309] Apache Geronimo LoginModule Login Method Bypass
11773| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
11774| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
11775| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
11776| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
11777| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
11778| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
11779| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
11780| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
11781| [42091] Apache Maven Site Plugin Installation Permission Weakness
11782| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
11783| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
11784| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
11785| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
11786| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
11787| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
11788| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
11789| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
11790| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
11791| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
11792| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
11793| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
11794| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
11795| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
11796| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
11797| [40262] Apache HTTP Server mod_status refresh XSS
11798| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
11799| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
11800| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
11801| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
11802| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
11803| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
11804| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
11805| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
11806| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
11807| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
11808| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
11809| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
11810| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
11811| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
11812| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
11813| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
11814| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
11815| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
11816| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
11817| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
11818| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
11819| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
11820| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
11821| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
11822| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
11823| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
11824| [36080] Apache Tomcat JSP Examples Crafted URI XSS
11825| [36079] Apache Tomcat Manager Uploaded Filename XSS
11826| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
11827| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
11828| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
11829| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
11830| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
11831| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
11832| [34881] Apache Tomcat Malformed Accept-Language Header XSS
11833| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
11834| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
11835| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
11836| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
11837| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
11838| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
11839| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
11840| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
11841| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
11842| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
11843| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
11844| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
11845| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
11846| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
11847| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
11848| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
11849| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
11850| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
11851| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
11852| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
11853| [32724] Apache mod_python _filter_read Freed Memory Disclosure
11854| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
11855| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
11856| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
11857| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
11858| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
11859| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
11860| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
11861| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
11862| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
11863| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
11864| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
11865| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
11866| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
11867| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
11868| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
11869| [24365] Apache Struts Multiple Function Error Message XSS
11870| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
11871| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
11872| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
11873| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
11874| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
11875| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
11876| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
11877| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
11878| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
11879| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
11880| [22459] Apache Geronimo Error Page XSS
11881| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
11882| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
11883| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
11884| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
11885| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
11886| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
11887| [21021] Apache Struts Error Message XSS
11888| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
11889| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
11890| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
11891| [20439] Apache Tomcat Directory Listing Saturation DoS
11892| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
11893| [20285] Apache HTTP Server Log File Control Character Injection
11894| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
11895| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
11896| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
11897| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
11898| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
11899| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
11900| [19821] Apache Tomcat Malformed Post Request Information Disclosure
11901| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
11902| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
11903| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
11904| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
11905| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
11906| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
11907| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
11908| [18233] Apache HTTP Server htdigest user Variable Overfow
11909| [17738] Apache HTTP Server HTTP Request Smuggling
11910| [16586] Apache HTTP Server Win32 GET Overflow DoS
11911| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
11912| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
11913| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
11914| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
11915| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
11916| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
11917| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
11918| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
11919| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
11920| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
11921| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
11922| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
11923| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
11924| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
11925| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
11926| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
11927| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
11928| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
11929| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
11930| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
11931| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
11932| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
11933| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
11934| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
11935| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
11936| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
11937| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
11938| [13304] Apache Tomcat realPath.jsp Path Disclosure
11939| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
11940| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
11941| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
11942| [12848] Apache HTTP Server htdigest realm Variable Overflow
11943| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
11944| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
11945| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
11946| [12557] Apache HTTP Server prefork MPM accept Error DoS
11947| [12233] Apache Tomcat MS-DOS Device Name Request DoS
11948| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
11949| [12231] Apache Tomcat web.xml Arbitrary File Access
11950| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
11951| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
11952| [12178] Apache Jakarta Lucene results.jsp XSS
11953| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
11954| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
11955| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
11956| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
11957| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
11958| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
11959| [10471] Apache Xerces-C++ XML Parser DoS
11960| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
11961| [10068] Apache HTTP Server htpasswd Local Overflow
11962| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
11963| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
11964| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
11965| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
11966| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
11967| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
11968| [9717] Apache HTTP Server mod_cookies Cookie Overflow
11969| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
11970| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
11971| [9714] Apache Authentication Module Threaded MPM DoS
11972| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
11973| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
11974| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
11975| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
11976| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
11977| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
11978| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
11979| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
11980| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
11981| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
11982| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
11983| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
11984| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
11985| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
11986| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
11987| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
11988| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
11989| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
11990| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
11991| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
11992| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
11993| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
11994| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
11995| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
11996| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
11997| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
11998| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
11999| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12000| [9208] Apache Tomcat .jsp Encoded Newline XSS
12001| [9204] Apache Tomcat ROOT Application XSS
12002| [9203] Apache Tomcat examples Application XSS
12003| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12004| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12005| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12006| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12007| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12008| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12009| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12010| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12011| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12012| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12013| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12014| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12015| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12016| [7611] Apache HTTP Server mod_alias Local Overflow
12017| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12018| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12019| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12020| [6882] Apache mod_python Malformed Query String Variant DoS
12021| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12022| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12023| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12024| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12025| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12026| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12027| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12028| [5278] Apache Tomcat web.xml Restriction Bypass
12029| [5051] Apache Tomcat Null Character DoS
12030| [4973] Apache Tomcat servlet Mapping XSS
12031| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12032| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12033| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12034| [4568] mod_survey For Apache ENV Tags SQL Injection
12035| [4553] Apache HTTP Server ApacheBench Overflow DoS
12036| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12037| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12038| [4383] Apache HTTP Server Socket Race Condition DoS
12039| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12040| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12041| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12042| [4231] Apache Cocoon Error Page Server Path Disclosure
12043| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12044| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12045| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12046| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12047| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12048| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12049| [3322] mod_php for Apache HTTP Server Process Hijack
12050| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12051| [2885] Apache mod_python Malformed Query String DoS
12052| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12053| [2733] Apache HTTP Server mod_rewrite Local Overflow
12054| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12055| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12056| [2149] Apache::Gallery Privilege Escalation
12057| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12058| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12059| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12060| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12061| [872] Apache Tomcat Multiple Default Accounts
12062| [862] Apache HTTP Server SSI Error Page XSS
12063| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12064| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12065| [845] Apache Tomcat MSDOS Device XSS
12066| [844] Apache Tomcat Java Servlet Error Page XSS
12067| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12068| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12069| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12070| [775] Apache mod_python Module Importing Privilege Function Execution
12071| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12072| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12073| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12074| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12075| [637] Apache HTTP Server UserDir Directive Username Enumeration
12076| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12077| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12078| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12079| [561] Apache Web Servers mod_status /server-status Information Disclosure
12080| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12081| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12082| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12083| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12084| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12085| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12086| [376] Apache Tomcat contextAdmin Arbitrary File Access
12087| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12088| [222] Apache HTTP Server test-cgi Arbitrary File Access
12089| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12090| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12091|_
12092Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
12093Device type: WAP|general purpose|router
12094Running: Linux 2.4.X|2.6.X|3.X, MikroTik RouterOS 6.X
12095OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3.2.0 cpe:/o:mikrotik:routeros:6.15
12096OS details: Tomato 1.27 - 1.28 (Linux 2.4.20), Linux 2.6.18 - 2.6.22, Linux 3.2.0, MikroTik RouterOS 6.15 (Linux 3.3.5)
12097Network Distance: 26 hops
12098
12099TRACEROUTE (using port 443/tcp)
12100HOP RTT ADDRESS
121011 108.81 ms 10.249.204.1
121022 167.72 ms 104.245.145.177
121033 108.84 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
121044 108.86 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
121055 108.86 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
121066 137.85 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225)
121077 137.87 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221)
121088 137.89 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165)
121099 167.76 ms be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89)
1211010 78.18 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145)
1211111 119.56 ms be3109.ccr21.sfo01.atlas.cogentco.com (154.54.44.137)
1211212 152.35 ms be3669.ccr41.sjc03.atlas.cogentco.com (154.54.43.10)
1211313 121.71 ms 38.88.224.178
1211414 152.30 ms 111.87.3.105
1211515 229.13 ms 106.187.13.21
1211616 256.78 ms 27.85.132.178
1211717 256.79 ms 27.85.231.82
1211818 256.77 ms nagJIN202.int-gw.kddi.ne.jp (210.132.125.253)
1211919 262.65 ms 125.29.29.94
1212020 262.59 ms r-210-173-150-82.commufa.jp (210.173.150.82)
1212121 ...
1212222 227.31 ms 218-216-186-22.dc.ctc.ad.jp (218.216.186.22)
1212323 354.02 ms 218-216-186-206.dc.ctc.ad.jp (218.216.186.206)
1212424 278.29 ms 218-216-177-250.dc.ctc.ad.jp (218.216.177.250)
1212525 283.48 ms 223.29.54.1
1212626 223.00 ms 223-29-54-96.tobila.com (223.29.54.96)
12127
12128NSE: Script Post-scanning.
12129Initiating NSE at 09:52
12130Completed NSE at 09:52, 0.00s elapsed
12131Initiating NSE at 09:52
12132Completed NSE at 09:52, 0.00s elapsed
12133######################################################################################################################################
12134Version: 1.11.13-static
12135OpenSSL 1.0.2-chacha (1.0.2g-dev)
12136
12137Connected to 223.29.54.96
12138
12139Testing SSL server 223.29.54.96 on port 443 using SNI name 223.29.54.96
12140
12141 TLS Fallback SCSV:
12142Server supports TLS Fallback SCSV
12143
12144 TLS renegotiation:
12145Secure session renegotiation supported
12146
12147 TLS Compression:
12148Compression disabled
12149
12150 Heartbleed:
12151TLS 1.2 not vulnerable to heartbleed
12152TLS 1.1 not vulnerable to heartbleed
12153TLS 1.0 not vulnerable to heartbleed
12154
12155 Supported Server Cipher(s):
12156Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
12157Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
12158Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
12159Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
12160Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
12161Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
12162Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12163Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12164Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
12165Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12166Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
12167Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12168Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12169Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12170Accepted TLSv1.2 128 bits AES128-GCM-SHA256
12171Accepted TLSv1.2 256 bits AES256-GCM-SHA384
12172Accepted TLSv1.2 128 bits AES128-SHA256
12173Accepted TLSv1.2 256 bits AES256-SHA256
12174Accepted TLSv1.2 128 bits AES128-SHA
12175Accepted TLSv1.2 256 bits AES256-SHA
12176Accepted TLSv1.2 112 bits DES-CBC3-SHA
12177Preferred TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12178Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12179Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12180Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12181Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12182Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12183Accepted TLSv1.1 128 bits AES128-SHA
12184Accepted TLSv1.1 256 bits AES256-SHA
12185Accepted TLSv1.1 112 bits DES-CBC3-SHA
12186Preferred TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
12187Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
12188Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
12189Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
12190Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
12191Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
12192Accepted TLSv1.0 128 bits AES128-SHA
12193Accepted TLSv1.0 256 bits AES256-SHA
12194Accepted TLSv1.0 112 bits DES-CBC3-SHA
12195
12196 SSL Certificate:
12197Signature Algorithm: sha256WithRSAEncryption
12198RSA Key Strength: 2048
12199
12200Subject: ssl.hp4u.jp
12201Altnames: DNS:ssl.hp4u.jp
12202Issuer: Let's Encrypt Authority X3
12203
12204Not valid before: Jan 6 03:51:24 2020 GMT
12205Not valid after: Apr 5 03:51:24 2020 GMT
12206######################################################################################################################################
12207Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 09:58 EST
12208NSE: Loaded 47 scripts for scanning.
12209NSE: Script Pre-scanning.
12210Initiating NSE at 09:58
12211Completed NSE at 09:58, 0.00s elapsed
12212Initiating NSE at 09:58
12213Completed NSE at 09:58, 0.00s elapsed
12214Initiating Parallel DNS resolution of 1 host. at 09:58
12215Completed Parallel DNS resolution of 1 host. at 09:58, 0.02s elapsed
12216Initiating SYN Stealth Scan at 09:58
12217Scanning 223-29-54-96.tobila.com (223.29.54.96) [65535 ports]
12218Discovered open port 80/tcp on 223.29.54.96
12219Discovered open port 995/tcp on 223.29.54.96
12220Discovered open port 993/tcp on 223.29.54.96
12221Discovered open port 587/tcp on 223.29.54.96
12222Discovered open port 143/tcp on 223.29.54.96
12223Discovered open port 443/tcp on 223.29.54.96
12224Discovered open port 110/tcp on 223.29.54.96
12225SYN Stealth Scan Timing: About 7.69% done; ETC: 10:04 (0:06:12 remaining)
12226SYN Stealth Scan Timing: About 33.92% done; ETC: 10:01 (0:01:59 remaining)
12227SYN Stealth Scan Timing: About 67.41% done; ETC: 10:00 (0:00:44 remaining)
12228Discovered open port 465/tcp on 223.29.54.96
12229SYN Stealth Scan Timing: About 61.15% done; ETC: 10:01 (0:01:17 remaining)
12230SYN Stealth Scan Timing: About 75.84% done; ETC: 10:01 (0:00:48 remaining)
12231Completed SYN Stealth Scan at 10:01, 187.75s elapsed (65535 total ports)
12232Initiating Service scan at 10:01
12233Scanning 8 services on 223-29-54-96.tobila.com (223.29.54.96)
12234Completed Service scan at 10:01, 14.48s elapsed (8 services on 1 host)
12235Initiating OS detection (try #1) against 223-29-54-96.tobila.com (223.29.54.96)
12236Retrying OS detection (try #2) against 223-29-54-96.tobila.com (223.29.54.96)
12237Initiating Traceroute at 10:01
12238Completed Traceroute at 10:01, 0.13s elapsed
12239Initiating Parallel DNS resolution of 2 hosts. at 10:01
12240Completed Parallel DNS resolution of 2 hosts. at 10:01, 0.00s elapsed
12241NSE: Script scanning 223.29.54.96.
12242Initiating NSE at 10:01
12243Completed NSE at 10:01, 17.06s elapsed
12244Initiating NSE at 10:01
12245Completed NSE at 10:01, 2.40s elapsed
12246Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
12247Host is up (0.11s latency).
12248Not shown: 65524 filtered ports
12249PORT STATE SERVICE VERSION
1225025/tcp closed smtp
1225180/tcp open http Apache httpd
12252|_http-server-header: Apache
12253| vulscan: VulDB - https://vuldb.com:
12254| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12255| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12256| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12257| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12258| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12259| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12260| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12261| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12262| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12263| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12264| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12265| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12266| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12267| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12268| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12269| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12270| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12271| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12272| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12273| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12274| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12275| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12276| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12277| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12278| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12279| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12280| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12281| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12282| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12283| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12284| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12285| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12286| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12287| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12288| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12289| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12290| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12291| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12292| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12293| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12294| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12295| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12296| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12297| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12298| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12299| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12300| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12301| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12302| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12303| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12304| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12305| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12306| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12307| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12308| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12309| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12310| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12311| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12312| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12313| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12314| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12315| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12316| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12317| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12318| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12319| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12320| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12321| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12322| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12323| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12324| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12325| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12326| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12327| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12328| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12329| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12330| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12331| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12332| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12333| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12334| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12335| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12336| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12337| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12338| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12339| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12340| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12341| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12342| [136370] Apache Fineract up to 1.2.x sql injection
12343| [136369] Apache Fineract up to 1.2.x sql injection
12344| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12345| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12346| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12347| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12348| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12349| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12350| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12351| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12352| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12353| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12354| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12355| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12356| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12357| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12358| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12359| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12360| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12361| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12362| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12363| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12364| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12365| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12366| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12367| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12368| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12369| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12370| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12371| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12372| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12373| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12374| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12375| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12376| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12377| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12378| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12379| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12380| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12381| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12382| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12383| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12384| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12385| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12386| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12387| [130629] Apache Guacamole Cookie Flag weak encryption
12388| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12389| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12390| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12391| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12392| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12393| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12394| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12395| [130123] Apache Airflow up to 1.8.2 information disclosure
12396| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12397| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12398| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12399| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12400| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12401| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12402| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12403| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12404| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12405| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12406| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12407| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12408| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12409| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12410| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12411| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12412| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12413| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12414| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12415| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12416| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12417| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12418| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12419| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12420| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12421| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12422| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12423| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12424| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12425| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12426| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12427| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12428| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12429| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12430| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12431| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12432| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12433| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12434| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12435| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12436| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12437| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12438| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12439| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12440| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12441| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12442| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12443| [127007] Apache Spark Request Code Execution
12444| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12445| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12446| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12447| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12448| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12449| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12450| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12451| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12452| [126346] Apache Tomcat Path privilege escalation
12453| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12454| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12455| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12456| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12457| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12458| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12459| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12460| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12461| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12462| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12463| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12464| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12465| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12466| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12467| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12468| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12469| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12470| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12471| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12472| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12473| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12474| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12475| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12476| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12477| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12478| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12479| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12480| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12481| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12482| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12483| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12484| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12485| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12486| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12487| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12488| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12489| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12490| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12491| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12492| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12493| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12494| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
12495| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
12496| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
12497| [123197] Apache Sentry up to 2.0.0 privilege escalation
12498| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
12499| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
12500| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
12501| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
12502| [122800] Apache Spark 1.3.0 REST API weak authentication
12503| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
12504| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
12505| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
12506| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
12507| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
12508| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
12509| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
12510| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
12511| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
12512| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
12513| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
12514| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
12515| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
12516| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
12517| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
12518| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
12519| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
12520| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
12521| [121354] Apache CouchDB HTTP API Code Execution
12522| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
12523| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
12524| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
12525| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
12526| [120168] Apache CXF weak authentication
12527| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
12528| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
12529| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
12530| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
12531| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
12532| [119306] Apache MXNet Network Interface privilege escalation
12533| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
12534| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
12535| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
12536| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
12537| [118143] Apache NiFi activemq-client Library Deserialization denial of service
12538| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
12539| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
12540| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
12541| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
12542| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
12543| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
12544| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
12545| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
12546| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
12547| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
12548| [117115] Apache Tika up to 1.17 tika-server command injection
12549| [116929] Apache Fineract getReportType Parameter privilege escalation
12550| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
12551| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
12552| [116926] Apache Fineract REST Parameter privilege escalation
12553| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
12554| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
12555| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
12556| [115883] Apache Hive up to 2.3.2 privilege escalation
12557| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
12558| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
12559| [115518] Apache Ignite 2.3 Deserialization privilege escalation
12560| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
12561| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
12562| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
12563| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
12564| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
12565| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
12566| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
12567| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
12568| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
12569| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
12570| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
12571| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
12572| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
12573| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
12574| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
12575| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
12576| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
12577| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
12578| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
12579| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
12580| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
12581| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
12582| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
12583| [113895] Apache Geode up to 1.3.x Code Execution
12584| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
12585| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
12586| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
12587| [113747] Apache Tomcat Servlets privilege escalation
12588| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
12589| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
12590| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
12591| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
12592| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
12593| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12594| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
12595| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
12596| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
12597| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
12598| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
12599| [112885] Apache Allura up to 1.8.0 File information disclosure
12600| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
12601| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
12602| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
12603| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
12604| [112625] Apache POI up to 3.16 Loop denial of service
12605| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
12606| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
12607| [112339] Apache NiFi 1.5.0 Header privilege escalation
12608| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
12609| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
12610| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
12611| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
12612| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
12613| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
12614| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
12615| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
12616| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
12617| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
12618| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
12619| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
12620| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
12621| [112114] Oracle 9.1 Apache Log4j privilege escalation
12622| [112113] Oracle 9.1 Apache Log4j privilege escalation
12623| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
12624| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
12625| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
12626| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
12627| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
12628| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
12629| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
12630| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
12631| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
12632| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
12633| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
12634| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
12635| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
12636| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
12637| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
12638| [110701] Apache Fineract Query Parameter sql injection
12639| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
12640| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
12641| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
12642| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
12643| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
12644| [110106] Apache CXF Fediz Spring cross site request forgery
12645| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
12646| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
12647| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
12648| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
12649| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
12650| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
12651| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
12652| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
12653| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
12654| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
12655| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
12656| [108938] Apple macOS up to 10.13.1 apache denial of service
12657| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
12658| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
12659| [108935] Apple macOS up to 10.13.1 apache denial of service
12660| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
12661| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
12662| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
12663| [108931] Apple macOS up to 10.13.1 apache denial of service
12664| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
12665| [108929] Apple macOS up to 10.13.1 apache denial of service
12666| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
12667| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
12668| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
12669| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
12670| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
12671| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
12672| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
12673| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
12674| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
12675| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
12676| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
12677| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
12678| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
12679| [108782] Apache Xerces2 XML Service denial of service
12680| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
12681| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
12682| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
12683| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
12684| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
12685| [108629] Apache OFBiz up to 10.04.01 privilege escalation
12686| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
12687| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
12688| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
12689| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
12690| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
12691| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
12692| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
12693| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
12694| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
12695| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
12696| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
12697| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
12698| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
12699| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
12700| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
12701| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
12702| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
12703| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12704| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
12705| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
12706| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
12707| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
12708| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
12709| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
12710| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
12711| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
12712| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
12713| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
12714| [107639] Apache NiFi 1.4.0 XML External Entity
12715| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
12716| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
12717| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
12718| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
12719| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
12720| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
12721| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
12722| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
12723| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
12724| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
12725| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
12726| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12727| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
12728| [107197] Apache Xerces Jelly Parser XML File XML External Entity
12729| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
12730| [107084] Apache Struts up to 2.3.19 cross site scripting
12731| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
12732| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
12733| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
12734| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
12735| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
12736| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
12737| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
12738| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
12739| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
12740| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
12741| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
12742| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
12743| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12744| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
12745| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
12746| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
12747| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
12748| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
12749| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
12750| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
12751| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
12752| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
12753| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
12754| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
12755| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
12756| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
12757| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
12758| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
12759| [105878] Apache Struts up to 2.3.24.0 privilege escalation
12760| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
12761| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
12762| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
12763| [105643] Apache Pony Mail up to 0.8b weak authentication
12764| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
12765| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
12766| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
12767| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
12768| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
12769| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
12770| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
12771| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
12772| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
12773| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
12774| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
12775| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
12776| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
12777| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
12778| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
12779| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
12780| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
12781| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
12782| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
12783| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
12784| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
12785| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
12786| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
12787| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
12788| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
12789| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
12790| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
12791| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
12792| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
12793| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
12794| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
12795| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
12796| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
12797| [103690] Apache OpenMeetings 1.0.0 sql injection
12798| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
12799| [103688] Apache OpenMeetings 1.0.0 weak encryption
12800| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
12801| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
12802| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
12803| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
12804| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
12805| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
12806| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
12807| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
12808| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
12809| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
12810| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
12811| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
12812| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
12813| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
12814| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
12815| [103352] Apache Solr Node weak authentication
12816| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
12817| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
12818| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
12819| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
12820| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
12821| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
12822| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
12823| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
12824| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
12825| [102536] Apache Ranger up to 0.6 Stored cross site scripting
12826| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
12827| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
12828| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
12829| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
12830| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
12831| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
12832| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
12833| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
12834| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
12835| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
12836| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
12837| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
12838| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
12839| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
12840| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
12841| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
12842| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
12843| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
12844| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
12845| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
12846| [99937] Apache Batik up to 1.8 privilege escalation
12847| [99936] Apache FOP up to 2.1 privilege escalation
12848| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
12849| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
12850| [99930] Apache Traffic Server up to 6.2.0 denial of service
12851| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
12852| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
12853| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
12854| [117569] Apache Hadoop up to 2.7.3 privilege escalation
12855| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
12856| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
12857| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
12858| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
12859| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
12860| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
12861| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
12862| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
12863| [99014] Apache Camel Jackson/JacksonXML privilege escalation
12864| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12865| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
12866| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
12867| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
12868| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
12869| [98605] Apple macOS up to 10.12.3 Apache denial of service
12870| [98604] Apple macOS up to 10.12.3 Apache denial of service
12871| [98603] Apple macOS up to 10.12.3 Apache denial of service
12872| [98602] Apple macOS up to 10.12.3 Apache denial of service
12873| [98601] Apple macOS up to 10.12.3 Apache denial of service
12874| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
12875| [98405] Apache Hadoop up to 0.23.10 privilege escalation
12876| [98199] Apache Camel Validation XML External Entity
12877| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
12878| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
12879| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
12880| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
12881| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
12882| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
12883| [97081] Apache Tomcat HTTPS Request denial of service
12884| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
12885| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
12886| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
12887| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
12888| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
12889| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
12890| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
12891| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
12892| [95311] Apache Storm UI Daemon privilege escalation
12893| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
12894| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
12895| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
12896| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
12897| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
12898| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
12899| [94540] Apache Tika 1.9 tika-server File information disclosure
12900| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
12901| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
12902| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
12903| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
12904| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
12905| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
12906| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12907| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
12908| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
12909| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
12910| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
12911| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
12912| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
12913| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
12914| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12915| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
12916| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
12917| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
12918| [93532] Apache Commons Collections Library Java privilege escalation
12919| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
12920| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
12921| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
12922| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
12923| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
12924| [93098] Apache Commons FileUpload privilege escalation
12925| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
12926| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
12927| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
12928| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
12929| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
12930| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
12931| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
12932| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
12933| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
12934| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
12935| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
12936| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
12937| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
12938| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
12939| [92549] Apache Tomcat on Red Hat privilege escalation
12940| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
12941| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
12942| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
12943| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
12944| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
12945| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
12946| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
12947| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
12948| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
12949| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
12950| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
12951| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
12952| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
12953| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
12954| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
12955| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
12956| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
12957| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
12958| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
12959| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
12960| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
12961| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
12962| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
12963| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
12964| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
12965| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
12966| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
12967| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
12968| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
12969| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
12970| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
12971| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
12972| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
12973| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
12974| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
12975| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
12976| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
12977| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
12978| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
12979| [90263] Apache Archiva Header denial of service
12980| [90262] Apache Archiva Deserialize privilege escalation
12981| [90261] Apache Archiva XML DTD Connection privilege escalation
12982| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
12983| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
12984| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
12985| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
12986| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12987| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
12988| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
12989| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
12990| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
12991| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
12992| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
12993| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
12994| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
12995| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
12996| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
12997| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
12998| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
12999| [87765] Apache James Server 2.3.2 Command privilege escalation
13000| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13001| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13002| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13003| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13004| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13005| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13006| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13007| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13008| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13009| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13010| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13011| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13012| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13013| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13014| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13015| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13016| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13017| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13018| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13019| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13020| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13021| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13022| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13023| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13024| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13025| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13026| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13027| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13028| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13029| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13030| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13031| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13032| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13033| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13034| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13035| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13036| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13037| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13038| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13039| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13040| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13041| [82076] Apache Ranger up to 0.5.1 privilege escalation
13042| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13043| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13044| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13045| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13046| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13047| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13048| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13049| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13050| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13051| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13052| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13053| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13054| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13055| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13056| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13057| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13058| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13059| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13060| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13061| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13062| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13063| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13064| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13065| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13066| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13067| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13068| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13069| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13070| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13071| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13072| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13073| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13074| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13075| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13076| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13077| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13078| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13079| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13080| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13081| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13082| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13083| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13084| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13085| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13086| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13087| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13088| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13089| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13090| [78989] Apache Ambari up to 2.1.1 Open Redirect
13091| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13092| [78987] Apache Ambari up to 2.0.x cross site scripting
13093| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13094| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13095| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13096| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13097| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13098| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13099| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13100| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13101| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13102| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13103| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13104| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13105| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13106| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13107| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13108| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13109| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13110| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13111| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13112| [76567] Apache Struts 2.3.20 unknown vulnerability
13113| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13114| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13115| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13116| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13117| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13118| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13119| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13120| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13121| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13122| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13123| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13124| [74793] Apache Tomcat File Upload denial of service
13125| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13126| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13127| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13128| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13129| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13130| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13131| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13132| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13133| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13134| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13135| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13136| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13137| [74468] Apache Batik up to 1.6 denial of service
13138| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13139| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13140| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13141| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13142| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13143| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13144| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13145| [73731] Apache XML Security unknown vulnerability
13146| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13147| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13148| [73593] Apache Traffic Server up to 5.1.0 denial of service
13149| [73511] Apache POI up to 3.10 Deadlock denial of service
13150| [73510] Apache Solr up to 4.3.0 cross site scripting
13151| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13152| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13153| [73173] Apache CloudStack Stack-Based unknown vulnerability
13154| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13155| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13156| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13157| [72890] Apache Qpid 0.30 unknown vulnerability
13158| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13159| [72878] Apache Cordova 3.5.0 cross site request forgery
13160| [72877] Apache Cordova 3.5.0 cross site request forgery
13161| [72876] Apache Cordova 3.5.0 cross site request forgery
13162| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13163| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13164| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13165| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13166| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13167| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13168| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13169| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13170| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13171| [71629] Apache Axis2/C spoofing
13172| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13173| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13174| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13175| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13176| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13177| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13178| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13179| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13180| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13181| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13182| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13183| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13184| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13185| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13186| [70809] Apache POI up to 3.11 Crash denial of service
13187| [70808] Apache POI up to 3.10 unknown vulnerability
13188| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13189| [70749] Apache Axis up to 1.4 getCN spoofing
13190| [70701] Apache Traffic Server up to 3.3.5 denial of service
13191| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13192| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13193| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13194| [70661] Apache Subversion up to 1.6.17 denial of service
13195| [70660] Apache Subversion up to 1.6.17 spoofing
13196| [70659] Apache Subversion up to 1.6.17 spoofing
13197| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13198| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13199| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13200| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13201| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13202| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13203| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13204| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13205| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13206| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13207| [69846] Apache HBase up to 0.94.8 information disclosure
13208| [69783] Apache CouchDB up to 1.2.0 memory corruption
13209| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13210| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13211| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13212| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13213| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13214| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13215| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13216| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13217| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13218| [69431] Apache Archiva up to 1.3.6 cross site scripting
13219| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13220| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13221| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13222| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13223| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13224| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13225| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13226| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13227| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13228| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13229| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13230| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13231| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13232| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13233| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13234| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13235| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13236| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13237| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13238| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13239| [66356] Apache Wicket up to 6.8.0 information disclosure
13240| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13241| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13242| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13243| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13244| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13245| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13246| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13247| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13248| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13249| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13250| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13251| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13252| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13253| [65668] Apache Solr 4.0.0 Updater denial of service
13254| [65665] Apache Solr up to 4.3.0 denial of service
13255| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13256| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13257| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13258| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13259| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13260| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13261| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13262| [65410] Apache Struts 2.3.15.3 cross site scripting
13263| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13264| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13265| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13266| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13267| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13268| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13269| [65340] Apache Shindig 2.5.0 information disclosure
13270| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13271| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13272| [10826] Apache Struts 2 File privilege escalation
13273| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13274| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13275| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13276| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13277| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13278| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13279| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13280| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13281| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13282| [64722] Apache XML Security for C++ Heap-based memory corruption
13283| [64719] Apache XML Security for C++ Heap-based memory corruption
13284| [64718] Apache XML Security for C++ verify denial of service
13285| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13286| [64716] Apache XML Security for C++ spoofing
13287| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13288| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13289| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13290| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13291| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13292| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13293| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13294| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13295| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13296| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13297| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13298| [64467] Apache Geronimo 3.0 memory corruption
13299| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13300| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13301| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13302| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13303| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13304| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13305| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13306| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13307| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13308| [8873] Apache Struts 2.3.14 privilege escalation
13309| [8872] Apache Struts 2.3.14 privilege escalation
13310| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13311| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13312| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13313| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13314| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13315| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13316| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13317| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13318| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13319| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13320| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13321| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13322| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13323| [8427] Apache Tomcat Session Transaction weak authentication
13324| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13325| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13326| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13327| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13328| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13329| [63747] Apache Rave up to 0.20 User Account information disclosure
13330| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13331| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13332| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13333| [7687] Apache CXF up to 2.7.2 Token weak authentication
13334| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13335| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13336| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13337| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13338| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13339| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13340| [63090] Apache Tomcat up to 4.1.24 denial of service
13341| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13342| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13343| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13344| [62833] Apache CXF -/2.6.0 spoofing
13345| [62832] Apache Axis2 up to 1.6.2 spoofing
13346| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13347| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13348| [62826] Apache Libcloud up to 0.11.0 spoofing
13349| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13350| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13351| [62661] Apache Axis2 unknown vulnerability
13352| [62658] Apache Axis2 unknown vulnerability
13353| [62467] Apache Qpid up to 0.17 denial of service
13354| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13355| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13356| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13357| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13358| [62035] Apache Struts up to 2.3.4 denial of service
13359| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13360| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13361| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13362| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13363| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13364| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13365| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13366| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13367| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13368| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13369| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13370| [61229] Apache Sling up to 2.1.1 denial of service
13371| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13372| [61094] Apache Roller up to 5.0 cross site scripting
13373| [61093] Apache Roller up to 5.0 cross site request forgery
13374| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13375| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13376| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13377| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13378| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13379| [60708] Apache Qpid 0.12 unknown vulnerability
13380| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13381| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13382| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13383| [4882] Apache Wicket up to 1.5.4 directory traversal
13384| [4881] Apache Wicket up to 1.4.19 cross site scripting
13385| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13386| [60352] Apache Struts up to 2.2.3 memory corruption
13387| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13388| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13389| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13390| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13391| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13392| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13393| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13394| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13395| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13396| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13397| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13398| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13399| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13400| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13401| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13402| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13403| [59888] Apache Tomcat up to 6.0.6 denial of service
13404| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13405| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13406| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13407| [59850] Apache Geronimo up to 2.2.1 denial of service
13408| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13409| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13410| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13411| [58413] Apache Tomcat up to 6.0.10 spoofing
13412| [58381] Apache Wicket up to 1.4.17 cross site scripting
13413| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13414| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13415| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13416| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13417| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13418| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13419| [57568] Apache Archiva up to 1.3.4 cross site scripting
13420| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13421| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13422| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13423| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13424| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13425| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13426| [57025] Apache Tomcat up to 7.0.11 information disclosure
13427| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13428| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13429| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13430| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13431| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13432| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13433| [56512] Apache Continuum up to 1.4.0 cross site scripting
13434| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13435| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13436| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13437| [56441] Apache Tomcat up to 7.0.6 denial of service
13438| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13439| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13440| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13441| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13442| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13443| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13444| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13445| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13446| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13447| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13448| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13449| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13450| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13451| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13452| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13453| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13454| [54012] Apache Tomcat up to 6.0.10 denial of service
13455| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13456| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13457| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13458| [52894] Apache Tomcat up to 6.0.7 information disclosure
13459| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13460| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13461| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13462| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13463| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13464| [52584] Apache CouchDB up to 0.10.1 information disclosure
13465| [51757] Apache HTTP Server 2.0.44 cross site scripting
13466| [51756] Apache HTTP Server 2.0.44 spoofing
13467| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13468| [51690] Apache Tomcat up to 6.0 directory traversal
13469| [51689] Apache Tomcat up to 6.0 information disclosure
13470| [51688] Apache Tomcat up to 6.0 directory traversal
13471| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13472| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13473| [50626] Apache Solr 1.0.0 cross site scripting
13474| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13475| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13476| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13477| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13478| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13479| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13480| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13481| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13482| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13483| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13484| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13485| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13486| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13487| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13488| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13489| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13490| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13491| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13492| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13493| [47214] Apachefriends xampp 1.6.8 spoofing
13494| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
13495| [47162] Apachefriends XAMPP 1.4.4 weak authentication
13496| [47065] Apache Tomcat 4.1.23 cross site scripting
13497| [46834] Apache Tomcat up to 5.5.20 cross site scripting
13498| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
13499| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
13500| [86625] Apache Struts directory traversal
13501| [44461] Apache Tomcat up to 5.5.0 information disclosure
13502| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
13503| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
13504| [43663] Apache Tomcat up to 6.0.16 directory traversal
13505| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
13506| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
13507| [43516] Apache Tomcat up to 4.1.20 directory traversal
13508| [43509] Apache Tomcat up to 6.0.13 cross site scripting
13509| [42637] Apache Tomcat up to 6.0.16 cross site scripting
13510| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
13511| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
13512| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
13513| [40924] Apache Tomcat up to 6.0.15 information disclosure
13514| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
13515| [40922] Apache Tomcat up to 6.0 information disclosure
13516| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
13517| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
13518| [40656] Apache Tomcat 5.5.20 information disclosure
13519| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
13520| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
13521| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
13522| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
13523| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
13524| [40234] Apache Tomcat up to 6.0.15 directory traversal
13525| [40221] Apache HTTP Server 2.2.6 information disclosure
13526| [40027] David Castro Apache Authcas 0.4 sql injection
13527| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
13528| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
13529| [3414] Apache Tomcat WebDAV Stored privilege escalation
13530| [39489] Apache Jakarta Slide up to 2.1 directory traversal
13531| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
13532| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
13533| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
13534| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
13535| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
13536| [38524] Apache Geronimo 2.0 unknown vulnerability
13537| [3256] Apache Tomcat up to 6.0.13 cross site scripting
13538| [38331] Apache Tomcat 4.1.24 information disclosure
13539| [38330] Apache Tomcat 4.1.24 information disclosure
13540| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
13541| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
13542| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
13543| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
13544| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
13545| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
13546| [37292] Apache Tomcat up to 5.5.1 cross site scripting
13547| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
13548| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
13549| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
13550| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
13551| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
13552| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
13553| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
13554| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
13555| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
13556| [36225] XAMPP Apache Distribution 1.6.0a sql injection
13557| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
13558| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
13559| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
13560| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
13561| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
13562| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
13563| [34252] Apache HTTP Server denial of service
13564| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
13565| [33877] Apache Opentaps 0.9.3 cross site scripting
13566| [33876] Apache Open For Business Project unknown vulnerability
13567| [33875] Apache Open For Business Project cross site scripting
13568| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
13569| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
13570|
13571| MITRE CVE - https://cve.mitre.org:
13572| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
13573| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
13574| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
13575| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
13576| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
13577| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
13578| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
13579| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
13580| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
13581| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
13582| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
13583| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
13584| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
13585| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
13586| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
13587| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
13588| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
13589| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
13590| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
13591| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
13592| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
13593| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
13594| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
13595| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
13596| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
13597| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
13598| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
13599| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
13600| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
13601| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
13602| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13603| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
13604| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
13605| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
13606| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
13607| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
13608| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
13609| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
13610| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
13611| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
13612| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
13613| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13614| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13615| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13616| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
13617| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
13618| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
13619| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
13620| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
13621| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
13622| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
13623| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
13624| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
13625| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
13626| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
13627| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
13628| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
13629| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
13630| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
13631| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
13632| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
13633| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
13634| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
13635| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
13636| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13637| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
13638| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
13639| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
13640| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
13641| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
13642| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
13643| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
13644| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
13645| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
13646| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
13647| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
13648| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
13649| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
13650| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
13651| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
13652| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
13653| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
13654| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
13655| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
13656| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
13657| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
13658| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
13659| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
13660| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
13661| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
13662| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
13663| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
13664| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
13665| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
13666| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
13667| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
13668| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
13669| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
13670| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
13671| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
13672| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
13673| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
13674| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
13675| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
13676| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
13677| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
13678| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
13679| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
13680| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
13681| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
13682| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
13683| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
13684| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
13685| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
13686| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
13687| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
13688| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
13689| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
13690| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
13691| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
13692| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
13693| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
13694| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
13695| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
13696| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13697| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
13698| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
13699| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
13700| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
13701| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
13702| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
13703| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
13704| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
13705| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
13706| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
13707| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
13708| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
13709| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
13710| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
13711| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
13712| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
13713| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
13714| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
13715| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
13716| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
13717| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
13718| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
13719| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
13720| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
13721| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
13722| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
13723| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
13724| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
13725| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
13726| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
13727| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
13728| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
13729| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
13730| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
13731| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
13732| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
13733| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
13734| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
13735| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13736| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
13737| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
13738| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
13739| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
13740| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
13741| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
13742| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
13743| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
13744| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
13745| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
13746| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
13747| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
13748| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
13749| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
13750| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
13751| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13752| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
13753| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
13754| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
13755| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
13756| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
13757| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
13758| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
13759| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
13760| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
13761| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
13762| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
13763| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
13764| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
13765| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
13766| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
13767| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
13768| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
13769| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
13770| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
13771| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
13772| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
13773| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
13774| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
13775| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
13776| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
13777| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
13778| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
13779| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
13780| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
13781| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
13782| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
13783| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
13784| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
13785| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
13786| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
13787| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
13788| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
13789| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
13790| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
13791| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13792| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13793| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
13794| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
13795| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
13796| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
13797| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
13798| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
13799| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
13800| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
13801| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
13802| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
13803| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
13804| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
13805| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
13806| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
13807| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
13808| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
13809| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
13810| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
13811| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
13812| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
13813| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
13814| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
13815| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
13816| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
13817| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
13818| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
13819| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
13820| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
13821| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
13822| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
13823| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
13824| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
13825| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
13826| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
13827| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
13828| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
13829| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
13830| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
13831| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
13832| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
13833| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
13834| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
13835| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
13836| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
13837| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
13838| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
13839| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
13840| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
13841| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
13842| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
13843| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
13844| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
13845| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
13846| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
13847| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
13848| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
13849| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
13850| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
13851| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
13852| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
13853| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
13854| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
13855| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
13856| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
13857| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
13858| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
13859| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
13860| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
13861| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
13862| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
13863| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
13864| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
13865| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13866| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
13867| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
13868| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
13869| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
13870| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
13871| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
13872| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
13873| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
13874| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
13875| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
13876| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
13877| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13878| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13879| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
13880| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
13881| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
13882| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
13883| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
13884| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
13885| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
13886| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
13887| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
13888| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
13889| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
13890| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
13891| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
13892| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
13893| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
13894| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
13895| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
13896| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
13897| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
13898| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
13899| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
13900| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
13901| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
13902| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
13903| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
13904| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
13905| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
13906| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
13907| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
13908| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
13909| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
13910| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
13911| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
13912| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
13913| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
13914| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
13915| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
13916| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
13917| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
13918| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
13919| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13920| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
13921| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
13922| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
13923| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
13924| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13925| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
13926| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
13927| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
13928| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
13929| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
13930| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
13931| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
13932| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
13933| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
13934| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
13935| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
13936| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
13937| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
13938| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13939| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13940| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
13941| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
13942| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
13943| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
13944| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
13945| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
13946| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
13947| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13948| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
13949| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
13950| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
13951| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
13952| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
13953| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13954| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
13955| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13956| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
13957| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
13958| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13959| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
13960| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
13961| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
13962| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
13963| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
13964| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
13965| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
13966| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
13967| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
13968| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
13969| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
13970| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
13971| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
13972| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
13973| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
13974| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
13975| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
13976| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
13977| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
13978| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
13979| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
13980| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
13981| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
13982| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
13983| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
13984| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
13985| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
13986| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
13987| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
13988| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
13989| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13990| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
13991| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
13992| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
13993| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
13994| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
13995| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
13996| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
13997| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
13998| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
13999| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14000| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14001| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14002| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14003| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14004| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14005| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14006| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14007| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14008| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14009| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14010| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14011| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14012| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14013| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14014| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14015| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14016| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14017| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14018| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14019| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14020| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14021| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14022| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14023| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14024| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14025| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14026| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14027| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14028| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14029| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14030| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14031| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14032| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14033| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14034| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14035| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14036| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14037| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14038| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14039| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14040| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14041| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14042| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14043| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14044| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14045| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14046| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14047| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14048| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14049| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14050| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14051| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14052| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14053| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14054| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14055| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14056| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14057| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14058| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14059| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14060| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14061| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14062| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14063| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14064| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14065| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14066| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14067| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14068| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14069| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14070| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14071| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14072| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14073| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14074| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14075| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14076| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14077| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14078| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14079| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14080| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14081| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14082| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14083| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14084| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14085| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14086| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14087| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14088| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14089| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14090| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14091| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14092| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14093| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14094| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14095| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14096| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14097| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14098| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14099| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14100| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14101| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14102| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14103| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14104| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14105| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14106| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14107| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14108| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14109| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14110| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14111| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14112| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14113| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14114| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14115| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14116| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14117| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14118| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14119| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14120| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14121| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14122| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14123| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14124| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14125| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14126| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14127| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14128| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14129| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14130| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14131| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14132| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14133| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14134| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14135| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14136| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14137| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14138| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14139| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14140| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14141| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14142| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14143| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14144| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14145| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14146| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14147| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14148| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14149| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14150| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14151| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14152| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14153| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14154| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14155| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14156| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14157| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14158| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14159| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14160| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14161| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14162| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14163| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14164| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14165| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14166| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14167| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14168| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14169| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14170| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14171| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14172| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14173| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14174| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14175| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14176| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14177| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14178| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14179| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14180| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14181|
14182| SecurityFocus - https://www.securityfocus.com/bid/:
14183| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14184| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14185| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14186| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14187| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14188| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14189| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14190| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14191| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14192| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14193| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14194| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14195| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14196| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14197| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14198| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14199| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14200| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14201| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14202| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14203| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14204| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14205| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14206| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14207| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14208| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14209| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14210| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14211| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14212| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14213| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14214| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14215| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14216| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14217| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14218| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14219| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14220| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14221| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14222| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14223| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14224| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14225| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14226| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14227| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14228| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14229| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14230| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14231| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14232| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14233| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14234| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14235| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14236| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14237| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14238| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14239| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14240| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14241| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14242| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14243| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14244| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14245| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14246| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14247| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14248| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14249| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14250| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14251| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14252| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14253| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14254| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14255| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14256| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14257| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14258| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14259| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14260| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14261| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14262| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14263| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14264| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14265| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14266| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14267| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14268| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14269| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14270| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14271| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14272| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14273| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14274| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14275| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14276| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14277| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14278| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14279| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14280| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14281| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14282| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14283| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14284| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14285| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14286| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14287| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14288| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14289| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14290| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14291| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14292| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14293| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14294| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14295| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14296| [100447] Apache2Triad Multiple Security Vulnerabilities
14297| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14298| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14299| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14300| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14301| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14302| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14303| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14304| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14305| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14306| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14307| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14308| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14309| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14310| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14311| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14312| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14313| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14314| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14315| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14316| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14317| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14318| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14319| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14320| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14321| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14322| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14323| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14324| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14325| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14326| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14327| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14328| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14329| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14330| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14331| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14332| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14333| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14334| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14335| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14336| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14337| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14338| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14339| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14340| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14341| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14342| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14343| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14344| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14345| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14346| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14347| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14348| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14349| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14350| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14351| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14352| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14353| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14354| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14355| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14356| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14357| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14358| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14359| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14360| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14361| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14362| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14363| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14364| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14365| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14366| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14367| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14368| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14369| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14370| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14371| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14372| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14373| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14374| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14375| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14376| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14377| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14378| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14379| [95675] Apache Struts Remote Code Execution Vulnerability
14380| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14381| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14382| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14383| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14384| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14385| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14386| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14387| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14388| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14389| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14390| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14391| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14392| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14393| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14394| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14395| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14396| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14397| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14398| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14399| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14400| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14401| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14402| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14403| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14404| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14405| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14406| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14407| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14408| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14409| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14410| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14411| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14412| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14413| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14414| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14415| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14416| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14417| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14418| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14419| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14420| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14421| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14422| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14423| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14424| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14425| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14426| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14427| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14428| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14429| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14430| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14431| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14432| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14433| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14434| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14435| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14436| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14437| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14438| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14439| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14440| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14441| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14442| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14443| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14444| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14445| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14446| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14447| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14448| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14449| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14450| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14451| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14452| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14453| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14454| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14455| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14456| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14457| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14458| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14459| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14460| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14461| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14462| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14463| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14464| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14465| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14466| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14467| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14468| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14469| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14470| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14471| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14472| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14473| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14474| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14475| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14476| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14477| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14478| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14479| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14480| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14481| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14482| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14483| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14484| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14485| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14486| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14487| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14488| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14489| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14490| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14491| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14492| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14493| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14494| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
14495| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
14496| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
14497| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
14498| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
14499| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
14500| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
14501| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
14502| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
14503| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
14504| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
14505| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
14506| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
14507| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
14508| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
14509| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
14510| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
14511| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
14512| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
14513| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
14514| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
14515| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
14516| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
14517| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
14518| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
14519| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
14520| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
14521| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
14522| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
14523| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
14524| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
14525| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
14526| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
14527| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
14528| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
14529| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
14530| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
14531| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
14532| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
14533| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
14534| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
14535| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
14536| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
14537| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
14538| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
14539| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
14540| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
14541| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
14542| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
14543| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
14544| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
14545| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
14546| [76933] Apache James Server Unspecified Command Execution Vulnerability
14547| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
14548| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
14549| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
14550| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
14551| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
14552| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
14553| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
14554| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
14555| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
14556| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
14557| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
14558| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
14559| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
14560| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
14561| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
14562| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
14563| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
14564| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
14565| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
14566| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
14567| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
14568| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
14569| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
14570| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
14571| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
14572| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
14573| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
14574| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
14575| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
14576| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
14577| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
14578| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
14579| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
14580| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
14581| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
14582| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
14583| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
14584| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
14585| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
14586| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
14587| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
14588| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
14589| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
14590| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
14591| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
14592| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
14593| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
14594| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
14595| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
14596| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
14597| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
14598| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
14599| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
14600| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
14601| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
14602| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
14603| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
14604| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
14605| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
14606| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
14607| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
14608| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
14609| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
14610| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
14611| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
14612| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
14613| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
14614| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
14615| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
14616| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
14617| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
14618| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
14619| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
14620| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
14621| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
14622| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
14623| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
14624| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
14625| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
14626| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
14627| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
14628| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
14629| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
14630| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
14631| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
14632| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
14633| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
14634| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
14635| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
14636| [68229] Apache Harmony PRNG Entropy Weakness
14637| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
14638| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
14639| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
14640| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
14641| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
14642| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
14643| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
14644| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
14645| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
14646| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
14647| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
14648| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
14649| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
14650| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
14651| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
14652| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
14653| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
14654| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
14655| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
14656| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
14657| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
14658| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
14659| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
14660| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
14661| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
14662| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
14663| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
14664| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
14665| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
14666| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
14667| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
14668| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
14669| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
14670| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
14671| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
14672| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
14673| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
14674| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
14675| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
14676| [64780] Apache CloudStack Unauthorized Access Vulnerability
14677| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
14678| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
14679| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
14680| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
14681| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
14682| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
14683| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
14684| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
14685| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
14686| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
14687| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
14688| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14689| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
14690| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
14691| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
14692| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
14693| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
14694| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
14695| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
14696| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
14697| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
14698| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
14699| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
14700| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
14701| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
14702| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
14703| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
14704| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
14705| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
14706| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
14707| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
14708| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
14709| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
14710| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
14711| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
14712| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
14713| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
14714| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
14715| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
14716| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
14717| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
14718| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
14719| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
14720| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
14721| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
14722| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
14723| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
14724| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
14725| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
14726| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
14727| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
14728| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
14729| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
14730| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
14731| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
14732| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
14733| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
14734| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
14735| [59670] Apache VCL Multiple Input Validation Vulnerabilities
14736| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
14737| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
14738| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
14739| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
14740| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
14741| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
14742| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
14743| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
14744| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
14745| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
14746| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
14747| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
14748| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
14749| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
14750| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
14751| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
14752| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
14753| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
14754| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
14755| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
14756| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
14757| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
14758| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
14759| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
14760| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
14761| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
14762| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
14763| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
14764| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
14765| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
14766| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
14767| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
14768| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
14769| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
14770| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
14771| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
14772| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
14773| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
14774| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
14775| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
14776| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
14777| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
14778| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
14779| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
14780| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
14781| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
14782| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
14783| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
14784| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
14785| [54798] Apache Libcloud Man In The Middle Vulnerability
14786| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
14787| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
14788| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
14789| [54189] Apache Roller Cross Site Request Forgery Vulnerability
14790| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
14791| [53880] Apache CXF Child Policies Security Bypass Vulnerability
14792| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
14793| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
14794| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
14795| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
14796| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
14797| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
14798| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
14799| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
14800| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
14801| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
14802| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
14803| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
14804| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
14805| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
14806| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
14807| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
14808| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
14809| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
14810| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
14811| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
14812| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14813| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
14814| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
14815| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
14816| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
14817| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
14818| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
14819| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
14820| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
14821| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
14822| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
14823| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
14824| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
14825| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
14826| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
14827| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
14828| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
14829| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
14830| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
14831| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
14832| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
14833| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
14834| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
14835| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
14836| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
14837| [49290] Apache Wicket Cross Site Scripting Vulnerability
14838| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
14839| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
14840| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
14841| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
14842| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
14843| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
14844| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
14845| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14846| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
14847| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
14848| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
14849| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
14850| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
14851| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
14852| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
14853| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
14854| [46953] Apache MPM-ITK Module Security Weakness
14855| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
14856| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
14857| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
14858| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
14859| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
14860| [46166] Apache Tomcat JVM Denial of Service Vulnerability
14861| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
14862| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
14863| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
14864| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
14865| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
14866| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
14867| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
14868| [44616] Apache Shiro Directory Traversal Vulnerability
14869| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
14870| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
14871| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
14872| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
14873| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
14874| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
14875| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
14876| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
14877| [42492] Apache CXF XML DTD Processing Security Vulnerability
14878| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
14879| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
14880| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
14881| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
14882| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
14883| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
14884| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
14885| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
14886| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
14887| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
14888| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
14889| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
14890| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
14891| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
14892| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
14893| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
14894| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
14895| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
14896| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
14897| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
14898| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
14899| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
14900| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
14901| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
14902| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
14903| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
14904| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
14905| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
14906| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
14907| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
14908| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
14909| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
14910| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
14911| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
14912| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
14913| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14914| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
14915| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
14916| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
14917| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
14918| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
14919| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
14920| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
14921| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
14922| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
14923| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
14924| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
14925| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
14926| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
14927| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
14928| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
14929| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
14930| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
14931| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
14932| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
14933| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
14934| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
14935| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
14936| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
14937| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
14938| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
14939| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
14940| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
14941| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
14942| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
14943| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
14944| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
14945| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
14946| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
14947| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
14948| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
14949| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
14950| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
14951| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
14952| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
14953| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
14954| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
14955| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
14956| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
14957| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
14958| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
14959| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
14960| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
14961| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
14962| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
14963| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
14964| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
14965| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
14966| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
14967| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
14968| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
14969| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
14970| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
14971| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
14972| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
14973| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
14974| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
14975| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
14976| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
14977| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
14978| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
14979| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
14980| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
14981| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
14982| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
14983| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
14984| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
14985| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
14986| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
14987| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
14988| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
14989| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
14990| [20527] Apache Mod_TCL Remote Format String Vulnerability
14991| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
14992| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
14993| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
14994| [19106] Apache Tomcat Information Disclosure Vulnerability
14995| [18138] Apache James SMTP Denial Of Service Vulnerability
14996| [17342] Apache Struts Multiple Remote Vulnerabilities
14997| [17095] Apache Log4Net Denial Of Service Vulnerability
14998| [16916] Apache mod_python FileSession Code Execution Vulnerability
14999| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15000| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15001| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15002| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15003| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15004| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15005| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15006| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15007| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15008| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15009| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15010| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15011| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15012| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15013| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15014| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15015| [14106] Apache HTTP Request Smuggling Vulnerability
15016| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15017| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15018| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15019| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15020| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15021| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15022| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15023| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15024| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15025| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15026| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15027| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15028| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15029| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15030| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15031| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15032| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15033| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15034| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15035| [11094] Apache mod_ssl Denial Of Service Vulnerability
15036| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15037| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15038| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15039| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15040| [10478] ClueCentral Apache Suexec Patch Security Weakness
15041| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15042| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15043| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15044| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15045| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15046| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15047| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15048| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15049| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15050| [9733] Apache Cygwin Directory Traversal Vulnerability
15051| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15052| [9590] Apache-SSL Client Certificate Forging Vulnerability
15053| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15054| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15055| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15056| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15057| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15058| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15059| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15060| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15061| [8898] Red Hat Apache Directory Index Default Configuration Error
15062| [8883] Apache Cocoon Directory Traversal Vulnerability
15063| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15064| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15065| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15066| [8707] Apache htpasswd Password Entropy Weakness
15067| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15068| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15069| [8226] Apache HTTP Server Multiple Vulnerabilities
15070| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15071| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15072| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15073| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15074| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15075| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15076| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15077| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15078| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15079| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15080| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15081| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15082| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15083| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15084| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15085| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15086| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15087| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15088| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15089| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15090| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15091| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15092| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15093| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15094| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15095| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15096| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15097| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15098| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15099| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15100| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15101| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15102| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15103| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15104| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15105| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15106| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15107| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15108| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15109| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15110| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15111| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15112| [5485] Apache 2.0 Path Disclosure Vulnerability
15113| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15114| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15115| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15116| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15117| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15118| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15119| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15120| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15121| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15122| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15123| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15124| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15125| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15126| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15127| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15128| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15129| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15130| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15131| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15132| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15133| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15134| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15135| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15136| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15137| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15138| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15139| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15140| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15141| [3596] Apache Split-Logfile File Append Vulnerability
15142| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15143| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15144| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15145| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15146| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15147| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15148| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15149| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15150| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15151| [3169] Apache Server Address Disclosure Vulnerability
15152| [3009] Apache Possible Directory Index Disclosure Vulnerability
15153| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15154| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15155| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15156| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15157| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15158| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15159| [2216] Apache Web Server DoS Vulnerability
15160| [2182] Apache /tmp File Race Vulnerability
15161| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15162| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15163| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15164| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15165| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15166| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15167| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15168| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15169| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15170| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15171| [1457] Apache::ASP source.asp Example Script Vulnerability
15172| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15173| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15174|
15175| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15176| [86258] Apache CloudStack text fields cross-site scripting
15177| [85983] Apache Subversion mod_dav_svn module denial of service
15178| [85875] Apache OFBiz UEL code execution
15179| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15180| [85871] Apache HTTP Server mod_session_dbd unspecified
15181| [85756] Apache Struts OGNL expression command execution
15182| [85755] Apache Struts DefaultActionMapper class open redirect
15183| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15184| [85574] Apache HTTP Server mod_dav denial of service
15185| [85573] Apache Struts Showcase App OGNL code execution
15186| [85496] Apache CXF denial of service
15187| [85423] Apache Geronimo RMI classloader code execution
15188| [85326] Apache Santuario XML Security for C++ buffer overflow
15189| [85323] Apache Santuario XML Security for Java spoofing
15190| [85319] Apache Qpid Python client SSL spoofing
15191| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15192| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15193| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15194| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15195| [84952] Apache Tomcat CVE-2012-3544 denial of service
15196| [84763] Apache Struts CVE-2013-2135 security bypass
15197| [84762] Apache Struts CVE-2013-2134 security bypass
15198| [84719] Apache Subversion CVE-2013-2088 command execution
15199| [84718] Apache Subversion CVE-2013-2112 denial of service
15200| [84717] Apache Subversion CVE-2013-1968 denial of service
15201| [84577] Apache Tomcat security bypass
15202| [84576] Apache Tomcat symlink
15203| [84543] Apache Struts CVE-2013-2115 security bypass
15204| [84542] Apache Struts CVE-2013-1966 security bypass
15205| [84154] Apache Tomcat session hijacking
15206| [84144] Apache Tomcat denial of service
15207| [84143] Apache Tomcat information disclosure
15208| [84111] Apache HTTP Server command execution
15209| [84043] Apache Virtual Computing Lab cross-site scripting
15210| [84042] Apache Virtual Computing Lab cross-site scripting
15211| [83782] Apache CloudStack information disclosure
15212| [83781] Apache CloudStack security bypass
15213| [83720] Apache ActiveMQ cross-site scripting
15214| [83719] Apache ActiveMQ denial of service
15215| [83718] Apache ActiveMQ denial of service
15216| [83263] Apache Subversion denial of service
15217| [83262] Apache Subversion denial of service
15218| [83261] Apache Subversion denial of service
15219| [83259] Apache Subversion denial of service
15220| [83035] Apache mod_ruid2 security bypass
15221| [82852] Apache Qpid federation_tag security bypass
15222| [82851] Apache Qpid qpid::framing::Buffer denial of service
15223| [82758] Apache Rave User RPC API information disclosure
15224| [82663] Apache Subversion svn_fs_file_length() denial of service
15225| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15226| [82641] Apache Qpid AMQP denial of service
15227| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15228| [82618] Apache Commons FileUpload symlink
15229| [82360] Apache HTTP Server manager interface cross-site scripting
15230| [82359] Apache HTTP Server hostnames cross-site scripting
15231| [82338] Apache Tomcat log/logdir information disclosure
15232| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15233| [82268] Apache OpenJPA deserialization command execution
15234| [81981] Apache CXF UsernameTokens security bypass
15235| [81980] Apache CXF WS-Security security bypass
15236| [81398] Apache OFBiz cross-site scripting
15237| [81240] Apache CouchDB directory traversal
15238| [81226] Apache CouchDB JSONP code execution
15239| [81225] Apache CouchDB Futon user interface cross-site scripting
15240| [81211] Apache Axis2/C SSL spoofing
15241| [81167] Apache CloudStack DeployVM information disclosure
15242| [81166] Apache CloudStack AddHost API information disclosure
15243| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15244| [80518] Apache Tomcat cross-site request forgery security bypass
15245| [80517] Apache Tomcat FormAuthenticator security bypass
15246| [80516] Apache Tomcat NIO denial of service
15247| [80408] Apache Tomcat replay-countermeasure security bypass
15248| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15249| [80317] Apache Tomcat slowloris denial of service
15250| [79984] Apache Commons HttpClient SSL spoofing
15251| [79983] Apache CXF SSL spoofing
15252| [79830] Apache Axis2/Java SSL spoofing
15253| [79829] Apache Axis SSL spoofing
15254| [79809] Apache Tomcat DIGEST security bypass
15255| [79806] Apache Tomcat parseHeaders() denial of service
15256| [79540] Apache OFBiz unspecified
15257| [79487] Apache Axis2 SAML security bypass
15258| [79212] Apache Cloudstack code execution
15259| [78734] Apache CXF SOAP Action security bypass
15260| [78730] Apache Qpid broker denial of service
15261| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15262| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15263| [78562] Apache mod_pagespeed module security bypass
15264| [78454] Apache Axis2 security bypass
15265| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15266| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15267| [78321] Apache Wicket unspecified cross-site scripting
15268| [78183] Apache Struts parameters denial of service
15269| [78182] Apache Struts cross-site request forgery
15270| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15271| [77987] mod_rpaf module for Apache denial of service
15272| [77958] Apache Struts skill name code execution
15273| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15274| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15275| [77568] Apache Qpid broker security bypass
15276| [77421] Apache Libcloud spoofing
15277| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15278| [77046] Oracle Solaris Apache HTTP Server information disclosure
15279| [76837] Apache Hadoop information disclosure
15280| [76802] Apache Sling CopyFrom denial of service
15281| [76692] Apache Hadoop symlink
15282| [76535] Apache Roller console cross-site request forgery
15283| [76534] Apache Roller weblog cross-site scripting
15284| [76152] Apache CXF elements security bypass
15285| [76151] Apache CXF child policies security bypass
15286| [75983] MapServer for Windows Apache file include
15287| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15288| [75558] Apache POI denial of service
15289| [75545] PHP apache_request_headers() buffer overflow
15290| [75302] Apache Qpid SASL security bypass
15291| [75211] Debian GNU/Linux apache 2 cross-site scripting
15292| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15293| [74871] Apache OFBiz FlexibleStringExpander code execution
15294| [74870] Apache OFBiz multiple cross-site scripting
15295| [74750] Apache Hadoop unspecified spoofing
15296| [74319] Apache Struts XSLTResult.java file upload
15297| [74313] Apache Traffic Server header buffer overflow
15298| [74276] Apache Wicket directory traversal
15299| [74273] Apache Wicket unspecified cross-site scripting
15300| [74181] Apache HTTP Server mod_fcgid module denial of service
15301| [73690] Apache Struts OGNL code execution
15302| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15303| [73100] Apache MyFaces in directory traversal
15304| [73096] Apache APR hash denial of service
15305| [73052] Apache Struts name cross-site scripting
15306| [73030] Apache CXF UsernameToken security bypass
15307| [72888] Apache Struts lastName cross-site scripting
15308| [72758] Apache HTTP Server httpOnly information disclosure
15309| [72757] Apache HTTP Server MPM denial of service
15310| [72585] Apache Struts ParameterInterceptor security bypass
15311| [72438] Apache Tomcat Digest security bypass
15312| [72437] Apache Tomcat Digest security bypass
15313| [72436] Apache Tomcat DIGEST security bypass
15314| [72425] Apache Tomcat parameter denial of service
15315| [72422] Apache Tomcat request object information disclosure
15316| [72377] Apache HTTP Server scoreboard security bypass
15317| [72345] Apache HTTP Server HTTP request denial of service
15318| [72229] Apache Struts ExceptionDelegator command execution
15319| [72089] Apache Struts ParameterInterceptor directory traversal
15320| [72088] Apache Struts CookieInterceptor command execution
15321| [72047] Apache Geronimo hash denial of service
15322| [72016] Apache Tomcat hash denial of service
15323| [71711] Apache Struts OGNL expression code execution
15324| [71654] Apache Struts interfaces security bypass
15325| [71620] Apache ActiveMQ failover denial of service
15326| [71617] Apache HTTP Server mod_proxy module information disclosure
15327| [71508] Apache MyFaces EL security bypass
15328| [71445] Apache HTTP Server mod_proxy security bypass
15329| [71203] Apache Tomcat servlets privilege escalation
15330| [71181] Apache HTTP Server ap_pregsub() denial of service
15331| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15332| [70336] Apache HTTP Server mod_proxy information disclosure
15333| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15334| [69472] Apache Tomcat AJP security bypass
15335| [69396] Apache HTTP Server ByteRange filter denial of service
15336| [69394] Apache Wicket multi window support cross-site scripting
15337| [69176] Apache Tomcat XML information disclosure
15338| [69161] Apache Tomcat jsvc information disclosure
15339| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15340| [68541] Apache Tomcat sendfile information disclosure
15341| [68420] Apache XML Security denial of service
15342| [68238] Apache Tomcat JMX information disclosure
15343| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15344| [67804] Apache Subversion control rules information disclosure
15345| [67803] Apache Subversion control rules denial of service
15346| [67802] Apache Subversion baselined denial of service
15347| [67672] Apache Archiva multiple cross-site scripting
15348| [67671] Apache Archiva multiple cross-site request forgery
15349| [67564] Apache APR apr_fnmatch() denial of service
15350| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15351| [67515] Apache Tomcat annotations security bypass
15352| [67480] Apache Struts s:submit information disclosure
15353| [67414] Apache APR apr_fnmatch() denial of service
15354| [67356] Apache Struts javatemplates cross-site scripting
15355| [67354] Apache Struts Xwork cross-site scripting
15356| [66676] Apache Tomcat HTTP BIO information disclosure
15357| [66675] Apache Tomcat web.xml security bypass
15358| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15359| [66241] Apache HttpComponents information disclosure
15360| [66154] Apache Tomcat ServletSecurity security bypass
15361| [65971] Apache Tomcat ServletSecurity security bypass
15362| [65876] Apache Subversion mod_dav_svn denial of service
15363| [65343] Apache Continuum unspecified cross-site scripting
15364| [65162] Apache Tomcat NIO connector denial of service
15365| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15366| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15367| [65159] Apache Tomcat ServletContect security bypass
15368| [65050] Apache CouchDB web-based administration UI cross-site scripting
15369| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15370| [64473] Apache Subversion blame -g denial of service
15371| [64472] Apache Subversion walk() denial of service
15372| [64407] Apache Axis2 CVE-2010-0219 code execution
15373| [63926] Apache Archiva password privilege escalation
15374| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15375| [63493] Apache Archiva credentials cross-site request forgery
15376| [63477] Apache Tomcat HttpOnly session hijacking
15377| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15378| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15379| [62959] Apache Shiro filters security bypass
15380| [62790] Apache Perl cgi module denial of service
15381| [62576] Apache Qpid exchange denial of service
15382| [62575] Apache Qpid AMQP denial of service
15383| [62354] Apache Qpid SSL denial of service
15384| [62235] Apache APR-util apr_brigade_split_line() denial of service
15385| [62181] Apache XML-RPC SAX Parser information disclosure
15386| [61721] Apache Traffic Server cache poisoning
15387| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15388| [61186] Apache CouchDB Futon cross-site request forgery
15389| [61169] Apache CXF DTD denial of service
15390| [61070] Apache Jackrabbit search.jsp SQL injection
15391| [61006] Apache SLMS Quoting cross-site request forgery
15392| [60962] Apache Tomcat time cross-site scripting
15393| [60883] Apache mod_proxy_http information disclosure
15394| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15395| [60264] Apache Tomcat Transfer-Encoding denial of service
15396| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15397| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15398| [59413] Apache mod_proxy_http timeout information disclosure
15399| [59058] Apache MyFaces unencrypted view state cross-site scripting
15400| [58827] Apache Axis2 xsd file include
15401| [58790] Apache Axis2 modules cross-site scripting
15402| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15403| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15404| [58056] Apache ActiveMQ .jsp source code disclosure
15405| [58055] Apache Tomcat realm name information disclosure
15406| [58046] Apache HTTP Server mod_auth_shadow security bypass
15407| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15408| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15409| [57429] Apache CouchDB algorithms information disclosure
15410| [57398] Apache ActiveMQ Web console cross-site request forgery
15411| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15412| [56653] Apache HTTP Server DNS spoofing
15413| [56652] Apache HTTP Server DNS cross-site scripting
15414| [56625] Apache HTTP Server request header information disclosure
15415| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15416| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15417| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15418| [55857] Apache Tomcat WAR files directory traversal
15419| [55856] Apache Tomcat autoDeploy attribute security bypass
15420| [55855] Apache Tomcat WAR directory traversal
15421| [55210] Intuit component for Joomla! Apache information disclosure
15422| [54533] Apache Tomcat 404 error page cross-site scripting
15423| [54182] Apache Tomcat admin default password
15424| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15425| [53666] Apache HTTP Server Solaris pollset support denial of service
15426| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15427| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15428| [53041] mod_proxy_ftp module for Apache denial of service
15429| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15430| [51953] Apache Tomcat Path Disclosure
15431| [51952] Apache Tomcat Path Traversal
15432| [51951] Apache stronghold-status Information Disclosure
15433| [51950] Apache stronghold-info Information Disclosure
15434| [51949] Apache PHP Source Code Disclosure
15435| [51948] Apache Multiviews Attack
15436| [51946] Apache JServ Environment Status Information Disclosure
15437| [51945] Apache error_log Information Disclosure
15438| [51944] Apache Default Installation Page Pattern Found
15439| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15440| [51942] Apache AXIS XML External Entity File Retrieval
15441| [51941] Apache AXIS Sample Servlet Information Leak
15442| [51940] Apache access_log Information Disclosure
15443| [51626] Apache mod_deflate denial of service
15444| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15445| [51365] Apache Tomcat RequestDispatcher security bypass
15446| [51273] Apache HTTP Server Incomplete Request denial of service
15447| [51195] Apache Tomcat XML information disclosure
15448| [50994] Apache APR-util xml/apr_xml.c denial of service
15449| [50993] Apache APR-util apr_brigade_vprintf denial of service
15450| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15451| [50930] Apache Tomcat j_security_check information disclosure
15452| [50928] Apache Tomcat AJP denial of service
15453| [50884] Apache HTTP Server XML ENTITY denial of service
15454| [50808] Apache HTTP Server AllowOverride privilege escalation
15455| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15456| [50059] Apache mod_proxy_ajp information disclosure
15457| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15458| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15459| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15460| [49921] Apache ActiveMQ Web interface cross-site scripting
15461| [49898] Apache Geronimo Services/Repository directory traversal
15462| [49725] Apache Tomcat mod_jk module information disclosure
15463| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15464| [49712] Apache Struts unspecified cross-site scripting
15465| [49213] Apache Tomcat cal2.jsp cross-site scripting
15466| [48934] Apache Tomcat POST doRead method information disclosure
15467| [48211] Apache Tomcat header HTTP request smuggling
15468| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15469| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15470| [47709] Apache Roller "
15471| [47104] Novell Netware ApacheAdmin console security bypass
15472| [47086] Apache HTTP Server OS fingerprinting unspecified
15473| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15474| [45791] Apache Tomcat RemoteFilterValve security bypass
15475| [44435] Oracle WebLogic Apache Connector buffer overflow
15476| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15477| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15478| [44156] Apache Tomcat RequestDispatcher directory traversal
15479| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15480| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15481| [42987] Apache HTTP Server mod_proxy module denial of service
15482| [42915] Apache Tomcat JSP files path disclosure
15483| [42914] Apache Tomcat MS-DOS path disclosure
15484| [42892] Apache Tomcat unspecified unauthorized access
15485| [42816] Apache Tomcat Host Manager cross-site scripting
15486| [42303] Apache 403 error cross-site scripting
15487| [41618] Apache-SSL ExpandCert() authentication bypass
15488| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15489| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15490| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15491| [40562] Apache Geronimo init information disclosure
15492| [40478] Novell Web Manager webadmin-apache.conf security bypass
15493| [40411] Apache Tomcat exception handling information disclosure
15494| [40409] Apache Tomcat native (APR based) connector weak security
15495| [40403] Apache Tomcat quotes and %5C cookie information disclosure
15496| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
15497| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
15498| [39867] Apache HTTP Server mod_negotiation cross-site scripting
15499| [39804] Apache Tomcat SingleSignOn information disclosure
15500| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
15501| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
15502| [39608] Apache HTTP Server balancer manager cross-site request forgery
15503| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
15504| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
15505| [39472] Apache HTTP Server mod_status cross-site scripting
15506| [39201] Apache Tomcat JULI logging weak security
15507| [39158] Apache HTTP Server Windows SMB shares information disclosure
15508| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
15509| [38951] Apache::AuthCAS Perl module cookie SQL injection
15510| [38800] Apache HTTP Server 413 error page cross-site scripting
15511| [38211] Apache Geronimo SQLLoginModule authentication bypass
15512| [37243] Apache Tomcat WebDAV directory traversal
15513| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
15514| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
15515| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
15516| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
15517| [36782] Apache Geronimo MEJB unauthorized access
15518| [36586] Apache HTTP Server UTF-7 cross-site scripting
15519| [36468] Apache Geronimo LoginModule security bypass
15520| [36467] Apache Tomcat functions.jsp cross-site scripting
15521| [36402] Apache Tomcat calendar cross-site request forgery
15522| [36354] Apache HTTP Server mod_proxy module denial of service
15523| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
15524| [36336] Apache Derby lock table privilege escalation
15525| [36335] Apache Derby schema privilege escalation
15526| [36006] Apache Tomcat "
15527| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
15528| [35999] Apache Tomcat \"
15529| [35795] Apache Tomcat CookieExample cross-site scripting
15530| [35536] Apache Tomcat SendMailServlet example cross-site scripting
15531| [35384] Apache HTTP Server mod_cache module denial of service
15532| [35097] Apache HTTP Server mod_status module cross-site scripting
15533| [35095] Apache HTTP Server Prefork MPM module denial of service
15534| [34984] Apache HTTP Server recall_headers information disclosure
15535| [34966] Apache HTTP Server MPM content spoofing
15536| [34965] Apache HTTP Server MPM information disclosure
15537| [34963] Apache HTTP Server MPM multiple denial of service
15538| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
15539| [34869] Apache Tomcat JSP example Web application cross-site scripting
15540| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
15541| [34496] Apache Tomcat JK Connector security bypass
15542| [34377] Apache Tomcat hello.jsp cross-site scripting
15543| [34212] Apache Tomcat SSL configuration security bypass
15544| [34210] Apache Tomcat Accept-Language cross-site scripting
15545| [34209] Apache Tomcat calendar application cross-site scripting
15546| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
15547| [34167] Apache Axis WSDL file path disclosure
15548| [34068] Apache Tomcat AJP connector information disclosure
15549| [33584] Apache HTTP Server suEXEC privilege escalation
15550| [32988] Apache Tomcat proxy module directory traversal
15551| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
15552| [32708] Debian Apache tty privilege escalation
15553| [32441] ApacheStats extract() PHP call unspecified
15554| [32128] Apache Tomcat default account
15555| [31680] Apache Tomcat RequestParamExample cross-site scripting
15556| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
15557| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
15558| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
15559| [30456] Apache mod_auth_kerb off-by-one buffer overflow
15560| [29550] Apache mod_tcl set_var() format string
15561| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
15562| [28357] Apache HTTP Server mod_alias script source information disclosure
15563| [28063] Apache mod_rewrite off-by-one buffer overflow
15564| [27902] Apache Tomcat URL information disclosure
15565| [26786] Apache James SMTP server denial of service
15566| [25680] libapache2 /tmp/svn file upload
15567| [25614] Apache Struts lookupMap cross-site scripting
15568| [25613] Apache Struts ActionForm denial of service
15569| [25612] Apache Struts isCancelled() security bypass
15570| [24965] Apache mod_python FileSession command execution
15571| [24716] Apache James spooler memory leak denial of service
15572| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
15573| [24158] Apache Geronimo jsp-examples cross-site scripting
15574| [24030] Apache auth_ldap module multiple format strings
15575| [24008] Apache mod_ssl custom error message denial of service
15576| [24003] Apache mod_auth_pgsql module multiple syslog format strings
15577| [23612] Apache mod_imap referer field cross-site scripting
15578| [23173] Apache Struts error message cross-site scripting
15579| [22942] Apache Tomcat directory listing denial of service
15580| [22858] Apache Multi-Processing Module code allows denial of service
15581| [22602] RHSA-2005:582 updates for Apache httpd not installed
15582| [22520] Apache mod-auth-shadow "
15583| [22466] ApacheTop symlink
15584| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
15585| [22006] Apache HTTP Server byte-range filter denial of service
15586| [21567] Apache mod_ssl off-by-one buffer overflow
15587| [21195] Apache HTTP Server header HTTP request smuggling
15588| [20383] Apache HTTP Server htdigest buffer overflow
15589| [19681] Apache Tomcat AJP12 request denial of service
15590| [18993] Apache HTTP server check_forensic symlink attack
15591| [18790] Apache Tomcat Manager cross-site scripting
15592| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
15593| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
15594| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
15595| [17961] Apache Web server ServerTokens has not been set
15596| [17930] Apache HTTP Server HTTP GET request denial of service
15597| [17785] Apache mod_include module buffer overflow
15598| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
15599| [17473] Apache HTTP Server Satisfy directive allows access to resources
15600| [17413] Apache htpasswd buffer overflow
15601| [17384] Apache HTTP Server environment variable configuration file buffer overflow
15602| [17382] Apache HTTP Server IPv6 apr_util denial of service
15603| [17366] Apache HTTP Server mod_dav module LOCK denial of service
15604| [17273] Apache HTTP Server speculative mode denial of service
15605| [17200] Apache HTTP Server mod_ssl denial of service
15606| [16890] Apache HTTP Server server-info request has been detected
15607| [16889] Apache HTTP Server server-status request has been detected
15608| [16705] Apache mod_ssl format string attack
15609| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
15610| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
15611| [16230] Apache HTTP Server PHP denial of service
15612| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
15613| [15958] Apache HTTP Server authentication modules memory corruption
15614| [15547] Apache HTTP Server mod_disk_cache local information disclosure
15615| [15540] Apache HTTP Server socket starvation denial of service
15616| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
15617| [15422] Apache HTTP Server mod_access information disclosure
15618| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
15619| [15293] Apache for Cygwin "
15620| [15065] Apache-SSL has a default password
15621| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
15622| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
15623| [14751] Apache Mod_python output filter information disclosure
15624| [14125] Apache HTTP Server mod_userdir module information disclosure
15625| [14075] Apache HTTP Server mod_php file descriptor leak
15626| [13703] Apache HTTP Server account
15627| [13689] Apache HTTP Server configuration allows symlinks
15628| [13688] Apache HTTP Server configuration allows SSI
15629| [13687] Apache HTTP Server Server: header value
15630| [13685] Apache HTTP Server ServerTokens value
15631| [13684] Apache HTTP Server ServerSignature value
15632| [13672] Apache HTTP Server config allows directory autoindexing
15633| [13671] Apache HTTP Server default content
15634| [13670] Apache HTTP Server config file directive references outside content root
15635| [13668] Apache HTTP Server httpd not running in chroot environment
15636| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
15637| [13664] Apache HTTP Server config file contains ScriptAlias entry
15638| [13663] Apache HTTP Server CGI support modules loaded
15639| [13661] Apache HTTP Server config file contains AddHandler entry
15640| [13660] Apache HTTP Server 500 error page not CGI script
15641| [13659] Apache HTTP Server 413 error page not CGI script
15642| [13658] Apache HTTP Server 403 error page not CGI script
15643| [13657] Apache HTTP Server 401 error page not CGI script
15644| [13552] Apache HTTP Server mod_cgid module information disclosure
15645| [13550] Apache GET request directory traversal
15646| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
15647| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
15648| [13429] Apache Tomcat non-HTTP request denial of service
15649| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
15650| [13295] Apache weak password encryption
15651| [13254] Apache Tomcat .jsp cross-site scripting
15652| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
15653| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
15654| [12681] Apache HTTP Server mod_proxy could allow mail relaying
15655| [12662] Apache HTTP Server rotatelogs denial of service
15656| [12554] Apache Tomcat stores password in plain text
15657| [12553] Apache HTTP Server redirects and subrequests denial of service
15658| [12552] Apache HTTP Server FTP proxy server denial of service
15659| [12551] Apache HTTP Server prefork MPM denial of service
15660| [12550] Apache HTTP Server weaker than expected encryption
15661| [12549] Apache HTTP Server type-map file denial of service
15662| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
15663| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
15664| [12091] Apache HTTP Server apr_password_validate denial of service
15665| [12090] Apache HTTP Server apr_psprintf code execution
15666| [11804] Apache HTTP Server mod_access_referer denial of service
15667| [11750] Apache HTTP Server could leak sensitive file descriptors
15668| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
15669| [11703] Apache long slash path allows directory listing
15670| [11695] Apache HTTP Server LF (Line Feed) denial of service
15671| [11694] Apache HTTP Server filestat.c denial of service
15672| [11438] Apache HTTP Server MIME message boundaries information disclosure
15673| [11412] Apache HTTP Server error log terminal escape sequence injection
15674| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
15675| [11195] Apache Tomcat web.xml could be used to read files
15676| [11194] Apache Tomcat URL appended with a null character could list directories
15677| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
15678| [11126] Apache HTTP Server illegal character file disclosure
15679| [11125] Apache HTTP Server DOS device name HTTP POST code execution
15680| [11124] Apache HTTP Server DOS device name denial of service
15681| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
15682| [10938] Apache HTTP Server printenv test CGI cross-site scripting
15683| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
15684| [10575] Apache mod_php module could allow an attacker to take over the httpd process
15685| [10499] Apache HTTP Server WebDAV HTTP POST view source
15686| [10457] Apache HTTP Server mod_ssl "
15687| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
15688| [10414] Apache HTTP Server htdigest multiple buffer overflows
15689| [10413] Apache HTTP Server htdigest temporary file race condition
15690| [10412] Apache HTTP Server htpasswd temporary file race condition
15691| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
15692| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
15693| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
15694| [10280] Apache HTTP Server shared memory scorecard overwrite
15695| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
15696| [10241] Apache HTTP Server Host: header cross-site scripting
15697| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
15698| [10208] Apache HTTP Server mod_dav denial of service
15699| [10206] HP VVOS Apache mod_ssl denial of service
15700| [10200] Apache HTTP Server stderr denial of service
15701| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
15702| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
15703| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
15704| [10098] Slapper worm targets OpenSSL/Apache systems
15705| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
15706| [9875] Apache HTTP Server .var file request could disclose installation path
15707| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
15708| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
15709| [9623] Apache HTTP Server ap_log_rerror() path disclosure
15710| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
15711| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
15712| [9396] Apache Tomcat null character to threads denial of service
15713| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
15714| [9249] Apache HTTP Server chunked encoding heap buffer overflow
15715| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
15716| [8932] Apache Tomcat example class information disclosure
15717| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
15718| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
15719| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
15720| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
15721| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
15722| [8400] Apache HTTP Server mod_frontpage buffer overflows
15723| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
15724| [8308] Apache "
15725| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
15726| [8119] Apache and PHP OPTIONS request reveals "
15727| [8054] Apache is running on the system
15728| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
15729| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
15730| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
15731| [7836] Apache HTTP Server log directory denial of service
15732| [7815] Apache for Windows "
15733| [7810] Apache HTTP request could result in unexpected behavior
15734| [7599] Apache Tomcat reveals installation path
15735| [7494] Apache "
15736| [7419] Apache Web Server could allow remote attackers to overwrite .log files
15737| [7363] Apache Web Server hidden HTTP requests
15738| [7249] Apache mod_proxy denial of service
15739| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
15740| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
15741| [7059] Apache "
15742| [7057] Apache "
15743| [7056] Apache "
15744| [7055] Apache "
15745| [7054] Apache "
15746| [6997] Apache Jakarta Tomcat error message may reveal information
15747| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
15748| [6970] Apache crafted HTTP request could reveal the internal IP address
15749| [6921] Apache long slash path allows directory listing
15750| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
15751| [6527] Apache Web Server for Windows and OS2 denial of service
15752| [6316] Apache Jakarta Tomcat may reveal JSP source code
15753| [6305] Apache Jakarta Tomcat directory traversal
15754| [5926] Linux Apache symbolic link
15755| [5659] Apache Web server discloses files when used with php script
15756| [5310] Apache mod_rewrite allows attacker to view arbitrary files
15757| [5204] Apache WebDAV directory listings
15758| [5197] Apache Web server reveals CGI script source code
15759| [5160] Apache Jakarta Tomcat default installation
15760| [5099] Trustix Secure Linux installs Apache with world writable access
15761| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
15762| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
15763| [4931] Apache source.asp example file allows users to write to files
15764| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
15765| [4205] Apache Jakarta Tomcat delivers file contents
15766| [2084] Apache on Debian by default serves the /usr/doc directory
15767| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
15768| [697] Apache HTTP server beck exploit
15769| [331] Apache cookies buffer overflow
15770|
15771| Exploit-DB - https://www.exploit-db.com:
15772| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
15773| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15774| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15775| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
15776| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
15777| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
15778| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
15779| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
15780| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
15781| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15782| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
15783| [29859] Apache Roller OGNL Injection
15784| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
15785| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
15786| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
15787| [29290] Apache / PHP 5.x Remote Code Execution Exploit
15788| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
15789| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
15790| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
15791| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
15792| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
15793| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
15794| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
15795| [27096] Apache Geronimo 1.0 Error Page XSS
15796| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
15797| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
15798| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
15799| [25986] Plesk Apache Zeroday Remote Exploit
15800| [25980] Apache Struts includeParams Remote Code Execution
15801| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
15802| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
15803| [24874] Apache Struts ParametersInterceptor Remote Code Execution
15804| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
15805| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
15806| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
15807| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
15808| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
15809| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
15810| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
15811| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
15812| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
15813| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
15814| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
15815| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
15816| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
15817| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
15818| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
15819| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
15820| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15821| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
15822| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
15823| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15824| [21719] Apache 2.0 Path Disclosure Vulnerability
15825| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15826| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
15827| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
15828| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
15829| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
15830| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
15831| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
15832| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
15833| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
15834| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
15835| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
15836| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
15837| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
15838| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
15839| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
15840| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
15841| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
15842| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
15843| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
15844| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
15845| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
15846| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
15847| [20558] Apache 1.2 Web Server DoS Vulnerability
15848| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
15849| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
15850| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
15851| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
15852| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
15853| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
15854| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
15855| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
15856| [19231] PHP apache_request_headers Function Buffer Overflow
15857| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
15858| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
15859| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
15860| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
15861| [18442] Apache httpOnly Cookie Disclosure
15862| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
15863| [18221] Apache HTTP Server Denial of Service
15864| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
15865| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
15866| [17691] Apache Struts < 2.2.0 - Remote Command Execution
15867| [16798] Apache mod_jk 1.2.20 Buffer Overflow
15868| [16782] Apache Win32 Chunked Encoding
15869| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
15870| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
15871| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
15872| [15319] Apache 2.2 (Windows) Local Denial of Service
15873| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
15874| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15875| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
15876| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
15877| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
15878| [12330] Apache OFBiz - Multiple XSS
15879| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
15880| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
15881| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
15882| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
15883| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
15884| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
15885| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
15886| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15887| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15888| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
15889| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
15890| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
15891| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
15892| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
15893| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
15894| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
15895| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
15896| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
15897| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
15898| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
15899| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
15900| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
15901| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
15902| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
15903| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
15904| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
15905| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
15906| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
15907| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
15908| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
15909| [466] htpasswd Apache 1.3.31 - Local Exploit
15910| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
15911| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
15912| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
15913| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
15914| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
15915| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
15916| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
15917| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
15918| [9] Apache HTTP Server 2.x Memory Leak Exploit
15919|
15920| OpenVAS (Nessus) - http://www.openvas.org:
15921| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
15922| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
15923| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15924| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
15925| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
15926| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15927| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15928| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
15929| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
15930| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
15931| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
15932| [900571] Apache APR-Utils Version Detection
15933| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
15934| [900496] Apache Tiles Multiple XSS Vulnerability
15935| [900493] Apache Tiles Version Detection
15936| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
15937| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
15938| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
15939| [870175] RedHat Update for apache RHSA-2008:0004-01
15940| [864591] Fedora Update for apache-poi FEDORA-2012-10835
15941| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
15942| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
15943| [864250] Fedora Update for apache-poi FEDORA-2012-7683
15944| [864249] Fedora Update for apache-poi FEDORA-2012-7686
15945| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
15946| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
15947| [855821] Solaris Update for Apache 1.3 122912-19
15948| [855812] Solaris Update for Apache 1.3 122911-19
15949| [855737] Solaris Update for Apache 1.3 122911-17
15950| [855731] Solaris Update for Apache 1.3 122912-17
15951| [855695] Solaris Update for Apache 1.3 122911-16
15952| [855645] Solaris Update for Apache 1.3 122912-16
15953| [855587] Solaris Update for kernel update and Apache 108529-29
15954| [855566] Solaris Update for Apache 116973-07
15955| [855531] Solaris Update for Apache 116974-07
15956| [855524] Solaris Update for Apache 2 120544-14
15957| [855494] Solaris Update for Apache 1.3 122911-15
15958| [855478] Solaris Update for Apache Security 114145-11
15959| [855472] Solaris Update for Apache Security 113146-12
15960| [855179] Solaris Update for Apache 1.3 122912-15
15961| [855147] Solaris Update for kernel update and Apache 108528-29
15962| [855077] Solaris Update for Apache 2 120543-14
15963| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
15964| [850088] SuSE Update for apache2 SUSE-SA:2007:061
15965| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
15966| [841209] Ubuntu Update for apache2 USN-1627-1
15967| [840900] Ubuntu Update for apache2 USN-1368-1
15968| [840798] Ubuntu Update for apache2 USN-1259-1
15969| [840734] Ubuntu Update for apache2 USN-1199-1
15970| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
15971| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
15972| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
15973| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
15974| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
15975| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
15976| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
15977| [835253] HP-UX Update for Apache Web Server HPSBUX02645
15978| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
15979| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
15980| [835236] HP-UX Update for Apache with PHP HPSBUX02543
15981| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
15982| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
15983| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
15984| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
15985| [835188] HP-UX Update for Apache HPSBUX02308
15986| [835181] HP-UX Update for Apache With PHP HPSBUX02332
15987| [835180] HP-UX Update for Apache with PHP HPSBUX02342
15988| [835172] HP-UX Update for Apache HPSBUX02365
15989| [835168] HP-UX Update for Apache HPSBUX02313
15990| [835148] HP-UX Update for Apache HPSBUX01064
15991| [835139] HP-UX Update for Apache with PHP HPSBUX01090
15992| [835131] HP-UX Update for Apache HPSBUX00256
15993| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
15994| [835104] HP-UX Update for Apache HPSBUX00224
15995| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
15996| [835101] HP-UX Update for Apache HPSBUX01232
15997| [835080] HP-UX Update for Apache HPSBUX02273
15998| [835078] HP-UX Update for ApacheStrong HPSBUX00255
15999| [835044] HP-UX Update for Apache HPSBUX01019
16000| [835040] HP-UX Update for Apache PHP HPSBUX00207
16001| [835025] HP-UX Update for Apache HPSBUX00197
16002| [835023] HP-UX Update for Apache HPSBUX01022
16003| [835022] HP-UX Update for Apache HPSBUX02292
16004| [835005] HP-UX Update for Apache HPSBUX02262
16005| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16006| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16007| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16008| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16009| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16010| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16011| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16012| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16013| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16014| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16015| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16016| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16017| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16018| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16019| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16020| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16021| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16022| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16023| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16024| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16025| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16026| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16027| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16028| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16029| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16030| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16031| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16032| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16033| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16034| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16035| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16036| [801942] Apache Archiva Multiple Vulnerabilities
16037| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16038| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16039| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16040| [801284] Apache Derby Information Disclosure Vulnerability
16041| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16042| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16043| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16044| [800680] Apache APR Version Detection
16045| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16046| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16047| [800677] Apache Roller Version Detection
16048| [800279] Apache mod_jk Module Version Detection
16049| [800278] Apache Struts Cross Site Scripting Vulnerability
16050| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16051| [800276] Apache Struts Version Detection
16052| [800271] Apache Struts Directory Traversal Vulnerability
16053| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16054| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16055| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16056| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16057| [103074] Apache Continuum Cross Site Scripting Vulnerability
16058| [103073] Apache Continuum Detection
16059| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16060| [101023] Apache Open For Business Weak Password security check
16061| [101020] Apache Open For Business HTML injection vulnerability
16062| [101019] Apache Open For Business service detection
16063| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16064| [100923] Apache Archiva Detection
16065| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16066| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16067| [100813] Apache Axis2 Detection
16068| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16069| [100795] Apache Derby Detection
16070| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16071| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16072| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16073| [100514] Apache Multiple Security Vulnerabilities
16074| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16075| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16076| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16077| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16078| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16079| [72612] FreeBSD Ports: apache22
16080| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16081| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16082| [71512] FreeBSD Ports: apache
16083| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16084| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16085| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16086| [70737] FreeBSD Ports: apache
16087| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16088| [70600] FreeBSD Ports: apache
16089| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16090| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16091| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16092| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16093| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16094| [67868] FreeBSD Ports: apache
16095| [66816] FreeBSD Ports: apache
16096| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16097| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16098| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16099| [66081] SLES11: Security update for Apache 2
16100| [66074] SLES10: Security update for Apache 2
16101| [66070] SLES9: Security update for Apache 2
16102| [65998] SLES10: Security update for apache2-mod_python
16103| [65893] SLES10: Security update for Apache 2
16104| [65888] SLES10: Security update for Apache 2
16105| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16106| [65510] SLES9: Security update for Apache 2
16107| [65472] SLES9: Security update for Apache
16108| [65467] SLES9: Security update for Apache
16109| [65450] SLES9: Security update for apache2
16110| [65390] SLES9: Security update for Apache2
16111| [65363] SLES9: Security update for Apache2
16112| [65309] SLES9: Security update for Apache and mod_ssl
16113| [65296] SLES9: Security update for webdav apache module
16114| [65283] SLES9: Security update for Apache2
16115| [65249] SLES9: Security update for Apache 2
16116| [65230] SLES9: Security update for Apache 2
16117| [65228] SLES9: Security update for Apache 2
16118| [65212] SLES9: Security update for apache2-mod_python
16119| [65209] SLES9: Security update for apache2-worker
16120| [65207] SLES9: Security update for Apache 2
16121| [65168] SLES9: Security update for apache2-mod_python
16122| [65142] SLES9: Security update for Apache2
16123| [65136] SLES9: Security update for Apache 2
16124| [65132] SLES9: Security update for apache
16125| [65131] SLES9: Security update for Apache 2 oes/CORE
16126| [65113] SLES9: Security update for apache2
16127| [65072] SLES9: Security update for apache and mod_ssl
16128| [65017] SLES9: Security update for Apache 2
16129| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16130| [64783] FreeBSD Ports: apache
16131| [64774] Ubuntu USN-802-2 (apache2)
16132| [64653] Ubuntu USN-813-2 (apache2)
16133| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16134| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16135| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16136| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16137| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16138| [64443] Ubuntu USN-802-1 (apache2)
16139| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16140| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16141| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16142| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16143| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16144| [64201] Ubuntu USN-787-1 (apache2)
16145| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16146| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16147| [63565] FreeBSD Ports: apache
16148| [63562] Ubuntu USN-731-1 (apache2)
16149| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16150| [61185] FreeBSD Ports: apache
16151| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16152| [60387] Slackware Advisory SSA:2008-045-02 apache
16153| [58826] FreeBSD Ports: apache-tomcat
16154| [58825] FreeBSD Ports: apache-tomcat
16155| [58804] FreeBSD Ports: apache
16156| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16157| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16158| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16159| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16160| [57335] Debian Security Advisory DSA 1167-1 (apache)
16161| [57201] Debian Security Advisory DSA 1131-1 (apache)
16162| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16163| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16164| [57145] FreeBSD Ports: apache
16165| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16166| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16167| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16168| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16169| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16170| [56067] FreeBSD Ports: apache
16171| [55803] Slackware Advisory SSA:2005-310-04 apache
16172| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16173| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16174| [55355] FreeBSD Ports: apache
16175| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16176| [55261] Debian Security Advisory DSA 805-1 (apache2)
16177| [55259] Debian Security Advisory DSA 803-1 (apache)
16178| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16179| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16180| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16181| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16182| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16183| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16184| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16185| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16186| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16187| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16188| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16189| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16190| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16191| [54439] FreeBSD Ports: apache
16192| [53931] Slackware Advisory SSA:2004-133-01 apache
16193| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16194| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16195| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16196| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16197| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16198| [53848] Debian Security Advisory DSA 131-1 (apache)
16199| [53784] Debian Security Advisory DSA 021-1 (apache)
16200| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16201| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16202| [53735] Debian Security Advisory DSA 187-1 (apache)
16203| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16204| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16205| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16206| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16207| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16208| [53282] Debian Security Advisory DSA 594-1 (apache)
16209| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16210| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16211| [53215] Debian Security Advisory DSA 525-1 (apache)
16212| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16213| [52529] FreeBSD Ports: apache+ssl
16214| [52501] FreeBSD Ports: apache
16215| [52461] FreeBSD Ports: apache
16216| [52390] FreeBSD Ports: apache
16217| [52389] FreeBSD Ports: apache
16218| [52388] FreeBSD Ports: apache
16219| [52383] FreeBSD Ports: apache
16220| [52339] FreeBSD Ports: apache+mod_ssl
16221| [52331] FreeBSD Ports: apache
16222| [52329] FreeBSD Ports: ru-apache+mod_ssl
16223| [52314] FreeBSD Ports: apache
16224| [52310] FreeBSD Ports: apache
16225| [15588] Detect Apache HTTPS
16226| [15555] Apache mod_proxy content-length buffer overflow
16227| [15554] Apache mod_include priviledge escalation
16228| [14771] Apache <= 1.3.33 htpasswd local overflow
16229| [14177] Apache mod_access rule bypass
16230| [13644] Apache mod_rootme Backdoor
16231| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16232| [12280] Apache Connection Blocking Denial of Service
16233| [12239] Apache Error Log Escape Sequence Injection
16234| [12123] Apache Tomcat source.jsp malformed request information disclosure
16235| [12085] Apache Tomcat servlet/JSP container default files
16236| [11438] Apache Tomcat Directory Listing and File disclosure
16237| [11204] Apache Tomcat Default Accounts
16238| [11092] Apache 2.0.39 Win32 directory traversal
16239| [11046] Apache Tomcat TroubleShooter Servlet Installed
16240| [11042] Apache Tomcat DOS Device Name XSS
16241| [11041] Apache Tomcat /servlet Cross Site Scripting
16242| [10938] Apache Remote Command Execution via .bat files
16243| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16244| [10773] MacOS X Finder reveals contents of Apache Web files
16245| [10766] Apache UserDir Sensitive Information Disclosure
16246| [10756] MacOS X Finder reveals contents of Apache Web directories
16247| [10752] Apache Auth Module SQL Insertion Attack
16248| [10704] Apache Directory Listing
16249| [10678] Apache /server-info accessible
16250| [10677] Apache /server-status accessible
16251| [10440] Check for Apache Multiple / vulnerability
16252|
16253| SecurityTracker - https://www.securitytracker.com:
16254| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16255| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16256| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16257| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16258| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16259| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16260| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16261| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16262| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16263| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16264| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16265| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16266| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16267| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16268| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16269| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16270| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16271| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16272| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16273| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16274| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16275| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16276| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16277| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16278| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16279| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16280| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16281| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16282| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16283| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16284| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16285| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16286| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16287| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16288| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16289| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16290| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16291| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16292| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16293| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16294| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16295| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16296| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16297| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16298| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16299| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16300| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16301| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16302| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16303| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16304| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16305| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16306| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16307| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16308| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16309| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16310| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16311| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16312| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16313| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16314| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16315| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16316| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16317| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16318| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16319| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16320| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16321| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16322| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16323| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16324| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16325| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16326| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16327| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16328| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16329| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16330| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16331| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16332| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16333| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16334| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16335| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16336| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16337| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16338| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16339| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16340| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16341| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16342| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16343| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16344| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16345| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16346| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16347| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16348| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16349| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16350| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16351| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16352| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16353| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16354| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16355| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16356| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16357| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16358| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16359| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16360| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16361| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16362| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16363| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16364| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16365| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16366| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16367| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16368| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16369| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16370| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16371| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16372| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16373| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16374| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16375| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16376| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16377| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16378| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16379| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16380| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16381| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16382| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16383| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16384| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16385| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16386| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16387| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16388| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16389| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16390| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16391| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16392| [1008920] Apache mod_digest May Validate Replayed Client Responses
16393| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16394| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16395| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16396| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16397| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16398| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16399| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16400| [1008029] Apache mod_alias Contains a Buffer Overflow
16401| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16402| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16403| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16404| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16405| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16406| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16407| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16408| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16409| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16410| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16411| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16412| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16413| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16414| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16415| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16416| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16417| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16418| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16419| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16420| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16421| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16422| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16423| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16424| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16425| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16426| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16427| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16428| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16429| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16430| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16431| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16432| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16433| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16434| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16435| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16436| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16437| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16438| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16439| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16440| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16441| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16442| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16443| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16444| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16445| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16446| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16447| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16448| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16449| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16450| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16451| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16452| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16453| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16454| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16455| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16456| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16457|
16458| OSVDB - http://www.osvdb.org:
16459| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16460| [96077] Apache CloudStack Global Settings Multiple Field XSS
16461| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16462| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16463| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16464| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16465| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16466| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16467| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16468| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16469| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16470| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16471| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16472| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16473| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16474| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16475| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16476| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16477| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16478| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16479| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16480| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16481| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16482| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16483| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16484| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16485| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16486| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16487| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16488| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16489| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16490| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16491| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16492| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16493| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16494| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
16495| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
16496| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
16497| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
16498| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
16499| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
16500| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
16501| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
16502| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
16503| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
16504| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
16505| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
16506| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
16507| [94279] Apache Qpid CA Certificate Validation Bypass
16508| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
16509| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
16510| [94042] Apache Axis JAX-WS Java Unspecified Exposure
16511| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
16512| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
16513| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
16514| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
16515| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
16516| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
16517| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
16518| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
16519| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
16520| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
16521| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
16522| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
16523| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
16524| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
16525| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
16526| [93541] Apache Solr json.wrf Callback XSS
16527| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
16528| [93521] Apache jUDDI Security API Token Session Persistence Weakness
16529| [93520] Apache CloudStack Default SSL Key Weakness
16530| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
16531| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
16532| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
16533| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
16534| [93515] Apache HBase table.jsp name Parameter XSS
16535| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
16536| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
16537| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
16538| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
16539| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
16540| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
16541| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
16542| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
16543| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
16544| [93252] Apache Tomcat FORM Authenticator Session Fixation
16545| [93172] Apache Camel camel/endpoints/ Endpoint XSS
16546| [93171] Apache Sling HtmlResponse Error Message XSS
16547| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
16548| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
16549| [93168] Apache Click ErrorReport.java id Parameter XSS
16550| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
16551| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
16552| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
16553| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
16554| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
16555| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
16556| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
16557| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
16558| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
16559| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
16560| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
16561| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
16562| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
16563| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
16564| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
16565| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
16566| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
16567| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
16568| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
16569| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
16570| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
16571| [93144] Apache Solr Admin Command Execution CSRF
16572| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
16573| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
16574| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
16575| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
16576| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
16577| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
16578| [92748] Apache CloudStack VM Console Access Restriction Bypass
16579| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
16580| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
16581| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
16582| [92706] Apache ActiveMQ Debug Log Rendering XSS
16583| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
16584| [92270] Apache Tomcat Unspecified CSRF
16585| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
16586| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
16587| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
16588| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
16589| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
16590| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
16591| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
16592| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
16593| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
16594| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
16595| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
16596| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
16597| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
16598| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
16599| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
16600| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
16601| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
16602| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
16603| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
16604| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
16605| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
16606| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
16607| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
16608| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
16609| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
16610| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
16611| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
16612| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
16613| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
16614| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
16615| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
16616| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
16617| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
16618| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
16619| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
16620| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
16621| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
16622| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
16623| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
16624| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
16625| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
16626| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
16627| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
16628| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
16629| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
16630| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
16631| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
16632| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
16633| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
16634| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
16635| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
16636| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
16637| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
16638| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
16639| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
16640| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
16641| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
16642| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
16643| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
16644| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
16645| [86901] Apache Tomcat Error Message Path Disclosure
16646| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
16647| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
16648| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
16649| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
16650| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
16651| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
16652| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
16653| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
16654| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
16655| [85430] Apache mod_pagespeed Module Unspecified XSS
16656| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
16657| [85249] Apache Wicket Unspecified XSS
16658| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
16659| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
16660| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
16661| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
16662| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
16663| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
16664| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
16665| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
16666| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
16667| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
16668| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
16669| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
16670| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
16671| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
16672| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
16673| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
16674| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
16675| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
16676| [83339] Apache Roller Blogger Roll Unspecified XSS
16677| [83270] Apache Roller Unspecified Admin Action CSRF
16678| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
16679| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
16680| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
16681| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
16682| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
16683| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
16684| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
16685| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
16686| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
16687| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
16688| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
16689| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
16690| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
16691| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
16692| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
16693| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
16694| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
16695| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
16696| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
16697| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
16698| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
16699| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
16700| [80300] Apache Wicket wicket:pageMapName Parameter XSS
16701| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
16702| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
16703| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
16704| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
16705| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
16706| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
16707| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
16708| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
16709| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
16710| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
16711| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
16712| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
16713| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
16714| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
16715| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
16716| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
16717| [78331] Apache Tomcat Request Object Recycling Information Disclosure
16718| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
16719| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
16720| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
16721| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
16722| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
16723| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
16724| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
16725| [77593] Apache Struts Conversion Error OGNL Expression Injection
16726| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
16727| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
16728| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
16729| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
16730| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
16731| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
16732| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
16733| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
16734| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
16735| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
16736| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
16737| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
16738| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
16739| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
16740| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
16741| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
16742| [74725] Apache Wicket Multi Window Support Unspecified XSS
16743| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
16744| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
16745| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
16746| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
16747| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
16748| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
16749| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
16750| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
16751| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
16752| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
16753| [73644] Apache XML Security Signature Key Parsing Overflow DoS
16754| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
16755| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
16756| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
16757| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
16758| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
16759| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
16760| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
16761| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
16762| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
16763| [73154] Apache Archiva Multiple Unspecified CSRF
16764| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
16765| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
16766| [72238] Apache Struts Action / Method Names <
16767| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
16768| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
16769| [71557] Apache Tomcat HTML Manager Multiple XSS
16770| [71075] Apache Archiva User Management Page XSS
16771| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
16772| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
16773| [70924] Apache Continuum Multiple Admin Function CSRF
16774| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
16775| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
16776| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
16777| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
16778| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
16779| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
16780| [69520] Apache Archiva Administrator Credential Manipulation CSRF
16781| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
16782| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
16783| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
16784| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
16785| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
16786| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
16787| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
16788| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
16789| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
16790| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
16791| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
16792| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
16793| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
16794| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
16795| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
16796| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
16797| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
16798| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
16799| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
16800| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
16801| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
16802| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
16803| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
16804| [65054] Apache ActiveMQ Jetty Error Handler XSS
16805| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
16806| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
16807| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
16808| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
16809| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
16810| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
16811| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
16812| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
16813| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
16814| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
16815| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
16816| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
16817| [63895] Apache HTTP Server mod_headers Unspecified Issue
16818| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
16819| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
16820| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
16821| [63140] Apache Thrift Service Malformed Data Remote DoS
16822| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
16823| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
16824| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
16825| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
16826| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
16827| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
16828| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
16829| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
16830| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
16831| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
16832| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
16833| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
16834| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
16835| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
16836| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
16837| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
16838| [60678] Apache Roller Comment Email Notification Manipulation DoS
16839| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
16840| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
16841| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
16842| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
16843| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
16844| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
16845| [60232] PHP on Apache php.exe Direct Request Remote DoS
16846| [60176] Apache Tomcat Windows Installer Admin Default Password
16847| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
16848| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
16849| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
16850| [59944] Apache Hadoop jobhistory.jsp XSS
16851| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
16852| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
16853| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
16854| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
16855| [59019] Apache mod_python Cookie Salting Weakness
16856| [59018] Apache Harmony Error Message Handling Overflow
16857| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
16858| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
16859| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
16860| [59010] Apache Solr get-file.jsp XSS
16861| [59009] Apache Solr action.jsp XSS
16862| [59008] Apache Solr analysis.jsp XSS
16863| [59007] Apache Solr schema.jsp Multiple Parameter XSS
16864| [59006] Apache Beehive select / checkbox Tag XSS
16865| [59005] Apache Beehive jpfScopeID Global Parameter XSS
16866| [59004] Apache Beehive Error Message XSS
16867| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
16868| [59002] Apache Jetspeed default-page.psml URI XSS
16869| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
16870| [59000] Apache CXF Unsigned Message Policy Bypass
16871| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
16872| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
16873| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
16874| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
16875| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
16876| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
16877| [58993] Apache Hadoop browseBlock.jsp XSS
16878| [58991] Apache Hadoop browseDirectory.jsp XSS
16879| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
16880| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
16881| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
16882| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
16883| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
16884| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
16885| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
16886| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
16887| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
16888| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
16889| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
16890| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
16891| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
16892| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
16893| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
16894| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
16895| [58974] Apache Sling /apps Script User Session Management Access Weakness
16896| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
16897| [58931] Apache Geronimo Cookie Parameters Validation Weakness
16898| [58930] Apache Xalan-C++ XPath Handling Remote DoS
16899| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
16900| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
16901| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
16902| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
16903| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
16904| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
16905| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
16906| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
16907| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
16908| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
16909| [58805] Apache Derby Unauthenticated Database / Admin Access
16910| [58804] Apache Wicket Header Contribution Unspecified Issue
16911| [58803] Apache Wicket Session Fixation
16912| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
16913| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
16914| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
16915| [58799] Apache Tapestry Logging Cleartext Password Disclosure
16916| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
16917| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
16918| [58796] Apache Jetspeed Unsalted Password Storage Weakness
16919| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
16920| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
16921| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
16922| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
16923| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
16924| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
16925| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
16926| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
16927| [58775] Apache JSPWiki preview.jsp action Parameter XSS
16928| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16929| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
16930| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
16931| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
16932| [58770] Apache JSPWiki Group.jsp group Parameter XSS
16933| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
16934| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
16935| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
16936| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
16937| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
16938| [58763] Apache JSPWiki Include Tag Multiple Script XSS
16939| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
16940| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
16941| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
16942| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
16943| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
16944| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
16945| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
16946| [58755] Apache Harmony DRLVM Non-public Class Member Access
16947| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
16948| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
16949| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
16950| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
16951| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
16952| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
16953| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
16954| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
16955| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
16956| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
16957| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
16958| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
16959| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
16960| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
16961| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
16962| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
16963| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
16964| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
16965| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
16966| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
16967| [58725] Apache Tapestry Basic String ACL Bypass Weakness
16968| [58724] Apache Roller Logout Functionality Failure Session Persistence
16969| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
16970| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
16971| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
16972| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
16973| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
16974| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
16975| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
16976| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
16977| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
16978| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
16979| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
16980| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
16981| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
16982| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
16983| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
16984| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
16985| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
16986| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
16987| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
16988| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
16989| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
16990| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
16991| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
16992| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
16993| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
16994| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
16995| [58687] Apache Axis Invalid wsdl Request XSS
16996| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
16997| [58685] Apache Velocity Template Designer Privileged Code Execution
16998| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
16999| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17000| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17001| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17002| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17003| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17004| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17005| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17006| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17007| [58667] Apache Roller Database Cleartext Passwords Disclosure
17008| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17009| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17010| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17011| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17012| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17013| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17014| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17015| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17016| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17017| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17018| [56984] Apache Xerces2 Java Malformed XML Input DoS
17019| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17020| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17021| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17022| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17023| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17024| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17025| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17026| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17027| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17028| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17029| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17030| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17031| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17032| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17033| [55056] Apache Tomcat Cross-application TLD File Manipulation
17034| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17035| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17036| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17037| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17038| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17039| [54589] Apache Jserv Nonexistent JSP Request XSS
17040| [54122] Apache Struts s:a / s:url Tag href Element XSS
17041| [54093] Apache ActiveMQ Web Console JMS Message XSS
17042| [53932] Apache Geronimo Multiple Admin Function CSRF
17043| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17044| [53930] Apache Geronimo /console/portal/ URI XSS
17045| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17046| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17047| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17048| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17049| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17050| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17051| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17052| [53380] Apache Struts Unspecified XSS
17053| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17054| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17055| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17056| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17057| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17058| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17059| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17060| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17061| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17062| [51151] Apache Roller Search Function q Parameter XSS
17063| [50482] PHP with Apache php_value Order Unspecified Issue
17064| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17065| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17066| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17067| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17068| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17069| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17070| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17071| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17072| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17073| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17074| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17075| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17076| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17077| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17078| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17079| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17080| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17081| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17082| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17083| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17084| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17085| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17086| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17087| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17088| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17089| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17090| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17091| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17092| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17093| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17094| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17095| [43452] Apache Tomcat HTTP Request Smuggling
17096| [43309] Apache Geronimo LoginModule Login Method Bypass
17097| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17098| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17099| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17100| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17101| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17102| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17103| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17104| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17105| [42091] Apache Maven Site Plugin Installation Permission Weakness
17106| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17107| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17108| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17109| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17110| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17111| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17112| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17113| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17114| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17115| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17116| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17117| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17118| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17119| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17120| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17121| [40262] Apache HTTP Server mod_status refresh XSS
17122| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17123| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17124| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17125| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17126| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17127| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17128| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17129| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17130| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17131| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17132| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17133| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17134| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17135| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17136| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17137| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17138| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17139| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17140| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17141| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17142| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17143| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17144| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17145| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17146| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17147| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17148| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17149| [36079] Apache Tomcat Manager Uploaded Filename XSS
17150| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17151| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17152| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17153| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17154| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17155| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17156| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17157| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17158| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17159| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17160| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17161| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17162| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17163| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17164| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17165| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17166| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17167| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17168| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17169| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17170| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17171| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17172| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17173| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17174| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17175| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17176| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17177| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17178| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17179| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17180| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17181| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17182| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17183| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17184| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17185| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17186| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17187| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17188| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17189| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17190| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17191| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17192| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17193| [24365] Apache Struts Multiple Function Error Message XSS
17194| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17195| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17196| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17197| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17198| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17199| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17200| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17201| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17202| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17203| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17204| [22459] Apache Geronimo Error Page XSS
17205| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17206| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17207| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17208| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17209| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17210| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17211| [21021] Apache Struts Error Message XSS
17212| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17213| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17214| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17215| [20439] Apache Tomcat Directory Listing Saturation DoS
17216| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17217| [20285] Apache HTTP Server Log File Control Character Injection
17218| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17219| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17220| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17221| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17222| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17223| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17224| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17225| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17226| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17227| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17228| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17229| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17230| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17231| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17232| [18233] Apache HTTP Server htdigest user Variable Overfow
17233| [17738] Apache HTTP Server HTTP Request Smuggling
17234| [16586] Apache HTTP Server Win32 GET Overflow DoS
17235| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17236| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17237| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17238| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17239| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17240| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17241| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17242| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17243| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17244| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17245| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17246| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17247| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17248| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17249| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17250| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17251| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17252| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17253| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17254| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17255| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17256| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17257| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17258| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17259| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17260| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17261| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17262| [13304] Apache Tomcat realPath.jsp Path Disclosure
17263| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17264| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17265| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17266| [12848] Apache HTTP Server htdigest realm Variable Overflow
17267| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17268| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17269| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17270| [12557] Apache HTTP Server prefork MPM accept Error DoS
17271| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17272| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17273| [12231] Apache Tomcat web.xml Arbitrary File Access
17274| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17275| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17276| [12178] Apache Jakarta Lucene results.jsp XSS
17277| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17278| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17279| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17280| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17281| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17282| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17283| [10471] Apache Xerces-C++ XML Parser DoS
17284| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17285| [10068] Apache HTTP Server htpasswd Local Overflow
17286| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17287| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17288| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17289| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17290| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17291| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17292| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17293| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17294| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17295| [9714] Apache Authentication Module Threaded MPM DoS
17296| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17297| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17298| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17299| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17300| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17301| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17302| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17303| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17304| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17305| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17306| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17307| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17308| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17309| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17310| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17311| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17312| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17313| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17314| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17315| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17316| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17317| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17318| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17319| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17320| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17321| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17322| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17323| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17324| [9208] Apache Tomcat .jsp Encoded Newline XSS
17325| [9204] Apache Tomcat ROOT Application XSS
17326| [9203] Apache Tomcat examples Application XSS
17327| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17328| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17329| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17330| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17331| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17332| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17333| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17334| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17335| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17336| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17337| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17338| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17339| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17340| [7611] Apache HTTP Server mod_alias Local Overflow
17341| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17342| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17343| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17344| [6882] Apache mod_python Malformed Query String Variant DoS
17345| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17346| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17347| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17348| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17349| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17350| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17351| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17352| [5278] Apache Tomcat web.xml Restriction Bypass
17353| [5051] Apache Tomcat Null Character DoS
17354| [4973] Apache Tomcat servlet Mapping XSS
17355| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17356| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17357| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17358| [4568] mod_survey For Apache ENV Tags SQL Injection
17359| [4553] Apache HTTP Server ApacheBench Overflow DoS
17360| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17361| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17362| [4383] Apache HTTP Server Socket Race Condition DoS
17363| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17364| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17365| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17366| [4231] Apache Cocoon Error Page Server Path Disclosure
17367| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17368| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17369| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17370| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17371| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17372| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17373| [3322] mod_php for Apache HTTP Server Process Hijack
17374| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17375| [2885] Apache mod_python Malformed Query String DoS
17376| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17377| [2733] Apache HTTP Server mod_rewrite Local Overflow
17378| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17379| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17380| [2149] Apache::Gallery Privilege Escalation
17381| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17382| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17383| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17384| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17385| [872] Apache Tomcat Multiple Default Accounts
17386| [862] Apache HTTP Server SSI Error Page XSS
17387| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17388| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17389| [845] Apache Tomcat MSDOS Device XSS
17390| [844] Apache Tomcat Java Servlet Error Page XSS
17391| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17392| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17393| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17394| [775] Apache mod_python Module Importing Privilege Function Execution
17395| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17396| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17397| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17398| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17399| [637] Apache HTTP Server UserDir Directive Username Enumeration
17400| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17401| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17402| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17403| [561] Apache Web Servers mod_status /server-status Information Disclosure
17404| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17405| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17406| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17407| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17408| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17409| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17410| [376] Apache Tomcat contextAdmin Arbitrary File Access
17411| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17412| [222] Apache HTTP Server test-cgi Arbitrary File Access
17413| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17414| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17415|_
17416110/tcp open pop3 Dovecot pop3d
17417| vulscan: VulDB - https://vuldb.com:
17418| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
17419| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
17420| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
17421| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
17422| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
17423| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
17424| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
17425| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
17426| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
17427| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
17428| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
17429| [69835] Dovecot 2.2.0/2.2.1 denial of service
17430| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
17431| [65684] Dovecot up to 2.2.6 unknown vulnerability
17432| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
17433| [63692] Dovecot up to 2.0.15 spoofing
17434| [7062] Dovecot 2.1.10 mail-search.c denial of service
17435| [57517] Dovecot up to 2.0.12 Login directory traversal
17436| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
17437| [57515] Dovecot up to 2.0.12 Crash denial of service
17438| [54944] Dovecot up to 1.2.14 denial of service
17439| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
17440| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
17441| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
17442| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
17443| [53277] Dovecot up to 1.2.10 denial of service
17444| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
17445| [45256] Dovecot up to 1.1.5 directory traversal
17446| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
17447| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17448| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17449| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
17450| [40356] Dovecot 1.0.9 Cache unknown vulnerability
17451| [38222] Dovecot 1.0.2 directory traversal
17452| [36376] Dovecot up to 1.0.x directory traversal
17453| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
17454|
17455| MITRE CVE - https://cve.mitre.org:
17456| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
17457| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
17458| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
17459| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
17460| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
17461| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
17462| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
17463| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17464| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17465| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
17466| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
17467| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
17468| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
17469| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
17470| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
17471| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
17472| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
17473| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
17474| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
17475| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
17476| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
17477| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
17478| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
17479| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
17480| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
17481| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
17482| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
17483| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
17484| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
17485| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
17486| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
17487| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
17488| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
17489| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
17490| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
17491| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
17492| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
17493|
17494| SecurityFocus - https://www.securityfocus.com/bid/:
17495| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
17496| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
17497| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
17498| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
17499| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
17500| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
17501| [67306] Dovecot Denial of Service Vulnerability
17502| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
17503| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
17504| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
17505| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17506| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
17507| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
17508| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
17509| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
17510| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
17511| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
17512| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
17513| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
17514| [39838] tpop3d Remote Denial of Service Vulnerability
17515| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
17516| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
17517| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
17518| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
17519| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
17520| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
17521| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
17522| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
17523| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
17524| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
17525| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
17526| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
17527| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
17528| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
17529| [17961] Dovecot Remote Information Disclosure Vulnerability
17530| [16672] Dovecot Double Free Denial of Service Vulnerability
17531| [8495] akpop3d User Name SQL Injection Vulnerability
17532| [8473] Vpop3d Remote Denial Of Service Vulnerability
17533| [3990] ZPop3D Bad Login Logging Failure Vulnerability
17534| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
17535|
17536| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17537| [86382] Dovecot POP3 Service denial of service
17538| [84396] Dovecot IMAP APPEND denial of service
17539| [80453] Dovecot mail-search.c denial of service
17540| [71354] Dovecot SSL Common Name (CN) weak security
17541| [67675] Dovecot script-login security bypass
17542| [67674] Dovecot script-login directory traversal
17543| [67589] Dovecot header name denial of service
17544| [63267] Apple Mac OS X Dovecot information disclosure
17545| [62340] Dovecot mailbox security bypass
17546| [62339] Dovecot IMAP or POP3 denial of service
17547| [62256] Dovecot mailbox security bypass
17548| [62255] Dovecot ACL entry security bypass
17549| [60639] Dovecot ACL plugin weak security
17550| [57267] Apple Mac OS X Dovecot Kerberos security bypass
17551| [56763] Dovecot header denial of service
17552| [54363] Dovecot base_dir privilege escalation
17553| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
17554| [46323] Dovecot dovecot.conf information disclosure
17555| [46227] Dovecot message parsing denial of service
17556| [45669] Dovecot ACL mailbox security bypass
17557| [45667] Dovecot ACL plugin rights security bypass
17558| [41085] Dovecot TAB characters authentication bypass
17559| [41009] Dovecot mail_extra_groups option unauthorized access
17560| [39342] Dovecot LDAP auth cache configuration security bypass
17561| [35767] Dovecot ACL plugin security bypass
17562| [34082] Dovecot mbox-storage.c directory traversal
17563| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
17564| [26578] Cyrus IMAP pop3d buffer overflow
17565| [26536] Dovecot IMAP LIST information disclosure
17566| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
17567| [24709] Dovecot APPEND command denial of service
17568| [13018] akpop3d authentication code SQL injection
17569| [7345] Slackware Linux imapd and ipop3d core dump
17570| [6269] imap, ipop2d and ipop3d buffer overflows
17571| [5923] Linuxconf vpop3d symbolic link
17572| [4918] IPOP3D, Buffer overflow attack
17573| [1560] IPOP3D, user login successful
17574| [1559] IPOP3D user login to remote host successful
17575| [1525] IPOP3D, user logout
17576| [1524] IPOP3D, user auto-logout
17577| [1523] IPOP3D, user login failure
17578| [1522] IPOP3D, brute force attack
17579| [1521] IPOP3D, user kiss of death logout
17580| [418] pop3d mktemp creates insecure temporary files
17581|
17582| Exploit-DB - https://www.exploit-db.com:
17583| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
17584| [23053] Vpop3d Remote Denial of Service Vulnerability
17585| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
17586| [11893] tPop3d 1.5.3 DoS
17587| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
17588| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
17589| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
17590| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
17591|
17592| OpenVAS (Nessus) - http://www.openvas.org:
17593| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
17594| [901025] Dovecot Version Detection
17595| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
17596| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
17597| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
17598| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
17599| [870607] RedHat Update for dovecot RHSA-2011:0600-01
17600| [870471] RedHat Update for dovecot RHSA-2011:1187-01
17601| [870153] RedHat Update for dovecot RHSA-2008:0297-02
17602| [863272] Fedora Update for dovecot FEDORA-2011-7612
17603| [863115] Fedora Update for dovecot FEDORA-2011-7258
17604| [861525] Fedora Update for dovecot FEDORA-2007-664
17605| [861394] Fedora Update for dovecot FEDORA-2007-493
17606| [861333] Fedora Update for dovecot FEDORA-2007-1485
17607| [860845] Fedora Update for dovecot FEDORA-2008-9202
17608| [860663] Fedora Update for dovecot FEDORA-2008-2475
17609| [860169] Fedora Update for dovecot FEDORA-2008-2464
17610| [860089] Fedora Update for dovecot FEDORA-2008-9232
17611| [840950] Ubuntu Update for dovecot USN-1295-1
17612| [840668] Ubuntu Update for dovecot USN-1143-1
17613| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
17614| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
17615| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
17616| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
17617| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
17618| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
17619| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
17620| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
17621| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
17622| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
17623| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
17624| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
17625| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
17626| [70259] FreeBSD Ports: dovecot
17627| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
17628| [66522] FreeBSD Ports: dovecot
17629| [65010] Ubuntu USN-838-1 (dovecot)
17630| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
17631| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
17632| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
17633| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
17634| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
17635| [62854] FreeBSD Ports: dovecot-managesieve
17636| [61916] FreeBSD Ports: dovecot
17637| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
17638| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
17639| [60528] FreeBSD Ports: dovecot
17640| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
17641| [60089] FreeBSD Ports: dovecot
17642| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
17643| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
17644|
17645| SecurityTracker - https://www.securitytracker.com:
17646| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
17647| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
17648| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
17649|
17650| OSVDB - http://www.osvdb.org:
17651| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
17652| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
17653| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
17654| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
17655| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
17656| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
17657| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
17658| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
17659| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
17660| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
17661| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
17662| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
17663| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
17664| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
17665| [66113] Dovecot Mail Root Directory Creation Permission Weakness
17666| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
17667| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
17668| [66110] Dovecot Multiple Unspecified Buffer Overflows
17669| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
17670| [64783] Dovecot E-mail Message Header Unspecified DoS
17671| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
17672| [62796] Dovecot mbox Format Email Header Handling DoS
17673| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
17674| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
17675| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
17676| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
17677| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
17678| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
17679| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
17680| [43137] Dovecot mail_extra_groups Symlink File Manipulation
17681| [42979] Dovecot passdbs Argument Injection Authentication Bypass
17682| [39876] Dovecot LDAP Auth Cache Security Bypass
17683| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
17684| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
17685| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
17686| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
17687| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
17688| [23281] Dovecot imap/pop3-login dovecot-auth DoS
17689| [23280] Dovecot Malformed APPEND Command DoS
17690| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
17691| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
17692| [5857] Linux pop3d Arbitrary Mail File Access
17693| [2471] akpop3d username SQL Injection
17694|_
17695139/tcp closed netbios-ssn
17696143/tcp open imap Dovecot imapd
17697| vulscan: VulDB - https://vuldb.com:
17698| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
17699| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
17700| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
17701| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
17702| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
17703| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
17704| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
17705| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
17706| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
17707| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
17708| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
17709| [69835] Dovecot 2.2.0/2.2.1 denial of service
17710| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
17711| [65684] Dovecot up to 2.2.6 unknown vulnerability
17712| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
17713| [63692] Dovecot up to 2.0.15 spoofing
17714| [7062] Dovecot 2.1.10 mail-search.c denial of service
17715| [59792] Cyrus IMAPd 2.4.11 weak authentication
17716| [57517] Dovecot up to 2.0.12 Login directory traversal
17717| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
17718| [57515] Dovecot up to 2.0.12 Crash denial of service
17719| [54944] Dovecot up to 1.2.14 denial of service
17720| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
17721| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
17722| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
17723| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
17724| [53277] Dovecot up to 1.2.10 denial of service
17725| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
17726| [45256] Dovecot up to 1.1.5 directory traversal
17727| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
17728| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17729| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
17730| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
17731| [40356] Dovecot 1.0.9 Cache unknown vulnerability
17732| [38222] Dovecot 1.0.2 directory traversal
17733| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
17734| [36376] Dovecot up to 1.0.x directory traversal
17735| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
17736| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
17737|
17738| MITRE CVE - https://cve.mitre.org:
17739| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
17740| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
17741| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
17742| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
17743| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
17744| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
17745| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
17746| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
17747| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
17748| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
17749| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17750| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
17751| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
17752| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
17753| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
17754| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
17755| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
17756| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
17757| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
17758| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
17759| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
17760| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
17761| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
17762| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
17763| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
17764| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
17765| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
17766| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
17767| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
17768| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
17769| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
17770| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
17771| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
17772| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
17773| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
17774| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
17775| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
17776| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
17777| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
17778| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
17779| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
17780| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
17781| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
17782| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
17783| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
17784| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
17785| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
17786| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
17787| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
17788| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
17789| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
17790| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
17791| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
17792| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
17793| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
17794| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
17795| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
17796| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
17797| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
17798|
17799| SecurityFocus - https://www.securityfocus.com/bid/:
17800| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
17801| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
17802| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
17803| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
17804| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
17805| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
17806| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
17807| [67306] Dovecot Denial of Service Vulnerability
17808| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
17809| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
17810| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
17811| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17812| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
17813| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
17814| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
17815| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
17816| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
17817| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
17818| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
17819| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
17820| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
17821| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
17822| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
17823| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
17824| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
17825| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
17826| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
17827| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
17828| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
17829| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
17830| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
17831| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
17832| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
17833| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
17834| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
17835| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
17836| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
17837| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
17838| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
17839| [17961] Dovecot Remote Information Disclosure Vulnerability
17840| [16672] Dovecot Double Free Denial of Service Vulnerability
17841| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
17842| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
17843| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
17844| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
17845| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
17846| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
17847| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
17848| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
17849| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
17850| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
17851| [130] imapd Buffer Overflow Vulnerability
17852|
17853| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17854| [86382] Dovecot POP3 Service denial of service
17855| [84396] Dovecot IMAP APPEND denial of service
17856| [80453] Dovecot mail-search.c denial of service
17857| [71354] Dovecot SSL Common Name (CN) weak security
17858| [70325] Cyrus IMAPd NNTP security bypass
17859| [67675] Dovecot script-login security bypass
17860| [67674] Dovecot script-login directory traversal
17861| [67589] Dovecot header name denial of service
17862| [63267] Apple Mac OS X Dovecot information disclosure
17863| [62340] Dovecot mailbox security bypass
17864| [62339] Dovecot IMAP or POP3 denial of service
17865| [62256] Dovecot mailbox security bypass
17866| [62255] Dovecot ACL entry security bypass
17867| [60639] Dovecot ACL plugin weak security
17868| [57267] Apple Mac OS X Dovecot Kerberos security bypass
17869| [56763] Dovecot header denial of service
17870| [54363] Dovecot base_dir privilege escalation
17871| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
17872| [47526] UW-imapd rfc822_output_char() denial of service
17873| [46323] Dovecot dovecot.conf information disclosure
17874| [46227] Dovecot message parsing denial of service
17875| [45669] Dovecot ACL mailbox security bypass
17876| [45667] Dovecot ACL plugin rights security bypass
17877| [41085] Dovecot TAB characters authentication bypass
17878| [41009] Dovecot mail_extra_groups option unauthorized access
17879| [39342] Dovecot LDAP auth cache configuration security bypass
17880| [35767] Dovecot ACL plugin security bypass
17881| [34082] Dovecot mbox-storage.c directory traversal
17882| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
17883| [26536] Dovecot IMAP LIST information disclosure
17884| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
17885| [24709] Dovecot APPEND command denial of service
17886| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
17887| [19460] Cyrus IMAP imapd buffer overflow
17888| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
17889| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
17890| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
17891| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
17892| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
17893| [7345] Slackware Linux imapd and ipop3d core dump
17894| [573] Imapd denial of service
17895|
17896| Exploit-DB - https://www.exploit-db.com:
17897| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
17898| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
17899| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
17900| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
17901| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
17902| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
17903| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
17904| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
17905| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
17906| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
17907| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
17908| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
17909| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
17910| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
17911| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
17912| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
17913| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
17914| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
17915| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
17916| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
17917| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
17918| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
17919| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
17920| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
17921| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
17922| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
17923| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
17924| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
17925| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
17926| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
17927| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
17928| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
17929| [340] Linux imapd Remote Overflow File Retrieve Exploit
17930|
17931| OpenVAS (Nessus) - http://www.openvas.org:
17932| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
17933| [901025] Dovecot Version Detection
17934| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
17935| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
17936| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
17937| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
17938| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
17939| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
17940| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
17941| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
17942| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
17943| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
17944| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
17945| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
17946| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
17947| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
17948| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
17949| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
17950| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
17951| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
17952| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
17953| [870607] RedHat Update for dovecot RHSA-2011:0600-01
17954| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
17955| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
17956| [870471] RedHat Update for dovecot RHSA-2011:1187-01
17957| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
17958| [870153] RedHat Update for dovecot RHSA-2008:0297-02
17959| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
17960| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
17961| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
17962| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
17963| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
17964| [863272] Fedora Update for dovecot FEDORA-2011-7612
17965| [863115] Fedora Update for dovecot FEDORA-2011-7258
17966| [861525] Fedora Update for dovecot FEDORA-2007-664
17967| [861394] Fedora Update for dovecot FEDORA-2007-493
17968| [861333] Fedora Update for dovecot FEDORA-2007-1485
17969| [860845] Fedora Update for dovecot FEDORA-2008-9202
17970| [860663] Fedora Update for dovecot FEDORA-2008-2475
17971| [860169] Fedora Update for dovecot FEDORA-2008-2464
17972| [860089] Fedora Update for dovecot FEDORA-2008-9232
17973| [840950] Ubuntu Update for dovecot USN-1295-1
17974| [840668] Ubuntu Update for dovecot USN-1143-1
17975| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
17976| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
17977| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
17978| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
17979| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
17980| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
17981| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
17982| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
17983| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
17984| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
17985| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
17986| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
17987| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
17988| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
17989| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
17990| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
17991| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
17992| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
17993| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
17994| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
17995| [70259] FreeBSD Ports: dovecot
17996| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
17997| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
17998| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
17999| [66522] FreeBSD Ports: dovecot
18000| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
18001| [66233] SLES10: Security update for Cyrus IMAPD
18002| [66226] SLES11: Security update for Cyrus IMAPD
18003| [66222] SLES9: Security update for Cyrus IMAPD
18004| [65938] SLES10: Security update for Cyrus IMAPD
18005| [65723] SLES11: Security update for Cyrus IMAPD
18006| [65523] SLES9: Security update for Cyrus IMAPD
18007| [65479] SLES9: Security update for cyrus-imapd
18008| [65094] SLES9: Security update for cyrus-imapd
18009| [65010] Ubuntu USN-838-1 (dovecot)
18010| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
18011| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
18012| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
18013| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
18014| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
18015| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
18016| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
18017| [64898] FreeBSD Ports: cyrus-imapd
18018| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
18019| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
18020| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
18021| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
18022| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
18023| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
18024| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
18025| [62854] FreeBSD Ports: dovecot-managesieve
18026| [61916] FreeBSD Ports: dovecot
18027| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
18028| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
18029| [60528] FreeBSD Ports: dovecot
18030| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
18031| [60089] FreeBSD Ports: dovecot
18032| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
18033| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
18034| [55807] Slackware Advisory SSA:2005-310-06 imapd
18035| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
18036| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
18037| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
18038| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
18039| [52297] FreeBSD Ports: cyrus-imapd
18040| [52296] FreeBSD Ports: cyrus-imapd
18041| [52295] FreeBSD Ports: cyrus-imapd
18042| [52294] FreeBSD Ports: cyrus-imapd
18043| [52172] FreeBSD Ports: cyrus-imapd
18044|
18045| SecurityTracker - https://www.securitytracker.com:
18046| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
18047| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
18048| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
18049| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
18050|
18051| OSVDB - http://www.osvdb.org:
18052| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
18053| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
18054| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
18055| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
18056| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
18057| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
18058| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
18059| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
18060| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
18061| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
18062| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
18063| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
18064| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
18065| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
18066| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
18067| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
18068| [66113] Dovecot Mail Root Directory Creation Permission Weakness
18069| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
18070| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
18071| [66110] Dovecot Multiple Unspecified Buffer Overflows
18072| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
18073| [64783] Dovecot E-mail Message Header Unspecified DoS
18074| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
18075| [62796] Dovecot mbox Format Email Header Handling DoS
18076| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
18077| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
18078| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
18079| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
18080| [52906] UW-imapd c-client Initial Request Remote Format String
18081| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
18082| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
18083| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
18084| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
18085| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
18086| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
18087| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
18088| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
18089| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
18090| [43137] Dovecot mail_extra_groups Symlink File Manipulation
18091| [42979] Dovecot passdbs Argument Injection Authentication Bypass
18092| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
18093| [39876] Dovecot LDAP Auth Cache Security Bypass
18094| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
18095| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
18096| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
18097| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
18098| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
18099| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
18100| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
18101| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
18102| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
18103| [23281] Dovecot imap/pop3-login dovecot-auth DoS
18104| [23280] Dovecot Malformed APPEND Command DoS
18105| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
18106| [13242] UW-imapd CRAM-MD5 Authentication Bypass
18107| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
18108| [12042] UoW imapd Multiple Unspecified Overflows
18109| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
18110| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
18111| [911] UoW imapd AUTHENTICATE Command Remote Overflow
18112| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
18113| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
18114|_
18115443/tcp open ssl/http Apache httpd
18116|_http-server-header: Apache
18117| vulscan: VulDB - https://vuldb.com:
18118| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
18119| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
18120| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
18121| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
18122| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
18123| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
18124| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
18125| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
18126| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
18127| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
18128| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
18129| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
18130| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
18131| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
18132| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
18133| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
18134| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
18135| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
18136| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
18137| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
18138| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
18139| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
18140| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
18141| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
18142| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
18143| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
18144| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
18145| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
18146| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
18147| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
18148| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
18149| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
18150| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
18151| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
18152| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
18153| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
18154| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
18155| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
18156| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
18157| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
18158| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
18159| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
18160| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
18161| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
18162| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
18163| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
18164| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
18165| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
18166| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
18167| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
18168| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
18169| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
18170| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
18171| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
18172| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
18173| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
18174| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
18175| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
18176| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
18177| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
18178| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
18179| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
18180| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
18181| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
18182| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
18183| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18184| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
18185| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
18186| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
18187| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
18188| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
18189| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
18190| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
18191| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
18192| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
18193| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
18194| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
18195| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
18196| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
18197| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
18198| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
18199| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
18200| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
18201| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
18202| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
18203| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
18204| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
18205| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
18206| [136370] Apache Fineract up to 1.2.x sql injection
18207| [136369] Apache Fineract up to 1.2.x sql injection
18208| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
18209| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
18210| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
18211| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
18212| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
18213| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
18214| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
18215| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
18216| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
18217| [134416] Apache Sanselan 0.97-incubator Loop denial of service
18218| [134415] Apache Sanselan 0.97-incubator Hang denial of service
18219| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
18220| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
18221| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
18222| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
18223| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
18224| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
18225| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
18226| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
18227| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
18228| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
18229| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
18230| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
18231| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
18232| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
18233| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
18234| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
18235| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
18236| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
18237| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
18238| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
18239| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
18240| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
18241| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
18242| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
18243| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
18244| [131859] Apache Hadoop up to 2.9.1 privilege escalation
18245| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
18246| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
18247| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
18248| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
18249| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
18250| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
18251| [130629] Apache Guacamole Cookie Flag weak encryption
18252| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
18253| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
18254| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
18255| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
18256| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
18257| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
18258| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
18259| [130123] Apache Airflow up to 1.8.2 information disclosure
18260| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
18261| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
18262| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
18263| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
18264| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18265| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18266| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
18267| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
18268| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
18269| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
18270| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
18271| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
18272| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18273| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
18274| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
18275| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
18276| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
18277| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
18278| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18279| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
18280| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
18281| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
18282| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
18283| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
18284| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
18285| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
18286| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
18287| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
18288| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
18289| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
18290| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
18291| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
18292| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
18293| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
18294| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
18295| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
18296| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
18297| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
18298| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
18299| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
18300| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
18301| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
18302| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
18303| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
18304| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
18305| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
18306| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
18307| [127007] Apache Spark Request Code Execution
18308| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
18309| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
18310| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
18311| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
18312| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
18313| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
18314| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
18315| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
18316| [126346] Apache Tomcat Path privilege escalation
18317| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
18318| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
18319| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
18320| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
18321| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
18322| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
18323| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
18324| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
18325| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
18326| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
18327| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
18328| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
18329| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
18330| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
18331| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
18332| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
18333| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
18334| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
18335| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
18336| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
18337| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
18338| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
18339| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
18340| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
18341| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
18342| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
18343| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
18344| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
18345| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
18346| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
18347| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
18348| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
18349| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
18350| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
18351| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
18352| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
18353| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
18354| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
18355| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
18356| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
18357| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
18358| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
18359| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
18360| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
18361| [123197] Apache Sentry up to 2.0.0 privilege escalation
18362| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
18363| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
18364| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
18365| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
18366| [122800] Apache Spark 1.3.0 REST API weak authentication
18367| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
18368| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
18369| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
18370| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
18371| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
18372| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
18373| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
18374| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
18375| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
18376| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
18377| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
18378| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
18379| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
18380| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
18381| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
18382| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
18383| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
18384| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
18385| [121354] Apache CouchDB HTTP API Code Execution
18386| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
18387| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
18388| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
18389| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
18390| [120168] Apache CXF weak authentication
18391| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
18392| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
18393| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
18394| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
18395| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
18396| [119306] Apache MXNet Network Interface privilege escalation
18397| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
18398| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
18399| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
18400| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
18401| [118143] Apache NiFi activemq-client Library Deserialization denial of service
18402| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
18403| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
18404| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
18405| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
18406| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
18407| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
18408| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
18409| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
18410| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
18411| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
18412| [117115] Apache Tika up to 1.17 tika-server command injection
18413| [116929] Apache Fineract getReportType Parameter privilege escalation
18414| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
18415| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
18416| [116926] Apache Fineract REST Parameter privilege escalation
18417| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
18418| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
18419| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
18420| [115883] Apache Hive up to 2.3.2 privilege escalation
18421| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
18422| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
18423| [115518] Apache Ignite 2.3 Deserialization privilege escalation
18424| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
18425| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
18426| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
18427| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
18428| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
18429| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
18430| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
18431| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
18432| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
18433| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
18434| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
18435| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
18436| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
18437| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
18438| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
18439| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
18440| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
18441| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
18442| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
18443| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
18444| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
18445| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
18446| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
18447| [113895] Apache Geode up to 1.3.x Code Execution
18448| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
18449| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
18450| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
18451| [113747] Apache Tomcat Servlets privilege escalation
18452| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
18453| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
18454| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
18455| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
18456| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
18457| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18458| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
18459| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
18460| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
18461| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
18462| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
18463| [112885] Apache Allura up to 1.8.0 File information disclosure
18464| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
18465| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
18466| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
18467| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
18468| [112625] Apache POI up to 3.16 Loop denial of service
18469| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
18470| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
18471| [112339] Apache NiFi 1.5.0 Header privilege escalation
18472| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
18473| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
18474| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
18475| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
18476| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
18477| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
18478| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
18479| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
18480| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
18481| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
18482| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
18483| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
18484| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
18485| [112114] Oracle 9.1 Apache Log4j privilege escalation
18486| [112113] Oracle 9.1 Apache Log4j privilege escalation
18487| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
18488| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
18489| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
18490| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
18491| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
18492| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
18493| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
18494| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
18495| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
18496| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
18497| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
18498| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
18499| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
18500| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
18501| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
18502| [110701] Apache Fineract Query Parameter sql injection
18503| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
18504| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
18505| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
18506| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
18507| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
18508| [110106] Apache CXF Fediz Spring cross site request forgery
18509| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
18510| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
18511| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
18512| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
18513| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
18514| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
18515| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
18516| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
18517| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
18518| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
18519| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
18520| [108938] Apple macOS up to 10.13.1 apache denial of service
18521| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
18522| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
18523| [108935] Apple macOS up to 10.13.1 apache denial of service
18524| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
18525| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
18526| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
18527| [108931] Apple macOS up to 10.13.1 apache denial of service
18528| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
18529| [108929] Apple macOS up to 10.13.1 apache denial of service
18530| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
18531| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
18532| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
18533| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
18534| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
18535| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
18536| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
18537| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
18538| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
18539| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
18540| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
18541| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
18542| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
18543| [108782] Apache Xerces2 XML Service denial of service
18544| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
18545| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
18546| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
18547| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
18548| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
18549| [108629] Apache OFBiz up to 10.04.01 privilege escalation
18550| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
18551| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
18552| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
18553| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
18554| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
18555| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
18556| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
18557| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
18558| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
18559| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
18560| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
18561| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
18562| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
18563| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
18564| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
18565| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
18566| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
18567| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
18568| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
18569| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
18570| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
18571| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
18572| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
18573| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
18574| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
18575| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
18576| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
18577| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
18578| [107639] Apache NiFi 1.4.0 XML External Entity
18579| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
18580| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
18581| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
18582| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
18583| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
18584| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
18585| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
18586| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
18587| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
18588| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
18589| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
18590| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18591| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
18592| [107197] Apache Xerces Jelly Parser XML File XML External Entity
18593| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
18594| [107084] Apache Struts up to 2.3.19 cross site scripting
18595| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
18596| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
18597| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
18598| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
18599| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
18600| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
18601| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
18602| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
18603| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
18604| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
18605| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
18606| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
18607| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18608| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
18609| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
18610| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
18611| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
18612| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
18613| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
18614| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
18615| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
18616| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
18617| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
18618| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
18619| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
18620| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
18621| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
18622| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
18623| [105878] Apache Struts up to 2.3.24.0 privilege escalation
18624| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
18625| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
18626| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
18627| [105643] Apache Pony Mail up to 0.8b weak authentication
18628| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
18629| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
18630| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
18631| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
18632| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
18633| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
18634| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
18635| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
18636| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
18637| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
18638| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
18639| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
18640| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
18641| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
18642| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
18643| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
18644| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
18645| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
18646| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
18647| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
18648| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
18649| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
18650| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
18651| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
18652| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
18653| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
18654| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
18655| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
18656| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
18657| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
18658| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
18659| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
18660| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
18661| [103690] Apache OpenMeetings 1.0.0 sql injection
18662| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
18663| [103688] Apache OpenMeetings 1.0.0 weak encryption
18664| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
18665| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
18666| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
18667| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
18668| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
18669| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
18670| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
18671| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
18672| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
18673| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
18674| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
18675| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
18676| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
18677| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
18678| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
18679| [103352] Apache Solr Node weak authentication
18680| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
18681| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
18682| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
18683| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
18684| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
18685| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
18686| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
18687| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
18688| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
18689| [102536] Apache Ranger up to 0.6 Stored cross site scripting
18690| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
18691| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
18692| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
18693| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
18694| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
18695| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
18696| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
18697| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
18698| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
18699| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
18700| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
18701| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
18702| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
18703| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
18704| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
18705| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
18706| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
18707| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
18708| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
18709| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
18710| [99937] Apache Batik up to 1.8 privilege escalation
18711| [99936] Apache FOP up to 2.1 privilege escalation
18712| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
18713| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
18714| [99930] Apache Traffic Server up to 6.2.0 denial of service
18715| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
18716| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
18717| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
18718| [117569] Apache Hadoop up to 2.7.3 privilege escalation
18719| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
18720| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
18721| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
18722| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
18723| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
18724| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
18725| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
18726| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
18727| [99014] Apache Camel Jackson/JacksonXML privilege escalation
18728| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18729| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
18730| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
18731| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
18732| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
18733| [98605] Apple macOS up to 10.12.3 Apache denial of service
18734| [98604] Apple macOS up to 10.12.3 Apache denial of service
18735| [98603] Apple macOS up to 10.12.3 Apache denial of service
18736| [98602] Apple macOS up to 10.12.3 Apache denial of service
18737| [98601] Apple macOS up to 10.12.3 Apache denial of service
18738| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
18739| [98405] Apache Hadoop up to 0.23.10 privilege escalation
18740| [98199] Apache Camel Validation XML External Entity
18741| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
18742| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
18743| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
18744| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
18745| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
18746| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
18747| [97081] Apache Tomcat HTTPS Request denial of service
18748| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
18749| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
18750| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
18751| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
18752| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
18753| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
18754| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
18755| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
18756| [95311] Apache Storm UI Daemon privilege escalation
18757| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
18758| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
18759| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
18760| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
18761| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
18762| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
18763| [94540] Apache Tika 1.9 tika-server File information disclosure
18764| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
18765| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
18766| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
18767| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
18768| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
18769| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
18770| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18771| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
18772| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
18773| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
18774| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
18775| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
18776| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
18777| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
18778| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18779| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
18780| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
18781| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
18782| [93532] Apache Commons Collections Library Java privilege escalation
18783| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
18784| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
18785| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
18786| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
18787| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
18788| [93098] Apache Commons FileUpload privilege escalation
18789| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
18790| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
18791| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
18792| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
18793| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
18794| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
18795| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
18796| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
18797| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
18798| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
18799| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
18800| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
18801| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
18802| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
18803| [92549] Apache Tomcat on Red Hat privilege escalation
18804| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
18805| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
18806| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
18807| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
18808| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
18809| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
18810| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
18811| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
18812| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
18813| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
18814| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
18815| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
18816| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
18817| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
18818| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
18819| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
18820| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
18821| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
18822| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
18823| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
18824| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
18825| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
18826| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
18827| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
18828| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
18829| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
18830| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
18831| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
18832| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
18833| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
18834| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
18835| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
18836| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
18837| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
18838| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
18839| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
18840| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
18841| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
18842| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
18843| [90263] Apache Archiva Header denial of service
18844| [90262] Apache Archiva Deserialize privilege escalation
18845| [90261] Apache Archiva XML DTD Connection privilege escalation
18846| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
18847| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
18848| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
18849| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
18850| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18851| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
18852| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
18853| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
18854| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
18855| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
18856| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
18857| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
18858| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
18859| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
18860| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
18861| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
18862| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
18863| [87765] Apache James Server 2.3.2 Command privilege escalation
18864| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
18865| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
18866| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
18867| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
18868| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
18869| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
18870| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
18871| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
18872| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
18873| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18874| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18875| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
18876| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
18877| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
18878| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18879| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
18880| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
18881| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
18882| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
18883| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
18884| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
18885| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
18886| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
18887| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
18888| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
18889| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
18890| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
18891| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
18892| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
18893| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
18894| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
18895| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
18896| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
18897| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
18898| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
18899| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
18900| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
18901| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
18902| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
18903| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
18904| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
18905| [82076] Apache Ranger up to 0.5.1 privilege escalation
18906| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
18907| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
18908| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
18909| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
18910| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
18911| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
18912| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
18913| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
18914| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
18915| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
18916| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
18917| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
18918| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18919| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
18920| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
18921| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
18922| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
18923| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
18924| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
18925| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
18926| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
18927| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
18928| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
18929| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
18930| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
18931| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
18932| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
18933| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
18934| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
18935| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
18936| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
18937| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
18938| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
18939| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
18940| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
18941| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
18942| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
18943| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
18944| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
18945| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
18946| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
18947| [79791] Cisco Products Apache Commons Collections Library privilege escalation
18948| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18949| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
18950| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
18951| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
18952| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
18953| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
18954| [78989] Apache Ambari up to 2.1.1 Open Redirect
18955| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
18956| [78987] Apache Ambari up to 2.0.x cross site scripting
18957| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
18958| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18959| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
18960| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18961| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18962| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18963| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18964| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
18965| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
18966| [77406] Apache Flex BlazeDS AMF Message XML External Entity
18967| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
18968| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
18969| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
18970| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
18971| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
18972| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
18973| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
18974| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
18975| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
18976| [76567] Apache Struts 2.3.20 unknown vulnerability
18977| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
18978| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
18979| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
18980| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
18981| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
18982| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
18983| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
18984| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
18985| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
18986| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
18987| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
18988| [74793] Apache Tomcat File Upload denial of service
18989| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
18990| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
18991| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
18992| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
18993| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
18994| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
18995| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
18996| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
18997| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
18998| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
18999| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
19000| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
19001| [74468] Apache Batik up to 1.6 denial of service
19002| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
19003| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
19004| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
19005| [74174] Apache WSS4J up to 2.0.0 privilege escalation
19006| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
19007| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
19008| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
19009| [73731] Apache XML Security unknown vulnerability
19010| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
19011| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
19012| [73593] Apache Traffic Server up to 5.1.0 denial of service
19013| [73511] Apache POI up to 3.10 Deadlock denial of service
19014| [73510] Apache Solr up to 4.3.0 cross site scripting
19015| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
19016| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
19017| [73173] Apache CloudStack Stack-Based unknown vulnerability
19018| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
19019| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
19020| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
19021| [72890] Apache Qpid 0.30 unknown vulnerability
19022| [72887] Apache Hive 0.13.0 File Permission privilege escalation
19023| [72878] Apache Cordova 3.5.0 cross site request forgery
19024| [72877] Apache Cordova 3.5.0 cross site request forgery
19025| [72876] Apache Cordova 3.5.0 cross site request forgery
19026| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
19027| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
19028| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
19029| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
19030| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
19031| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
19032| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
19033| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
19034| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
19035| [71629] Apache Axis2/C spoofing
19036| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
19037| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
19038| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
19039| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
19040| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
19041| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
19042| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
19043| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
19044| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
19045| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
19046| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
19047| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
19048| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
19049| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
19050| [70809] Apache POI up to 3.11 Crash denial of service
19051| [70808] Apache POI up to 3.10 unknown vulnerability
19052| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
19053| [70749] Apache Axis up to 1.4 getCN spoofing
19054| [70701] Apache Traffic Server up to 3.3.5 denial of service
19055| [70700] Apache OFBiz up to 12.04.03 cross site scripting
19056| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
19057| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
19058| [70661] Apache Subversion up to 1.6.17 denial of service
19059| [70660] Apache Subversion up to 1.6.17 spoofing
19060| [70659] Apache Subversion up to 1.6.17 spoofing
19061| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
19062| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
19063| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
19064| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
19065| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
19066| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
19067| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
19068| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
19069| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
19070| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
19071| [69846] Apache HBase up to 0.94.8 information disclosure
19072| [69783] Apache CouchDB up to 1.2.0 memory corruption
19073| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
19074| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
19075| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
19076| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
19077| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
19078| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
19079| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
19080| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
19081| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
19082| [69431] Apache Archiva up to 1.3.6 cross site scripting
19083| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
19084| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
19085| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
19086| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
19087| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
19088| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
19089| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
19090| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
19091| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
19092| [66739] Apache Camel up to 2.12.2 unknown vulnerability
19093| [66738] Apache Camel up to 2.12.2 unknown vulnerability
19094| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
19095| [66695] Apache CouchDB up to 1.2.0 cross site scripting
19096| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
19097| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
19098| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
19099| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
19100| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
19101| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
19102| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
19103| [66356] Apache Wicket up to 6.8.0 information disclosure
19104| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
19105| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
19106| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
19107| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
19108| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
19109| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
19110| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
19111| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
19112| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
19113| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
19114| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
19115| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
19116| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
19117| [65668] Apache Solr 4.0.0 Updater denial of service
19118| [65665] Apache Solr up to 4.3.0 denial of service
19119| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
19120| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
19121| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
19122| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
19123| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
19124| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
19125| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
19126| [65410] Apache Struts 2.3.15.3 cross site scripting
19127| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
19128| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
19129| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
19130| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
19131| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
19132| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
19133| [65340] Apache Shindig 2.5.0 information disclosure
19134| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
19135| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
19136| [10826] Apache Struts 2 File privilege escalation
19137| [65204] Apache Camel up to 2.10.1 unknown vulnerability
19138| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
19139| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
19140| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
19141| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
19142| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
19143| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
19144| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
19145| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
19146| [64722] Apache XML Security for C++ Heap-based memory corruption
19147| [64719] Apache XML Security for C++ Heap-based memory corruption
19148| [64718] Apache XML Security for C++ verify denial of service
19149| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
19150| [64716] Apache XML Security for C++ spoofing
19151| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
19152| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
19153| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
19154| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
19155| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
19156| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
19157| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
19158| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
19159| [64485] Apache Struts up to 2.2.3.0 privilege escalation
19160| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
19161| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
19162| [64467] Apache Geronimo 3.0 memory corruption
19163| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
19164| [64457] Apache Struts up to 2.2.3.0 cross site scripting
19165| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
19166| [9184] Apache Qpid up to 0.20 SSL misconfiguration
19167| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
19168| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
19169| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
19170| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
19171| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
19172| [8873] Apache Struts 2.3.14 privilege escalation
19173| [8872] Apache Struts 2.3.14 privilege escalation
19174| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
19175| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
19176| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
19177| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
19178| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
19179| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
19180| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
19181| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
19182| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
19183| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
19184| [64006] Apache ActiveMQ up to 5.7.0 denial of service
19185| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
19186| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
19187| [8427] Apache Tomcat Session Transaction weak authentication
19188| [63960] Apache Maven 3.0.4 Default Configuration spoofing
19189| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
19190| [63750] Apache qpid up to 0.20 checkAvailable denial of service
19191| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
19192| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
19193| [63747] Apache Rave up to 0.20 User Account information disclosure
19194| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
19195| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
19196| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
19197| [7687] Apache CXF up to 2.7.2 Token weak authentication
19198| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
19199| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
19200| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
19201| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
19202| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
19203| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
19204| [63090] Apache Tomcat up to 4.1.24 denial of service
19205| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
19206| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
19207| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
19208| [62833] Apache CXF -/2.6.0 spoofing
19209| [62832] Apache Axis2 up to 1.6.2 spoofing
19210| [62831] Apache Axis up to 1.4 Java Message Service spoofing
19211| [62830] Apache Commons-httpclient 3.0 Payments spoofing
19212| [62826] Apache Libcloud up to 0.11.0 spoofing
19213| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
19214| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
19215| [62661] Apache Axis2 unknown vulnerability
19216| [62658] Apache Axis2 unknown vulnerability
19217| [62467] Apache Qpid up to 0.17 denial of service
19218| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
19219| [6301] Apache HTTP Server mod_pagespeed cross site scripting
19220| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
19221| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
19222| [62035] Apache Struts up to 2.3.4 denial of service
19223| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
19224| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
19225| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
19226| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
19227| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
19228| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
19229| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
19230| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
19231| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
19232| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
19233| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
19234| [61229] Apache Sling up to 2.1.1 denial of service
19235| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
19236| [61094] Apache Roller up to 5.0 cross site scripting
19237| [61093] Apache Roller up to 5.0 cross site request forgery
19238| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
19239| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
19240| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
19241| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
19242| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
19243| [60708] Apache Qpid 0.12 unknown vulnerability
19244| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
19245| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
19246| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
19247| [4882] Apache Wicket up to 1.5.4 directory traversal
19248| [4881] Apache Wicket up to 1.4.19 cross site scripting
19249| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
19250| [60352] Apache Struts up to 2.2.3 memory corruption
19251| [60153] Apache Portable Runtime up to 1.4.3 denial of service
19252| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
19253| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
19254| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
19255| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
19256| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
19257| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
19258| [4571] Apache Struts up to 2.3.1.2 privilege escalation
19259| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
19260| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
19261| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
19262| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
19263| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
19264| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
19265| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
19266| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
19267| [59888] Apache Tomcat up to 6.0.6 denial of service
19268| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
19269| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
19270| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
19271| [59850] Apache Geronimo up to 2.2.1 denial of service
19272| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
19273| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
19274| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
19275| [58413] Apache Tomcat up to 6.0.10 spoofing
19276| [58381] Apache Wicket up to 1.4.17 cross site scripting
19277| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
19278| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
19279| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
19280| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
19281| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19282| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
19283| [57568] Apache Archiva up to 1.3.4 cross site scripting
19284| [57567] Apache Archiva up to 1.3.4 cross site request forgery
19285| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
19286| [4355] Apache HTTP Server APR apr_fnmatch denial of service
19287| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
19288| [57425] Apache Struts up to 2.2.1.1 cross site scripting
19289| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
19290| [57025] Apache Tomcat up to 7.0.11 information disclosure
19291| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
19292| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
19293| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
19294| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
19295| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
19296| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
19297| [56512] Apache Continuum up to 1.4.0 cross site scripting
19298| [4285] Apache Tomcat 5.x JVM getLocale denial of service
19299| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
19300| [4283] Apache Tomcat 5.x ServletContect privilege escalation
19301| [56441] Apache Tomcat up to 7.0.6 denial of service
19302| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
19303| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
19304| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
19305| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
19306| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
19307| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
19308| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
19309| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
19310| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
19311| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
19312| [54693] Apache Traffic Server DNS Cache unknown vulnerability
19313| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
19314| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
19315| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
19316| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
19317| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
19318| [54012] Apache Tomcat up to 6.0.10 denial of service
19319| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
19320| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
19321| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
19322| [52894] Apache Tomcat up to 6.0.7 information disclosure
19323| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
19324| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
19325| [52786] Apache Open For Business Project up to 09.04 cross site scripting
19326| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
19327| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
19328| [52584] Apache CouchDB up to 0.10.1 information disclosure
19329| [51757] Apache HTTP Server 2.0.44 cross site scripting
19330| [51756] Apache HTTP Server 2.0.44 spoofing
19331| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
19332| [51690] Apache Tomcat up to 6.0 directory traversal
19333| [51689] Apache Tomcat up to 6.0 information disclosure
19334| [51688] Apache Tomcat up to 6.0 directory traversal
19335| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
19336| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
19337| [50626] Apache Solr 1.0.0 cross site scripting
19338| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
19339| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
19340| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
19341| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
19342| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
19343| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
19344| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
19345| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
19346| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
19347| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
19348| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
19349| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
19350| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
19351| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
19352| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
19353| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
19354| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
19355| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
19356| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
19357| [47214] Apachefriends xampp 1.6.8 spoofing
19358| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
19359| [47162] Apachefriends XAMPP 1.4.4 weak authentication
19360| [47065] Apache Tomcat 4.1.23 cross site scripting
19361| [46834] Apache Tomcat up to 5.5.20 cross site scripting
19362| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
19363| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
19364| [86625] Apache Struts directory traversal
19365| [44461] Apache Tomcat up to 5.5.0 information disclosure
19366| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
19367| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
19368| [43663] Apache Tomcat up to 6.0.16 directory traversal
19369| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
19370| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
19371| [43516] Apache Tomcat up to 4.1.20 directory traversal
19372| [43509] Apache Tomcat up to 6.0.13 cross site scripting
19373| [42637] Apache Tomcat up to 6.0.16 cross site scripting
19374| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
19375| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
19376| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
19377| [40924] Apache Tomcat up to 6.0.15 information disclosure
19378| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
19379| [40922] Apache Tomcat up to 6.0 information disclosure
19380| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
19381| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
19382| [40656] Apache Tomcat 5.5.20 information disclosure
19383| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
19384| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
19385| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
19386| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
19387| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
19388| [40234] Apache Tomcat up to 6.0.15 directory traversal
19389| [40221] Apache HTTP Server 2.2.6 information disclosure
19390| [40027] David Castro Apache Authcas 0.4 sql injection
19391| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
19392| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
19393| [3414] Apache Tomcat WebDAV Stored privilege escalation
19394| [39489] Apache Jakarta Slide up to 2.1 directory traversal
19395| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
19396| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
19397| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
19398| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
19399| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
19400| [38524] Apache Geronimo 2.0 unknown vulnerability
19401| [3256] Apache Tomcat up to 6.0.13 cross site scripting
19402| [38331] Apache Tomcat 4.1.24 information disclosure
19403| [38330] Apache Tomcat 4.1.24 information disclosure
19404| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
19405| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
19406| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
19407| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
19408| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
19409| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
19410| [37292] Apache Tomcat up to 5.5.1 cross site scripting
19411| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
19412| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
19413| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
19414| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
19415| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
19416| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
19417| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
19418| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
19419| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
19420| [36225] XAMPP Apache Distribution 1.6.0a sql injection
19421| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
19422| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
19423| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
19424| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
19425| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
19426| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
19427| [34252] Apache HTTP Server denial of service
19428| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
19429| [33877] Apache Opentaps 0.9.3 cross site scripting
19430| [33876] Apache Open For Business Project unknown vulnerability
19431| [33875] Apache Open For Business Project cross site scripting
19432| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
19433| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
19434|
19435| MITRE CVE - https://cve.mitre.org:
19436| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
19437| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
19438| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
19439| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
19440| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
19441| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
19442| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
19443| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
19444| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
19445| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
19446| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
19447| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
19448| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
19449| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
19450| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
19451| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
19452| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
19453| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
19454| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
19455| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
19456| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
19457| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
19458| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
19459| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
19460| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
19461| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
19462| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
19463| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
19464| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
19465| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
19466| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19467| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
19468| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
19469| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
19470| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
19471| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
19472| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
19473| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
19474| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
19475| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
19476| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
19477| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19478| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19479| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19480| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
19481| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
19482| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
19483| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
19484| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
19485| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
19486| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
19487| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
19488| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
19489| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
19490| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
19491| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
19492| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
19493| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
19494| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
19495| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
19496| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
19497| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
19498| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
19499| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
19500| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19501| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
19502| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
19503| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
19504| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
19505| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
19506| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
19507| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
19508| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
19509| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
19510| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
19511| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
19512| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
19513| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
19514| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
19515| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
19516| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
19517| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
19518| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
19519| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
19520| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
19521| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
19522| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
19523| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
19524| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
19525| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
19526| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
19527| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
19528| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
19529| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
19530| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
19531| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
19532| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
19533| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
19534| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
19535| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
19536| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
19537| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
19538| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
19539| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
19540| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
19541| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
19542| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
19543| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
19544| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
19545| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
19546| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
19547| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
19548| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
19549| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
19550| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
19551| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
19552| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
19553| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
19554| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
19555| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
19556| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
19557| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
19558| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
19559| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
19560| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19561| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
19562| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
19563| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
19564| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
19565| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
19566| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
19567| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
19568| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
19569| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
19570| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
19571| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
19572| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
19573| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
19574| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
19575| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
19576| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
19577| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
19578| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
19579| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
19580| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
19581| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
19582| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
19583| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
19584| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
19585| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
19586| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
19587| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
19588| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
19589| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
19590| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
19591| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
19592| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
19593| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
19594| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
19595| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
19596| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
19597| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
19598| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
19599| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19600| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
19601| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
19602| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
19603| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
19604| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
19605| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
19606| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
19607| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
19608| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
19609| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
19610| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
19611| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
19612| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
19613| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
19614| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
19615| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19616| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
19617| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
19618| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
19619| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
19620| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
19621| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
19622| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
19623| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
19624| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
19625| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
19626| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
19627| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
19628| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
19629| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
19630| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
19631| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
19632| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
19633| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
19634| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
19635| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
19636| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
19637| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
19638| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
19639| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
19640| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
19641| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
19642| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
19643| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
19644| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
19645| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
19646| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
19647| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
19648| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
19649| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
19650| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
19651| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
19652| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
19653| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
19654| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
19655| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
19656| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19657| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
19658| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
19659| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
19660| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
19661| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
19662| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
19663| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
19664| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
19665| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
19666| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
19667| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
19668| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
19669| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
19670| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
19671| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
19672| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
19673| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
19674| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
19675| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
19676| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
19677| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
19678| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
19679| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
19680| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
19681| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
19682| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
19683| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
19684| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
19685| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
19686| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
19687| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
19688| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
19689| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
19690| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
19691| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
19692| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
19693| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
19694| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
19695| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
19696| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
19697| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
19698| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
19699| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
19700| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
19701| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
19702| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
19703| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
19704| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
19705| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
19706| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
19707| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
19708| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
19709| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
19710| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
19711| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
19712| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
19713| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
19714| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
19715| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
19716| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
19717| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
19718| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
19719| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
19720| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
19721| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
19722| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
19723| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
19724| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
19725| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
19726| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
19727| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
19728| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
19729| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19730| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
19731| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
19732| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
19733| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
19734| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
19735| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
19736| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
19737| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
19738| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
19739| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
19740| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
19741| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19742| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19743| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
19744| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
19745| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
19746| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
19747| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
19748| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
19749| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
19750| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
19751| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
19752| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
19753| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
19754| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
19755| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19756| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
19757| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
19758| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
19759| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
19760| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
19761| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
19762| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
19763| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
19764| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
19765| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
19766| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
19767| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
19768| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
19769| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
19770| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
19771| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
19772| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
19773| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
19774| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
19775| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
19776| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
19777| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
19778| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
19779| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
19780| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
19781| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
19782| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
19783| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19784| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
19785| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
19786| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
19787| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
19788| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19789| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
19790| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
19791| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
19792| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
19793| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
19794| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
19795| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
19796| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
19797| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
19798| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
19799| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
19800| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
19801| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
19802| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19803| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19804| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
19805| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
19806| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
19807| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
19808| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
19809| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
19810| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
19811| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19812| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
19813| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
19814| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
19815| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
19816| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
19817| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19818| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
19819| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19820| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
19821| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
19822| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
19823| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
19824| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
19825| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
19826| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
19827| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
19828| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
19829| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
19830| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
19831| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
19832| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
19833| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
19834| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
19835| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
19836| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
19837| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
19838| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
19839| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
19840| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
19841| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
19842| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
19843| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
19844| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
19845| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
19846| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
19847| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
19848| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
19849| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
19850| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
19851| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
19852| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
19853| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19854| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
19855| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
19856| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
19857| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
19858| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
19859| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
19860| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
19861| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
19862| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
19863| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
19864| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
19865| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
19866| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
19867| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
19868| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
19869| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
19870| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
19871| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
19872| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
19873| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
19874| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
19875| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
19876| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
19877| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
19878| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19879| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
19880| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
19881| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
19882| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
19883| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
19884| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
19885| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
19886| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
19887| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
19888| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
19889| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
19890| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
19891| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
19892| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
19893| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
19894| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
19895| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
19896| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19897| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
19898| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
19899| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
19900| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
19901| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
19902| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
19903| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
19904| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
19905| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
19906| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
19907| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
19908| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
19909| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
19910| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
19911| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
19912| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
19913| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
19914| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
19915| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
19916| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
19917| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
19918| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
19919| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
19920| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
19921| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
19922| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
19923| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19924| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
19925| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
19926| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
19927| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
19928| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
19929| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
19930| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
19931| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
19932| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
19933| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
19934| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
19935| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
19936| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
19937| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
19938| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
19939| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
19940| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
19941| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
19942| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
19943| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
19944| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
19945| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
19946| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
19947| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
19948| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
19949| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
19950| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
19951| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
19952| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
19953| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
19954| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
19955| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
19956| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
19957| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
19958| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
19959| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
19960| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
19961| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
19962| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
19963| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
19964| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
19965| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
19966| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
19967| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
19968| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
19969| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
19970| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
19971| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
19972| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
19973| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
19974| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
19975| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
19976| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
19977| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
19978| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
19979| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
19980| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
19981| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
19982| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
19983| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
19984| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
19985| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
19986| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
19987| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
19988| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
19989| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
19990| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
19991| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
19992| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
19993| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
19994| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
19995| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
19996| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
19997| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
19998| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
19999| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
20000| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
20001| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
20002| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
20003| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
20004| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
20005| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
20006| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
20007| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
20008| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
20009| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
20010| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
20011| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
20012| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
20013| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
20014| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
20015| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
20016| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
20017| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
20018| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
20019| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
20020| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
20021| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
20022| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
20023| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
20024| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
20025| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
20026| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
20027| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
20028| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
20029| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
20030| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
20031| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
20032| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
20033| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
20034| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
20035| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
20036| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
20037| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
20038| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
20039| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
20040| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
20041| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
20042| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
20043| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
20044| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
20045|
20046| SecurityFocus - https://www.securityfocus.com/bid/:
20047| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
20048| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
20049| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
20050| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
20051| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
20052| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
20053| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
20054| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
20055| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
20056| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
20057| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
20058| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
20059| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
20060| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
20061| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
20062| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
20063| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
20064| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
20065| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
20066| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
20067| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
20068| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
20069| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
20070| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
20071| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
20072| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
20073| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
20074| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
20075| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
20076| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
20077| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
20078| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
20079| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
20080| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
20081| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
20082| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
20083| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
20084| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
20085| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
20086| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
20087| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
20088| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
20089| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
20090| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
20091| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
20092| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
20093| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
20094| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
20095| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
20096| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
20097| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
20098| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
20099| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
20100| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
20101| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
20102| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
20103| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
20104| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
20105| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
20106| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
20107| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
20108| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
20109| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
20110| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
20111| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
20112| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
20113| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
20114| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
20115| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
20116| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
20117| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
20118| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
20119| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
20120| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
20121| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
20122| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
20123| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
20124| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
20125| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
20126| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
20127| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
20128| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
20129| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
20130| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
20131| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
20132| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
20133| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
20134| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
20135| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
20136| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
20137| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
20138| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
20139| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
20140| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
20141| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
20142| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
20143| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
20144| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
20145| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
20146| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
20147| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
20148| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
20149| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
20150| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
20151| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
20152| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
20153| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
20154| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
20155| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
20156| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
20157| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
20158| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
20159| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
20160| [100447] Apache2Triad Multiple Security Vulnerabilities
20161| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
20162| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
20163| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
20164| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
20165| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
20166| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
20167| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
20168| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
20169| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
20170| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
20171| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
20172| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
20173| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
20174| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
20175| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
20176| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
20177| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
20178| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
20179| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
20180| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
20181| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
20182| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
20183| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
20184| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
20185| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
20186| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
20187| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
20188| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
20189| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
20190| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
20191| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
20192| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
20193| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
20194| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
20195| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
20196| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
20197| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
20198| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
20199| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
20200| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
20201| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
20202| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
20203| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
20204| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
20205| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
20206| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
20207| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
20208| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
20209| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
20210| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
20211| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
20212| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
20213| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
20214| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
20215| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
20216| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
20217| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
20218| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
20219| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
20220| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
20221| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
20222| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
20223| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
20224| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
20225| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
20226| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
20227| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
20228| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
20229| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
20230| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
20231| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
20232| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
20233| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
20234| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
20235| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
20236| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
20237| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
20238| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
20239| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
20240| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
20241| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
20242| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
20243| [95675] Apache Struts Remote Code Execution Vulnerability
20244| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
20245| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
20246| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
20247| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
20248| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
20249| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
20250| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
20251| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
20252| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
20253| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
20254| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
20255| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
20256| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
20257| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
20258| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
20259| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
20260| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
20261| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
20262| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
20263| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
20264| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
20265| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
20266| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
20267| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
20268| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
20269| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
20270| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
20271| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
20272| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
20273| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
20274| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
20275| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
20276| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
20277| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
20278| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
20279| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
20280| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
20281| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
20282| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
20283| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
20284| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
20285| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
20286| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
20287| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
20288| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
20289| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
20290| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
20291| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
20292| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
20293| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
20294| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
20295| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
20296| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
20297| [91736] Apache XML-RPC Multiple Security Vulnerabilities
20298| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
20299| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
20300| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
20301| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
20302| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
20303| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
20304| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
20305| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
20306| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
20307| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
20308| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
20309| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
20310| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
20311| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
20312| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
20313| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
20314| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
20315| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
20316| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
20317| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
20318| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
20319| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
20320| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
20321| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
20322| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
20323| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
20324| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
20325| [90482] Apache CVE-2004-1387 Local Security Vulnerability
20326| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
20327| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
20328| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
20329| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
20330| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
20331| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
20332| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
20333| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
20334| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
20335| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
20336| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
20337| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
20338| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
20339| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
20340| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
20341| [86399] Apache CVE-2007-1743 Local Security Vulnerability
20342| [86397] Apache CVE-2007-1742 Local Security Vulnerability
20343| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
20344| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
20345| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
20346| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
20347| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
20348| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
20349| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
20350| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
20351| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
20352| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
20353| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
20354| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
20355| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
20356| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
20357| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
20358| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
20359| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
20360| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
20361| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
20362| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
20363| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
20364| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
20365| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
20366| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
20367| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
20368| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
20369| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
20370| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
20371| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
20372| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
20373| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
20374| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
20375| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
20376| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
20377| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
20378| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
20379| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
20380| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
20381| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
20382| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
20383| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
20384| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
20385| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
20386| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
20387| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
20388| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
20389| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
20390| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
20391| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
20392| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
20393| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
20394| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
20395| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
20396| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
20397| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
20398| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
20399| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
20400| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
20401| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
20402| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
20403| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
20404| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
20405| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
20406| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
20407| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
20408| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
20409| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
20410| [76933] Apache James Server Unspecified Command Execution Vulnerability
20411| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
20412| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
20413| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
20414| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
20415| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
20416| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
20417| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
20418| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
20419| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
20420| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
20421| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
20422| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
20423| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
20424| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
20425| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
20426| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
20427| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
20428| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
20429| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
20430| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
20431| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
20432| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
20433| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
20434| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
20435| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
20436| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
20437| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
20438| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
20439| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
20440| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
20441| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
20442| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
20443| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
20444| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
20445| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
20446| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
20447| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
20448| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
20449| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
20450| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
20451| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
20452| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
20453| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
20454| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
20455| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
20456| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
20457| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
20458| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
20459| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
20460| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
20461| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
20462| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
20463| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
20464| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
20465| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
20466| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
20467| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
20468| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
20469| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
20470| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
20471| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
20472| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
20473| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
20474| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
20475| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
20476| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
20477| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
20478| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
20479| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
20480| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
20481| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
20482| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
20483| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
20484| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
20485| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
20486| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
20487| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
20488| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
20489| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
20490| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
20491| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
20492| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
20493| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
20494| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
20495| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
20496| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
20497| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
20498| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
20499| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
20500| [68229] Apache Harmony PRNG Entropy Weakness
20501| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
20502| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
20503| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
20504| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
20505| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
20506| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
20507| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
20508| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
20509| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
20510| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
20511| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
20512| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
20513| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
20514| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
20515| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
20516| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
20517| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
20518| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
20519| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
20520| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
20521| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
20522| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
20523| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
20524| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
20525| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
20526| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
20527| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
20528| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
20529| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
20530| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
20531| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
20532| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
20533| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
20534| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
20535| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
20536| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
20537| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
20538| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
20539| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
20540| [64780] Apache CloudStack Unauthorized Access Vulnerability
20541| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
20542| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
20543| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
20544| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
20545| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
20546| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
20547| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
20548| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
20549| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
20550| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
20551| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
20552| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20553| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
20554| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
20555| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
20556| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
20557| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
20558| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
20559| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
20560| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
20561| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
20562| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
20563| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
20564| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
20565| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
20566| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
20567| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
20568| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
20569| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
20570| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
20571| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
20572| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
20573| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
20574| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
20575| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
20576| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
20577| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
20578| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
20579| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
20580| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
20581| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
20582| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
20583| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
20584| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
20585| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
20586| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
20587| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
20588| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
20589| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
20590| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
20591| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
20592| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
20593| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
20594| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
20595| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
20596| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
20597| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
20598| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
20599| [59670] Apache VCL Multiple Input Validation Vulnerabilities
20600| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
20601| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
20602| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
20603| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
20604| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
20605| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
20606| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
20607| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
20608| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
20609| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
20610| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
20611| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
20612| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
20613| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
20614| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
20615| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
20616| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
20617| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
20618| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
20619| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
20620| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
20621| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
20622| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
20623| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
20624| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
20625| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
20626| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
20627| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
20628| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
20629| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
20630| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
20631| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
20632| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
20633| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
20634| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
20635| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
20636| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
20637| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
20638| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
20639| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
20640| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
20641| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
20642| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
20643| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
20644| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
20645| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
20646| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
20647| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
20648| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
20649| [54798] Apache Libcloud Man In The Middle Vulnerability
20650| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
20651| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
20652| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
20653| [54189] Apache Roller Cross Site Request Forgery Vulnerability
20654| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
20655| [53880] Apache CXF Child Policies Security Bypass Vulnerability
20656| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
20657| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
20658| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
20659| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
20660| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
20661| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
20662| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
20663| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
20664| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
20665| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
20666| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
20667| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
20668| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
20669| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
20670| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
20671| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
20672| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
20673| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
20674| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
20675| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
20676| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20677| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
20678| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
20679| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
20680| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
20681| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
20682| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
20683| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
20684| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
20685| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
20686| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
20687| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
20688| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
20689| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
20690| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
20691| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
20692| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
20693| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
20694| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
20695| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
20696| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
20697| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
20698| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
20699| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
20700| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
20701| [49290] Apache Wicket Cross Site Scripting Vulnerability
20702| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
20703| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
20704| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
20705| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
20706| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
20707| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
20708| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
20709| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20710| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
20711| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
20712| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
20713| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
20714| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
20715| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
20716| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
20717| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
20718| [46953] Apache MPM-ITK Module Security Weakness
20719| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
20720| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
20721| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
20722| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
20723| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
20724| [46166] Apache Tomcat JVM Denial of Service Vulnerability
20725| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
20726| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
20727| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
20728| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
20729| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
20730| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
20731| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
20732| [44616] Apache Shiro Directory Traversal Vulnerability
20733| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
20734| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
20735| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
20736| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
20737| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
20738| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
20739| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
20740| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
20741| [42492] Apache CXF XML DTD Processing Security Vulnerability
20742| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
20743| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
20744| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
20745| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
20746| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
20747| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
20748| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
20749| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
20750| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
20751| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
20752| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
20753| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
20754| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
20755| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
20756| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
20757| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
20758| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
20759| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
20760| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
20761| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
20762| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
20763| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
20764| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
20765| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
20766| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
20767| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
20768| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
20769| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
20770| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
20771| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
20772| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
20773| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
20774| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
20775| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
20776| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
20777| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20778| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
20779| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
20780| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
20781| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
20782| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
20783| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
20784| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
20785| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
20786| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
20787| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
20788| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
20789| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
20790| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
20791| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
20792| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
20793| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
20794| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
20795| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
20796| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
20797| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
20798| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
20799| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
20800| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
20801| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
20802| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
20803| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
20804| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
20805| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
20806| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
20807| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
20808| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
20809| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
20810| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
20811| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
20812| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
20813| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
20814| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
20815| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
20816| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
20817| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
20818| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
20819| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
20820| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
20821| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
20822| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
20823| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
20824| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
20825| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
20826| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
20827| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
20828| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
20829| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
20830| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
20831| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
20832| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
20833| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
20834| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
20835| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
20836| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
20837| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
20838| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
20839| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
20840| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
20841| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
20842| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
20843| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
20844| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
20845| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
20846| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
20847| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
20848| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
20849| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
20850| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
20851| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
20852| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
20853| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
20854| [20527] Apache Mod_TCL Remote Format String Vulnerability
20855| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
20856| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
20857| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
20858| [19106] Apache Tomcat Information Disclosure Vulnerability
20859| [18138] Apache James SMTP Denial Of Service Vulnerability
20860| [17342] Apache Struts Multiple Remote Vulnerabilities
20861| [17095] Apache Log4Net Denial Of Service Vulnerability
20862| [16916] Apache mod_python FileSession Code Execution Vulnerability
20863| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
20864| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
20865| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
20866| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
20867| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
20868| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
20869| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
20870| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
20871| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
20872| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
20873| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
20874| [15177] PHP Apache 2 Local Denial of Service Vulnerability
20875| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
20876| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
20877| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
20878| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
20879| [14106] Apache HTTP Request Smuggling Vulnerability
20880| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
20881| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
20882| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
20883| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
20884| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
20885| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
20886| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
20887| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
20888| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
20889| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
20890| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
20891| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
20892| [11471] Apache mod_include Local Buffer Overflow Vulnerability
20893| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
20894| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
20895| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
20896| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
20897| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
20898| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
20899| [11094] Apache mod_ssl Denial Of Service Vulnerability
20900| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
20901| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
20902| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
20903| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
20904| [10478] ClueCentral Apache Suexec Patch Security Weakness
20905| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
20906| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
20907| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
20908| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
20909| [9921] Apache Connection Blocking Denial Of Service Vulnerability
20910| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
20911| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
20912| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
20913| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
20914| [9733] Apache Cygwin Directory Traversal Vulnerability
20915| [9599] Apache mod_php Global Variables Information Disclosure Weakness
20916| [9590] Apache-SSL Client Certificate Forging Vulnerability
20917| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
20918| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
20919| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
20920| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
20921| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
20922| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
20923| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
20924| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
20925| [8898] Red Hat Apache Directory Index Default Configuration Error
20926| [8883] Apache Cocoon Directory Traversal Vulnerability
20927| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
20928| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
20929| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
20930| [8707] Apache htpasswd Password Entropy Weakness
20931| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
20932| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
20933| [8226] Apache HTTP Server Multiple Vulnerabilities
20934| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
20935| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
20936| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
20937| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
20938| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
20939| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
20940| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
20941| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
20942| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
20943| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
20944| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
20945| [7255] Apache Web Server File Descriptor Leakage Vulnerability
20946| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
20947| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
20948| [6939] Apache Web Server ETag Header Information Disclosure Weakness
20949| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
20950| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
20951| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
20952| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
20953| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
20954| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
20955| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
20956| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
20957| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
20958| [6117] Apache mod_php File Descriptor Leakage Vulnerability
20959| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
20960| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
20961| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
20962| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
20963| [5992] Apache HTDigest Insecure Temporary File Vulnerability
20964| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
20965| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
20966| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
20967| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
20968| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
20969| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
20970| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
20971| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
20972| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
20973| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
20974| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
20975| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
20976| [5485] Apache 2.0 Path Disclosure Vulnerability
20977| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
20978| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
20979| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
20980| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
20981| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
20982| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
20983| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
20984| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
20985| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
20986| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
20987| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
20988| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
20989| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
20990| [4437] Apache Error Message Cross-Site Scripting Vulnerability
20991| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
20992| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
20993| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
20994| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
20995| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
20996| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
20997| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
20998| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
20999| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
21000| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
21001| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
21002| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
21003| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
21004| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
21005| [3596] Apache Split-Logfile File Append Vulnerability
21006| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
21007| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
21008| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
21009| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
21010| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
21011| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
21012| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
21013| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
21014| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
21015| [3169] Apache Server Address Disclosure Vulnerability
21016| [3009] Apache Possible Directory Index Disclosure Vulnerability
21017| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
21018| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
21019| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
21020| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
21021| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
21022| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
21023| [2216] Apache Web Server DoS Vulnerability
21024| [2182] Apache /tmp File Race Vulnerability
21025| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
21026| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
21027| [1821] Apache mod_cookies Buffer Overflow Vulnerability
21028| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
21029| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
21030| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
21031| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
21032| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
21033| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
21034| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
21035| [1457] Apache::ASP source.asp Example Script Vulnerability
21036| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
21037| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
21038|
21039| IBM X-Force - https://exchange.xforce.ibmcloud.com:
21040| [86258] Apache CloudStack text fields cross-site scripting
21041| [85983] Apache Subversion mod_dav_svn module denial of service
21042| [85875] Apache OFBiz UEL code execution
21043| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
21044| [85871] Apache HTTP Server mod_session_dbd unspecified
21045| [85756] Apache Struts OGNL expression command execution
21046| [85755] Apache Struts DefaultActionMapper class open redirect
21047| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
21048| [85574] Apache HTTP Server mod_dav denial of service
21049| [85573] Apache Struts Showcase App OGNL code execution
21050| [85496] Apache CXF denial of service
21051| [85423] Apache Geronimo RMI classloader code execution
21052| [85326] Apache Santuario XML Security for C++ buffer overflow
21053| [85323] Apache Santuario XML Security for Java spoofing
21054| [85319] Apache Qpid Python client SSL spoofing
21055| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
21056| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
21057| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
21058| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
21059| [84952] Apache Tomcat CVE-2012-3544 denial of service
21060| [84763] Apache Struts CVE-2013-2135 security bypass
21061| [84762] Apache Struts CVE-2013-2134 security bypass
21062| [84719] Apache Subversion CVE-2013-2088 command execution
21063| [84718] Apache Subversion CVE-2013-2112 denial of service
21064| [84717] Apache Subversion CVE-2013-1968 denial of service
21065| [84577] Apache Tomcat security bypass
21066| [84576] Apache Tomcat symlink
21067| [84543] Apache Struts CVE-2013-2115 security bypass
21068| [84542] Apache Struts CVE-2013-1966 security bypass
21069| [84154] Apache Tomcat session hijacking
21070| [84144] Apache Tomcat denial of service
21071| [84143] Apache Tomcat information disclosure
21072| [84111] Apache HTTP Server command execution
21073| [84043] Apache Virtual Computing Lab cross-site scripting
21074| [84042] Apache Virtual Computing Lab cross-site scripting
21075| [83782] Apache CloudStack information disclosure
21076| [83781] Apache CloudStack security bypass
21077| [83720] Apache ActiveMQ cross-site scripting
21078| [83719] Apache ActiveMQ denial of service
21079| [83718] Apache ActiveMQ denial of service
21080| [83263] Apache Subversion denial of service
21081| [83262] Apache Subversion denial of service
21082| [83261] Apache Subversion denial of service
21083| [83259] Apache Subversion denial of service
21084| [83035] Apache mod_ruid2 security bypass
21085| [82852] Apache Qpid federation_tag security bypass
21086| [82851] Apache Qpid qpid::framing::Buffer denial of service
21087| [82758] Apache Rave User RPC API information disclosure
21088| [82663] Apache Subversion svn_fs_file_length() denial of service
21089| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
21090| [82641] Apache Qpid AMQP denial of service
21091| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
21092| [82618] Apache Commons FileUpload symlink
21093| [82360] Apache HTTP Server manager interface cross-site scripting
21094| [82359] Apache HTTP Server hostnames cross-site scripting
21095| [82338] Apache Tomcat log/logdir information disclosure
21096| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
21097| [82268] Apache OpenJPA deserialization command execution
21098| [81981] Apache CXF UsernameTokens security bypass
21099| [81980] Apache CXF WS-Security security bypass
21100| [81398] Apache OFBiz cross-site scripting
21101| [81240] Apache CouchDB directory traversal
21102| [81226] Apache CouchDB JSONP code execution
21103| [81225] Apache CouchDB Futon user interface cross-site scripting
21104| [81211] Apache Axis2/C SSL spoofing
21105| [81167] Apache CloudStack DeployVM information disclosure
21106| [81166] Apache CloudStack AddHost API information disclosure
21107| [81165] Apache CloudStack createSSHKeyPair API information disclosure
21108| [80518] Apache Tomcat cross-site request forgery security bypass
21109| [80517] Apache Tomcat FormAuthenticator security bypass
21110| [80516] Apache Tomcat NIO denial of service
21111| [80408] Apache Tomcat replay-countermeasure security bypass
21112| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
21113| [80317] Apache Tomcat slowloris denial of service
21114| [79984] Apache Commons HttpClient SSL spoofing
21115| [79983] Apache CXF SSL spoofing
21116| [79830] Apache Axis2/Java SSL spoofing
21117| [79829] Apache Axis SSL spoofing
21118| [79809] Apache Tomcat DIGEST security bypass
21119| [79806] Apache Tomcat parseHeaders() denial of service
21120| [79540] Apache OFBiz unspecified
21121| [79487] Apache Axis2 SAML security bypass
21122| [79212] Apache Cloudstack code execution
21123| [78734] Apache CXF SOAP Action security bypass
21124| [78730] Apache Qpid broker denial of service
21125| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
21126| [78563] Apache mod_pagespeed module unspecified cross-site scripting
21127| [78562] Apache mod_pagespeed module security bypass
21128| [78454] Apache Axis2 security bypass
21129| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
21130| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
21131| [78321] Apache Wicket unspecified cross-site scripting
21132| [78183] Apache Struts parameters denial of service
21133| [78182] Apache Struts cross-site request forgery
21134| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
21135| [77987] mod_rpaf module for Apache denial of service
21136| [77958] Apache Struts skill name code execution
21137| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
21138| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
21139| [77568] Apache Qpid broker security bypass
21140| [77421] Apache Libcloud spoofing
21141| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
21142| [77046] Oracle Solaris Apache HTTP Server information disclosure
21143| [76837] Apache Hadoop information disclosure
21144| [76802] Apache Sling CopyFrom denial of service
21145| [76692] Apache Hadoop symlink
21146| [76535] Apache Roller console cross-site request forgery
21147| [76534] Apache Roller weblog cross-site scripting
21148| [76152] Apache CXF elements security bypass
21149| [76151] Apache CXF child policies security bypass
21150| [75983] MapServer for Windows Apache file include
21151| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
21152| [75558] Apache POI denial of service
21153| [75545] PHP apache_request_headers() buffer overflow
21154| [75302] Apache Qpid SASL security bypass
21155| [75211] Debian GNU/Linux apache 2 cross-site scripting
21156| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
21157| [74871] Apache OFBiz FlexibleStringExpander code execution
21158| [74870] Apache OFBiz multiple cross-site scripting
21159| [74750] Apache Hadoop unspecified spoofing
21160| [74319] Apache Struts XSLTResult.java file upload
21161| [74313] Apache Traffic Server header buffer overflow
21162| [74276] Apache Wicket directory traversal
21163| [74273] Apache Wicket unspecified cross-site scripting
21164| [74181] Apache HTTP Server mod_fcgid module denial of service
21165| [73690] Apache Struts OGNL code execution
21166| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
21167| [73100] Apache MyFaces in directory traversal
21168| [73096] Apache APR hash denial of service
21169| [73052] Apache Struts name cross-site scripting
21170| [73030] Apache CXF UsernameToken security bypass
21171| [72888] Apache Struts lastName cross-site scripting
21172| [72758] Apache HTTP Server httpOnly information disclosure
21173| [72757] Apache HTTP Server MPM denial of service
21174| [72585] Apache Struts ParameterInterceptor security bypass
21175| [72438] Apache Tomcat Digest security bypass
21176| [72437] Apache Tomcat Digest security bypass
21177| [72436] Apache Tomcat DIGEST security bypass
21178| [72425] Apache Tomcat parameter denial of service
21179| [72422] Apache Tomcat request object information disclosure
21180| [72377] Apache HTTP Server scoreboard security bypass
21181| [72345] Apache HTTP Server HTTP request denial of service
21182| [72229] Apache Struts ExceptionDelegator command execution
21183| [72089] Apache Struts ParameterInterceptor directory traversal
21184| [72088] Apache Struts CookieInterceptor command execution
21185| [72047] Apache Geronimo hash denial of service
21186| [72016] Apache Tomcat hash denial of service
21187| [71711] Apache Struts OGNL expression code execution
21188| [71654] Apache Struts interfaces security bypass
21189| [71620] Apache ActiveMQ failover denial of service
21190| [71617] Apache HTTP Server mod_proxy module information disclosure
21191| [71508] Apache MyFaces EL security bypass
21192| [71445] Apache HTTP Server mod_proxy security bypass
21193| [71203] Apache Tomcat servlets privilege escalation
21194| [71181] Apache HTTP Server ap_pregsub() denial of service
21195| [71093] Apache HTTP Server ap_pregsub() buffer overflow
21196| [70336] Apache HTTP Server mod_proxy information disclosure
21197| [69804] Apache HTTP Server mod_proxy_ajp denial of service
21198| [69472] Apache Tomcat AJP security bypass
21199| [69396] Apache HTTP Server ByteRange filter denial of service
21200| [69394] Apache Wicket multi window support cross-site scripting
21201| [69176] Apache Tomcat XML information disclosure
21202| [69161] Apache Tomcat jsvc information disclosure
21203| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
21204| [68541] Apache Tomcat sendfile information disclosure
21205| [68420] Apache XML Security denial of service
21206| [68238] Apache Tomcat JMX information disclosure
21207| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
21208| [67804] Apache Subversion control rules information disclosure
21209| [67803] Apache Subversion control rules denial of service
21210| [67802] Apache Subversion baselined denial of service
21211| [67672] Apache Archiva multiple cross-site scripting
21212| [67671] Apache Archiva multiple cross-site request forgery
21213| [67564] Apache APR apr_fnmatch() denial of service
21214| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
21215| [67515] Apache Tomcat annotations security bypass
21216| [67480] Apache Struts s:submit information disclosure
21217| [67414] Apache APR apr_fnmatch() denial of service
21218| [67356] Apache Struts javatemplates cross-site scripting
21219| [67354] Apache Struts Xwork cross-site scripting
21220| [66676] Apache Tomcat HTTP BIO information disclosure
21221| [66675] Apache Tomcat web.xml security bypass
21222| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
21223| [66241] Apache HttpComponents information disclosure
21224| [66154] Apache Tomcat ServletSecurity security bypass
21225| [65971] Apache Tomcat ServletSecurity security bypass
21226| [65876] Apache Subversion mod_dav_svn denial of service
21227| [65343] Apache Continuum unspecified cross-site scripting
21228| [65162] Apache Tomcat NIO connector denial of service
21229| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
21230| [65160] Apache Tomcat HTML Manager interface cross-site scripting
21231| [65159] Apache Tomcat ServletContect security bypass
21232| [65050] Apache CouchDB web-based administration UI cross-site scripting
21233| [64773] Oracle HTTP Server Apache Plugin unauthorized access
21234| [64473] Apache Subversion blame -g denial of service
21235| [64472] Apache Subversion walk() denial of service
21236| [64407] Apache Axis2 CVE-2010-0219 code execution
21237| [63926] Apache Archiva password privilege escalation
21238| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
21239| [63493] Apache Archiva credentials cross-site request forgery
21240| [63477] Apache Tomcat HttpOnly session hijacking
21241| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
21242| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
21243| [62959] Apache Shiro filters security bypass
21244| [62790] Apache Perl cgi module denial of service
21245| [62576] Apache Qpid exchange denial of service
21246| [62575] Apache Qpid AMQP denial of service
21247| [62354] Apache Qpid SSL denial of service
21248| [62235] Apache APR-util apr_brigade_split_line() denial of service
21249| [62181] Apache XML-RPC SAX Parser information disclosure
21250| [61721] Apache Traffic Server cache poisoning
21251| [61202] Apache Derby BUILTIN authentication functionality information disclosure
21252| [61186] Apache CouchDB Futon cross-site request forgery
21253| [61169] Apache CXF DTD denial of service
21254| [61070] Apache Jackrabbit search.jsp SQL injection
21255| [61006] Apache SLMS Quoting cross-site request forgery
21256| [60962] Apache Tomcat time cross-site scripting
21257| [60883] Apache mod_proxy_http information disclosure
21258| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
21259| [60264] Apache Tomcat Transfer-Encoding denial of service
21260| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
21261| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
21262| [59413] Apache mod_proxy_http timeout information disclosure
21263| [59058] Apache MyFaces unencrypted view state cross-site scripting
21264| [58827] Apache Axis2 xsd file include
21265| [58790] Apache Axis2 modules cross-site scripting
21266| [58299] Apache ActiveMQ queueBrowse cross-site scripting
21267| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
21268| [58056] Apache ActiveMQ .jsp source code disclosure
21269| [58055] Apache Tomcat realm name information disclosure
21270| [58046] Apache HTTP Server mod_auth_shadow security bypass
21271| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
21272| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
21273| [57429] Apache CouchDB algorithms information disclosure
21274| [57398] Apache ActiveMQ Web console cross-site request forgery
21275| [57397] Apache ActiveMQ createDestination.action cross-site scripting
21276| [56653] Apache HTTP Server DNS spoofing
21277| [56652] Apache HTTP Server DNS cross-site scripting
21278| [56625] Apache HTTP Server request header information disclosure
21279| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
21280| [56623] Apache HTTP Server mod_proxy_ajp denial of service
21281| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
21282| [55857] Apache Tomcat WAR files directory traversal
21283| [55856] Apache Tomcat autoDeploy attribute security bypass
21284| [55855] Apache Tomcat WAR directory traversal
21285| [55210] Intuit component for Joomla! Apache information disclosure
21286| [54533] Apache Tomcat 404 error page cross-site scripting
21287| [54182] Apache Tomcat admin default password
21288| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
21289| [53666] Apache HTTP Server Solaris pollset support denial of service
21290| [53650] Apache HTTP Server HTTP basic-auth module security bypass
21291| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
21292| [53041] mod_proxy_ftp module for Apache denial of service
21293| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
21294| [51953] Apache Tomcat Path Disclosure
21295| [51952] Apache Tomcat Path Traversal
21296| [51951] Apache stronghold-status Information Disclosure
21297| [51950] Apache stronghold-info Information Disclosure
21298| [51949] Apache PHP Source Code Disclosure
21299| [51948] Apache Multiviews Attack
21300| [51946] Apache JServ Environment Status Information Disclosure
21301| [51945] Apache error_log Information Disclosure
21302| [51944] Apache Default Installation Page Pattern Found
21303| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
21304| [51942] Apache AXIS XML External Entity File Retrieval
21305| [51941] Apache AXIS Sample Servlet Information Leak
21306| [51940] Apache access_log Information Disclosure
21307| [51626] Apache mod_deflate denial of service
21308| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
21309| [51365] Apache Tomcat RequestDispatcher security bypass
21310| [51273] Apache HTTP Server Incomplete Request denial of service
21311| [51195] Apache Tomcat XML information disclosure
21312| [50994] Apache APR-util xml/apr_xml.c denial of service
21313| [50993] Apache APR-util apr_brigade_vprintf denial of service
21314| [50964] Apache APR-util apr_strmatch_precompile() denial of service
21315| [50930] Apache Tomcat j_security_check information disclosure
21316| [50928] Apache Tomcat AJP denial of service
21317| [50884] Apache HTTP Server XML ENTITY denial of service
21318| [50808] Apache HTTP Server AllowOverride privilege escalation
21319| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
21320| [50059] Apache mod_proxy_ajp information disclosure
21321| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
21322| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
21323| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
21324| [49921] Apache ActiveMQ Web interface cross-site scripting
21325| [49898] Apache Geronimo Services/Repository directory traversal
21326| [49725] Apache Tomcat mod_jk module information disclosure
21327| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
21328| [49712] Apache Struts unspecified cross-site scripting
21329| [49213] Apache Tomcat cal2.jsp cross-site scripting
21330| [48934] Apache Tomcat POST doRead method information disclosure
21331| [48211] Apache Tomcat header HTTP request smuggling
21332| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
21333| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
21334| [47709] Apache Roller "
21335| [47104] Novell Netware ApacheAdmin console security bypass
21336| [47086] Apache HTTP Server OS fingerprinting unspecified
21337| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
21338| [45791] Apache Tomcat RemoteFilterValve security bypass
21339| [44435] Oracle WebLogic Apache Connector buffer overflow
21340| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
21341| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
21342| [44156] Apache Tomcat RequestDispatcher directory traversal
21343| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
21344| [43885] Oracle WebLogic Server Apache Connector buffer overflow
21345| [42987] Apache HTTP Server mod_proxy module denial of service
21346| [42915] Apache Tomcat JSP files path disclosure
21347| [42914] Apache Tomcat MS-DOS path disclosure
21348| [42892] Apache Tomcat unspecified unauthorized access
21349| [42816] Apache Tomcat Host Manager cross-site scripting
21350| [42303] Apache 403 error cross-site scripting
21351| [41618] Apache-SSL ExpandCert() authentication bypass
21352| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
21353| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
21354| [40614] Apache mod_jk2 HTTP Host header buffer overflow
21355| [40562] Apache Geronimo init information disclosure
21356| [40478] Novell Web Manager webadmin-apache.conf security bypass
21357| [40411] Apache Tomcat exception handling information disclosure
21358| [40409] Apache Tomcat native (APR based) connector weak security
21359| [40403] Apache Tomcat quotes and %5C cookie information disclosure
21360| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
21361| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
21362| [39867] Apache HTTP Server mod_negotiation cross-site scripting
21363| [39804] Apache Tomcat SingleSignOn information disclosure
21364| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
21365| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
21366| [39608] Apache HTTP Server balancer manager cross-site request forgery
21367| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
21368| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
21369| [39472] Apache HTTP Server mod_status cross-site scripting
21370| [39201] Apache Tomcat JULI logging weak security
21371| [39158] Apache HTTP Server Windows SMB shares information disclosure
21372| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
21373| [38951] Apache::AuthCAS Perl module cookie SQL injection
21374| [38800] Apache HTTP Server 413 error page cross-site scripting
21375| [38211] Apache Geronimo SQLLoginModule authentication bypass
21376| [37243] Apache Tomcat WebDAV directory traversal
21377| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
21378| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
21379| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
21380| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
21381| [36782] Apache Geronimo MEJB unauthorized access
21382| [36586] Apache HTTP Server UTF-7 cross-site scripting
21383| [36468] Apache Geronimo LoginModule security bypass
21384| [36467] Apache Tomcat functions.jsp cross-site scripting
21385| [36402] Apache Tomcat calendar cross-site request forgery
21386| [36354] Apache HTTP Server mod_proxy module denial of service
21387| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
21388| [36336] Apache Derby lock table privilege escalation
21389| [36335] Apache Derby schema privilege escalation
21390| [36006] Apache Tomcat "
21391| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
21392| [35999] Apache Tomcat \"
21393| [35795] Apache Tomcat CookieExample cross-site scripting
21394| [35536] Apache Tomcat SendMailServlet example cross-site scripting
21395| [35384] Apache HTTP Server mod_cache module denial of service
21396| [35097] Apache HTTP Server mod_status module cross-site scripting
21397| [35095] Apache HTTP Server Prefork MPM module denial of service
21398| [34984] Apache HTTP Server recall_headers information disclosure
21399| [34966] Apache HTTP Server MPM content spoofing
21400| [34965] Apache HTTP Server MPM information disclosure
21401| [34963] Apache HTTP Server MPM multiple denial of service
21402| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
21403| [34869] Apache Tomcat JSP example Web application cross-site scripting
21404| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
21405| [34496] Apache Tomcat JK Connector security bypass
21406| [34377] Apache Tomcat hello.jsp cross-site scripting
21407| [34212] Apache Tomcat SSL configuration security bypass
21408| [34210] Apache Tomcat Accept-Language cross-site scripting
21409| [34209] Apache Tomcat calendar application cross-site scripting
21410| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
21411| [34167] Apache Axis WSDL file path disclosure
21412| [34068] Apache Tomcat AJP connector information disclosure
21413| [33584] Apache HTTP Server suEXEC privilege escalation
21414| [32988] Apache Tomcat proxy module directory traversal
21415| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
21416| [32708] Debian Apache tty privilege escalation
21417| [32441] ApacheStats extract() PHP call unspecified
21418| [32128] Apache Tomcat default account
21419| [31680] Apache Tomcat RequestParamExample cross-site scripting
21420| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
21421| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
21422| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
21423| [30456] Apache mod_auth_kerb off-by-one buffer overflow
21424| [29550] Apache mod_tcl set_var() format string
21425| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
21426| [28357] Apache HTTP Server mod_alias script source information disclosure
21427| [28063] Apache mod_rewrite off-by-one buffer overflow
21428| [27902] Apache Tomcat URL information disclosure
21429| [26786] Apache James SMTP server denial of service
21430| [25680] libapache2 /tmp/svn file upload
21431| [25614] Apache Struts lookupMap cross-site scripting
21432| [25613] Apache Struts ActionForm denial of service
21433| [25612] Apache Struts isCancelled() security bypass
21434| [24965] Apache mod_python FileSession command execution
21435| [24716] Apache James spooler memory leak denial of service
21436| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
21437| [24158] Apache Geronimo jsp-examples cross-site scripting
21438| [24030] Apache auth_ldap module multiple format strings
21439| [24008] Apache mod_ssl custom error message denial of service
21440| [24003] Apache mod_auth_pgsql module multiple syslog format strings
21441| [23612] Apache mod_imap referer field cross-site scripting
21442| [23173] Apache Struts error message cross-site scripting
21443| [22942] Apache Tomcat directory listing denial of service
21444| [22858] Apache Multi-Processing Module code allows denial of service
21445| [22602] RHSA-2005:582 updates for Apache httpd not installed
21446| [22520] Apache mod-auth-shadow "
21447| [22466] ApacheTop symlink
21448| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
21449| [22006] Apache HTTP Server byte-range filter denial of service
21450| [21567] Apache mod_ssl off-by-one buffer overflow
21451| [21195] Apache HTTP Server header HTTP request smuggling
21452| [20383] Apache HTTP Server htdigest buffer overflow
21453| [19681] Apache Tomcat AJP12 request denial of service
21454| [18993] Apache HTTP server check_forensic symlink attack
21455| [18790] Apache Tomcat Manager cross-site scripting
21456| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
21457| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
21458| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
21459| [17961] Apache Web server ServerTokens has not been set
21460| [17930] Apache HTTP Server HTTP GET request denial of service
21461| [17785] Apache mod_include module buffer overflow
21462| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
21463| [17473] Apache HTTP Server Satisfy directive allows access to resources
21464| [17413] Apache htpasswd buffer overflow
21465| [17384] Apache HTTP Server environment variable configuration file buffer overflow
21466| [17382] Apache HTTP Server IPv6 apr_util denial of service
21467| [17366] Apache HTTP Server mod_dav module LOCK denial of service
21468| [17273] Apache HTTP Server speculative mode denial of service
21469| [17200] Apache HTTP Server mod_ssl denial of service
21470| [16890] Apache HTTP Server server-info request has been detected
21471| [16889] Apache HTTP Server server-status request has been detected
21472| [16705] Apache mod_ssl format string attack
21473| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
21474| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
21475| [16230] Apache HTTP Server PHP denial of service
21476| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
21477| [15958] Apache HTTP Server authentication modules memory corruption
21478| [15547] Apache HTTP Server mod_disk_cache local information disclosure
21479| [15540] Apache HTTP Server socket starvation denial of service
21480| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
21481| [15422] Apache HTTP Server mod_access information disclosure
21482| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
21483| [15293] Apache for Cygwin "
21484| [15065] Apache-SSL has a default password
21485| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
21486| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
21487| [14751] Apache Mod_python output filter information disclosure
21488| [14125] Apache HTTP Server mod_userdir module information disclosure
21489| [14075] Apache HTTP Server mod_php file descriptor leak
21490| [13703] Apache HTTP Server account
21491| [13689] Apache HTTP Server configuration allows symlinks
21492| [13688] Apache HTTP Server configuration allows SSI
21493| [13687] Apache HTTP Server Server: header value
21494| [13685] Apache HTTP Server ServerTokens value
21495| [13684] Apache HTTP Server ServerSignature value
21496| [13672] Apache HTTP Server config allows directory autoindexing
21497| [13671] Apache HTTP Server default content
21498| [13670] Apache HTTP Server config file directive references outside content root
21499| [13668] Apache HTTP Server httpd not running in chroot environment
21500| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
21501| [13664] Apache HTTP Server config file contains ScriptAlias entry
21502| [13663] Apache HTTP Server CGI support modules loaded
21503| [13661] Apache HTTP Server config file contains AddHandler entry
21504| [13660] Apache HTTP Server 500 error page not CGI script
21505| [13659] Apache HTTP Server 413 error page not CGI script
21506| [13658] Apache HTTP Server 403 error page not CGI script
21507| [13657] Apache HTTP Server 401 error page not CGI script
21508| [13552] Apache HTTP Server mod_cgid module information disclosure
21509| [13550] Apache GET request directory traversal
21510| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
21511| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
21512| [13429] Apache Tomcat non-HTTP request denial of service
21513| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
21514| [13295] Apache weak password encryption
21515| [13254] Apache Tomcat .jsp cross-site scripting
21516| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
21517| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
21518| [12681] Apache HTTP Server mod_proxy could allow mail relaying
21519| [12662] Apache HTTP Server rotatelogs denial of service
21520| [12554] Apache Tomcat stores password in plain text
21521| [12553] Apache HTTP Server redirects and subrequests denial of service
21522| [12552] Apache HTTP Server FTP proxy server denial of service
21523| [12551] Apache HTTP Server prefork MPM denial of service
21524| [12550] Apache HTTP Server weaker than expected encryption
21525| [12549] Apache HTTP Server type-map file denial of service
21526| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
21527| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
21528| [12091] Apache HTTP Server apr_password_validate denial of service
21529| [12090] Apache HTTP Server apr_psprintf code execution
21530| [11804] Apache HTTP Server mod_access_referer denial of service
21531| [11750] Apache HTTP Server could leak sensitive file descriptors
21532| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
21533| [11703] Apache long slash path allows directory listing
21534| [11695] Apache HTTP Server LF (Line Feed) denial of service
21535| [11694] Apache HTTP Server filestat.c denial of service
21536| [11438] Apache HTTP Server MIME message boundaries information disclosure
21537| [11412] Apache HTTP Server error log terminal escape sequence injection
21538| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
21539| [11195] Apache Tomcat web.xml could be used to read files
21540| [11194] Apache Tomcat URL appended with a null character could list directories
21541| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
21542| [11126] Apache HTTP Server illegal character file disclosure
21543| [11125] Apache HTTP Server DOS device name HTTP POST code execution
21544| [11124] Apache HTTP Server DOS device name denial of service
21545| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
21546| [10938] Apache HTTP Server printenv test CGI cross-site scripting
21547| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
21548| [10575] Apache mod_php module could allow an attacker to take over the httpd process
21549| [10499] Apache HTTP Server WebDAV HTTP POST view source
21550| [10457] Apache HTTP Server mod_ssl "
21551| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
21552| [10414] Apache HTTP Server htdigest multiple buffer overflows
21553| [10413] Apache HTTP Server htdigest temporary file race condition
21554| [10412] Apache HTTP Server htpasswd temporary file race condition
21555| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
21556| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
21557| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
21558| [10280] Apache HTTP Server shared memory scorecard overwrite
21559| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
21560| [10241] Apache HTTP Server Host: header cross-site scripting
21561| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
21562| [10208] Apache HTTP Server mod_dav denial of service
21563| [10206] HP VVOS Apache mod_ssl denial of service
21564| [10200] Apache HTTP Server stderr denial of service
21565| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
21566| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
21567| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
21568| [10098] Slapper worm targets OpenSSL/Apache systems
21569| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
21570| [9875] Apache HTTP Server .var file request could disclose installation path
21571| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
21572| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
21573| [9623] Apache HTTP Server ap_log_rerror() path disclosure
21574| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
21575| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
21576| [9396] Apache Tomcat null character to threads denial of service
21577| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
21578| [9249] Apache HTTP Server chunked encoding heap buffer overflow
21579| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
21580| [8932] Apache Tomcat example class information disclosure
21581| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
21582| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
21583| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
21584| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
21585| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
21586| [8400] Apache HTTP Server mod_frontpage buffer overflows
21587| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
21588| [8308] Apache "
21589| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
21590| [8119] Apache and PHP OPTIONS request reveals "
21591| [8054] Apache is running on the system
21592| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
21593| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
21594| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
21595| [7836] Apache HTTP Server log directory denial of service
21596| [7815] Apache for Windows "
21597| [7810] Apache HTTP request could result in unexpected behavior
21598| [7599] Apache Tomcat reveals installation path
21599| [7494] Apache "
21600| [7419] Apache Web Server could allow remote attackers to overwrite .log files
21601| [7363] Apache Web Server hidden HTTP requests
21602| [7249] Apache mod_proxy denial of service
21603| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
21604| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
21605| [7059] Apache "
21606| [7057] Apache "
21607| [7056] Apache "
21608| [7055] Apache "
21609| [7054] Apache "
21610| [6997] Apache Jakarta Tomcat error message may reveal information
21611| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
21612| [6970] Apache crafted HTTP request could reveal the internal IP address
21613| [6921] Apache long slash path allows directory listing
21614| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
21615| [6527] Apache Web Server for Windows and OS2 denial of service
21616| [6316] Apache Jakarta Tomcat may reveal JSP source code
21617| [6305] Apache Jakarta Tomcat directory traversal
21618| [5926] Linux Apache symbolic link
21619| [5659] Apache Web server discloses files when used with php script
21620| [5310] Apache mod_rewrite allows attacker to view arbitrary files
21621| [5204] Apache WebDAV directory listings
21622| [5197] Apache Web server reveals CGI script source code
21623| [5160] Apache Jakarta Tomcat default installation
21624| [5099] Trustix Secure Linux installs Apache with world writable access
21625| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
21626| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
21627| [4931] Apache source.asp example file allows users to write to files
21628| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
21629| [4205] Apache Jakarta Tomcat delivers file contents
21630| [2084] Apache on Debian by default serves the /usr/doc directory
21631| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
21632| [697] Apache HTTP server beck exploit
21633| [331] Apache cookies buffer overflow
21634|
21635| Exploit-DB - https://www.exploit-db.com:
21636| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
21637| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
21638| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
21639| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
21640| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
21641| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
21642| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
21643| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
21644| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
21645| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
21646| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
21647| [29859] Apache Roller OGNL Injection
21648| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
21649| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
21650| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
21651| [29290] Apache / PHP 5.x Remote Code Execution Exploit
21652| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
21653| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
21654| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
21655| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
21656| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
21657| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
21658| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
21659| [27096] Apache Geronimo 1.0 Error Page XSS
21660| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
21661| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
21662| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
21663| [25986] Plesk Apache Zeroday Remote Exploit
21664| [25980] Apache Struts includeParams Remote Code Execution
21665| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
21666| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
21667| [24874] Apache Struts ParametersInterceptor Remote Code Execution
21668| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
21669| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
21670| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
21671| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
21672| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
21673| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
21674| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
21675| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
21676| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
21677| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
21678| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
21679| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
21680| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
21681| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
21682| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
21683| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
21684| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
21685| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
21686| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
21687| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
21688| [21719] Apache 2.0 Path Disclosure Vulnerability
21689| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
21690| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
21691| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
21692| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
21693| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
21694| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
21695| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
21696| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
21697| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
21698| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
21699| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
21700| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
21701| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
21702| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
21703| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
21704| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
21705| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
21706| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
21707| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
21708| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
21709| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
21710| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
21711| [20558] Apache 1.2 Web Server DoS Vulnerability
21712| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
21713| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
21714| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
21715| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
21716| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
21717| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
21718| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
21719| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
21720| [19231] PHP apache_request_headers Function Buffer Overflow
21721| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
21722| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
21723| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
21724| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
21725| [18442] Apache httpOnly Cookie Disclosure
21726| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
21727| [18221] Apache HTTP Server Denial of Service
21728| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
21729| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
21730| [17691] Apache Struts < 2.2.0 - Remote Command Execution
21731| [16798] Apache mod_jk 1.2.20 Buffer Overflow
21732| [16782] Apache Win32 Chunked Encoding
21733| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
21734| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
21735| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
21736| [15319] Apache 2.2 (Windows) Local Denial of Service
21737| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
21738| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21739| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
21740| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
21741| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
21742| [12330] Apache OFBiz - Multiple XSS
21743| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
21744| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
21745| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
21746| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
21747| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
21748| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
21749| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
21750| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
21751| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21752| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
21753| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
21754| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
21755| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
21756| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
21757| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
21758| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
21759| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
21760| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
21761| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
21762| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
21763| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
21764| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
21765| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
21766| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
21767| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
21768| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
21769| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
21770| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
21771| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
21772| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
21773| [466] htpasswd Apache 1.3.31 - Local Exploit
21774| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
21775| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
21776| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
21777| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
21778| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
21779| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
21780| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
21781| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
21782| [9] Apache HTTP Server 2.x Memory Leak Exploit
21783|
21784| OpenVAS (Nessus) - http://www.openvas.org:
21785| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
21786| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
21787| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
21788| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
21789| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
21790| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
21791| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
21792| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
21793| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
21794| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
21795| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
21796| [900571] Apache APR-Utils Version Detection
21797| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
21798| [900496] Apache Tiles Multiple XSS Vulnerability
21799| [900493] Apache Tiles Version Detection
21800| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
21801| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
21802| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
21803| [870175] RedHat Update for apache RHSA-2008:0004-01
21804| [864591] Fedora Update for apache-poi FEDORA-2012-10835
21805| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
21806| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
21807| [864250] Fedora Update for apache-poi FEDORA-2012-7683
21808| [864249] Fedora Update for apache-poi FEDORA-2012-7686
21809| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
21810| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
21811| [855821] Solaris Update for Apache 1.3 122912-19
21812| [855812] Solaris Update for Apache 1.3 122911-19
21813| [855737] Solaris Update for Apache 1.3 122911-17
21814| [855731] Solaris Update for Apache 1.3 122912-17
21815| [855695] Solaris Update for Apache 1.3 122911-16
21816| [855645] Solaris Update for Apache 1.3 122912-16
21817| [855587] Solaris Update for kernel update and Apache 108529-29
21818| [855566] Solaris Update for Apache 116973-07
21819| [855531] Solaris Update for Apache 116974-07
21820| [855524] Solaris Update for Apache 2 120544-14
21821| [855494] Solaris Update for Apache 1.3 122911-15
21822| [855478] Solaris Update for Apache Security 114145-11
21823| [855472] Solaris Update for Apache Security 113146-12
21824| [855179] Solaris Update for Apache 1.3 122912-15
21825| [855147] Solaris Update for kernel update and Apache 108528-29
21826| [855077] Solaris Update for Apache 2 120543-14
21827| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
21828| [850088] SuSE Update for apache2 SUSE-SA:2007:061
21829| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
21830| [841209] Ubuntu Update for apache2 USN-1627-1
21831| [840900] Ubuntu Update for apache2 USN-1368-1
21832| [840798] Ubuntu Update for apache2 USN-1259-1
21833| [840734] Ubuntu Update for apache2 USN-1199-1
21834| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
21835| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
21836| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
21837| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
21838| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
21839| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
21840| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
21841| [835253] HP-UX Update for Apache Web Server HPSBUX02645
21842| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
21843| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
21844| [835236] HP-UX Update for Apache with PHP HPSBUX02543
21845| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
21846| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
21847| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
21848| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
21849| [835188] HP-UX Update for Apache HPSBUX02308
21850| [835181] HP-UX Update for Apache With PHP HPSBUX02332
21851| [835180] HP-UX Update for Apache with PHP HPSBUX02342
21852| [835172] HP-UX Update for Apache HPSBUX02365
21853| [835168] HP-UX Update for Apache HPSBUX02313
21854| [835148] HP-UX Update for Apache HPSBUX01064
21855| [835139] HP-UX Update for Apache with PHP HPSBUX01090
21856| [835131] HP-UX Update for Apache HPSBUX00256
21857| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
21858| [835104] HP-UX Update for Apache HPSBUX00224
21859| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
21860| [835101] HP-UX Update for Apache HPSBUX01232
21861| [835080] HP-UX Update for Apache HPSBUX02273
21862| [835078] HP-UX Update for ApacheStrong HPSBUX00255
21863| [835044] HP-UX Update for Apache HPSBUX01019
21864| [835040] HP-UX Update for Apache PHP HPSBUX00207
21865| [835025] HP-UX Update for Apache HPSBUX00197
21866| [835023] HP-UX Update for Apache HPSBUX01022
21867| [835022] HP-UX Update for Apache HPSBUX02292
21868| [835005] HP-UX Update for Apache HPSBUX02262
21869| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
21870| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
21871| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
21872| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
21873| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
21874| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
21875| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
21876| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
21877| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
21878| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
21879| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
21880| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
21881| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
21882| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
21883| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
21884| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
21885| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
21886| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
21887| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
21888| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
21889| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
21890| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
21891| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
21892| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
21893| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
21894| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
21895| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
21896| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
21897| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
21898| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
21899| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
21900| [801942] Apache Archiva Multiple Vulnerabilities
21901| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
21902| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
21903| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
21904| [801284] Apache Derby Information Disclosure Vulnerability
21905| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
21906| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
21907| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
21908| [800680] Apache APR Version Detection
21909| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
21910| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
21911| [800677] Apache Roller Version Detection
21912| [800279] Apache mod_jk Module Version Detection
21913| [800278] Apache Struts Cross Site Scripting Vulnerability
21914| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
21915| [800276] Apache Struts Version Detection
21916| [800271] Apache Struts Directory Traversal Vulnerability
21917| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
21918| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
21919| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
21920| [103122] Apache Web Server ETag Header Information Disclosure Weakness
21921| [103074] Apache Continuum Cross Site Scripting Vulnerability
21922| [103073] Apache Continuum Detection
21923| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
21924| [101023] Apache Open For Business Weak Password security check
21925| [101020] Apache Open For Business HTML injection vulnerability
21926| [101019] Apache Open For Business service detection
21927| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
21928| [100923] Apache Archiva Detection
21929| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
21930| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
21931| [100813] Apache Axis2 Detection
21932| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
21933| [100795] Apache Derby Detection
21934| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
21935| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
21936| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
21937| [100514] Apache Multiple Security Vulnerabilities
21938| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
21939| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
21940| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
21941| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
21942| [72626] Debian Security Advisory DSA 2579-1 (apache2)
21943| [72612] FreeBSD Ports: apache22
21944| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
21945| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
21946| [71512] FreeBSD Ports: apache
21947| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
21948| [71256] Debian Security Advisory DSA 2452-1 (apache2)
21949| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
21950| [70737] FreeBSD Ports: apache
21951| [70724] Debian Security Advisory DSA 2405-1 (apache2)
21952| [70600] FreeBSD Ports: apache
21953| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
21954| [70235] Debian Security Advisory DSA 2298-2 (apache2)
21955| [70233] Debian Security Advisory DSA 2298-1 (apache2)
21956| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
21957| [69338] Debian Security Advisory DSA 2202-1 (apache2)
21958| [67868] FreeBSD Ports: apache
21959| [66816] FreeBSD Ports: apache
21960| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
21961| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
21962| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
21963| [66081] SLES11: Security update for Apache 2
21964| [66074] SLES10: Security update for Apache 2
21965| [66070] SLES9: Security update for Apache 2
21966| [65998] SLES10: Security update for apache2-mod_python
21967| [65893] SLES10: Security update for Apache 2
21968| [65888] SLES10: Security update for Apache 2
21969| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
21970| [65510] SLES9: Security update for Apache 2
21971| [65472] SLES9: Security update for Apache
21972| [65467] SLES9: Security update for Apache
21973| [65450] SLES9: Security update for apache2
21974| [65390] SLES9: Security update for Apache2
21975| [65363] SLES9: Security update for Apache2
21976| [65309] SLES9: Security update for Apache and mod_ssl
21977| [65296] SLES9: Security update for webdav apache module
21978| [65283] SLES9: Security update for Apache2
21979| [65249] SLES9: Security update for Apache 2
21980| [65230] SLES9: Security update for Apache 2
21981| [65228] SLES9: Security update for Apache 2
21982| [65212] SLES9: Security update for apache2-mod_python
21983| [65209] SLES9: Security update for apache2-worker
21984| [65207] SLES9: Security update for Apache 2
21985| [65168] SLES9: Security update for apache2-mod_python
21986| [65142] SLES9: Security update for Apache2
21987| [65136] SLES9: Security update for Apache 2
21988| [65132] SLES9: Security update for apache
21989| [65131] SLES9: Security update for Apache 2 oes/CORE
21990| [65113] SLES9: Security update for apache2
21991| [65072] SLES9: Security update for apache and mod_ssl
21992| [65017] SLES9: Security update for Apache 2
21993| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
21994| [64783] FreeBSD Ports: apache
21995| [64774] Ubuntu USN-802-2 (apache2)
21996| [64653] Ubuntu USN-813-2 (apache2)
21997| [64559] Debian Security Advisory DSA 1834-2 (apache2)
21998| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
21999| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
22000| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
22001| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
22002| [64443] Ubuntu USN-802-1 (apache2)
22003| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
22004| [64423] Debian Security Advisory DSA 1834-1 (apache2)
22005| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
22006| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
22007| [64251] Debian Security Advisory DSA 1816-1 (apache2)
22008| [64201] Ubuntu USN-787-1 (apache2)
22009| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
22010| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
22011| [63565] FreeBSD Ports: apache
22012| [63562] Ubuntu USN-731-1 (apache2)
22013| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
22014| [61185] FreeBSD Ports: apache
22015| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
22016| [60387] Slackware Advisory SSA:2008-045-02 apache
22017| [58826] FreeBSD Ports: apache-tomcat
22018| [58825] FreeBSD Ports: apache-tomcat
22019| [58804] FreeBSD Ports: apache
22020| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
22021| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
22022| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
22023| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
22024| [57335] Debian Security Advisory DSA 1167-1 (apache)
22025| [57201] Debian Security Advisory DSA 1131-1 (apache)
22026| [57200] Debian Security Advisory DSA 1132-1 (apache2)
22027| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
22028| [57145] FreeBSD Ports: apache
22029| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
22030| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
22031| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
22032| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
22033| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
22034| [56067] FreeBSD Ports: apache
22035| [55803] Slackware Advisory SSA:2005-310-04 apache
22036| [55519] Debian Security Advisory DSA 839-1 (apachetop)
22037| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
22038| [55355] FreeBSD Ports: apache
22039| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
22040| [55261] Debian Security Advisory DSA 805-1 (apache2)
22041| [55259] Debian Security Advisory DSA 803-1 (apache)
22042| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
22043| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
22044| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
22045| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
22046| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
22047| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
22048| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
22049| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
22050| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
22051| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
22052| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
22053| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
22054| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
22055| [54439] FreeBSD Ports: apache
22056| [53931] Slackware Advisory SSA:2004-133-01 apache
22057| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
22058| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
22059| [53878] Slackware Advisory SSA:2003-308-01 apache security update
22060| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
22061| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
22062| [53848] Debian Security Advisory DSA 131-1 (apache)
22063| [53784] Debian Security Advisory DSA 021-1 (apache)
22064| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
22065| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
22066| [53735] Debian Security Advisory DSA 187-1 (apache)
22067| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
22068| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
22069| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
22070| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
22071| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
22072| [53282] Debian Security Advisory DSA 594-1 (apache)
22073| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
22074| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
22075| [53215] Debian Security Advisory DSA 525-1 (apache)
22076| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
22077| [52529] FreeBSD Ports: apache+ssl
22078| [52501] FreeBSD Ports: apache
22079| [52461] FreeBSD Ports: apache
22080| [52390] FreeBSD Ports: apache
22081| [52389] FreeBSD Ports: apache
22082| [52388] FreeBSD Ports: apache
22083| [52383] FreeBSD Ports: apache
22084| [52339] FreeBSD Ports: apache+mod_ssl
22085| [52331] FreeBSD Ports: apache
22086| [52329] FreeBSD Ports: ru-apache+mod_ssl
22087| [52314] FreeBSD Ports: apache
22088| [52310] FreeBSD Ports: apache
22089| [15588] Detect Apache HTTPS
22090| [15555] Apache mod_proxy content-length buffer overflow
22091| [15554] Apache mod_include priviledge escalation
22092| [14771] Apache <= 1.3.33 htpasswd local overflow
22093| [14177] Apache mod_access rule bypass
22094| [13644] Apache mod_rootme Backdoor
22095| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
22096| [12280] Apache Connection Blocking Denial of Service
22097| [12239] Apache Error Log Escape Sequence Injection
22098| [12123] Apache Tomcat source.jsp malformed request information disclosure
22099| [12085] Apache Tomcat servlet/JSP container default files
22100| [11438] Apache Tomcat Directory Listing and File disclosure
22101| [11204] Apache Tomcat Default Accounts
22102| [11092] Apache 2.0.39 Win32 directory traversal
22103| [11046] Apache Tomcat TroubleShooter Servlet Installed
22104| [11042] Apache Tomcat DOS Device Name XSS
22105| [11041] Apache Tomcat /servlet Cross Site Scripting
22106| [10938] Apache Remote Command Execution via .bat files
22107| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
22108| [10773] MacOS X Finder reveals contents of Apache Web files
22109| [10766] Apache UserDir Sensitive Information Disclosure
22110| [10756] MacOS X Finder reveals contents of Apache Web directories
22111| [10752] Apache Auth Module SQL Insertion Attack
22112| [10704] Apache Directory Listing
22113| [10678] Apache /server-info accessible
22114| [10677] Apache /server-status accessible
22115| [10440] Check for Apache Multiple / vulnerability
22116|
22117| SecurityTracker - https://www.securitytracker.com:
22118| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
22119| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
22120| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
22121| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
22122| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
22123| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
22124| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
22125| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
22126| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
22127| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
22128| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
22129| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
22130| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
22131| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
22132| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
22133| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
22134| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
22135| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
22136| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
22137| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
22138| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
22139| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
22140| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
22141| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
22142| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
22143| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
22144| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
22145| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
22146| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
22147| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
22148| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
22149| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
22150| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
22151| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
22152| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
22153| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
22154| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
22155| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
22156| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
22157| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
22158| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
22159| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
22160| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
22161| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
22162| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
22163| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
22164| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
22165| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
22166| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
22167| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
22168| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
22169| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
22170| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
22171| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
22172| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
22173| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
22174| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
22175| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
22176| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
22177| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
22178| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
22179| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
22180| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
22181| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
22182| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
22183| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
22184| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
22185| [1024096] Apache mod_proxy_http May Return Results for a Different Request
22186| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
22187| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
22188| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
22189| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
22190| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
22191| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
22192| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
22193| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
22194| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
22195| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
22196| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
22197| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
22198| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
22199| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
22200| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
22201| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
22202| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
22203| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
22204| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
22205| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
22206| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
22207| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
22208| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
22209| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
22210| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
22211| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
22212| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
22213| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
22214| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
22215| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
22216| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
22217| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
22218| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
22219| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
22220| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
22221| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
22222| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
22223| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
22224| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
22225| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
22226| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
22227| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
22228| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
22229| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
22230| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
22231| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
22232| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
22233| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
22234| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
22235| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
22236| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
22237| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
22238| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
22239| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
22240| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
22241| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
22242| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
22243| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
22244| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
22245| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
22246| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
22247| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
22248| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
22249| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
22250| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
22251| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
22252| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
22253| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
22254| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
22255| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
22256| [1008920] Apache mod_digest May Validate Replayed Client Responses
22257| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
22258| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
22259| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
22260| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
22261| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
22262| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
22263| [1008030] Apache mod_rewrite Contains a Buffer Overflow
22264| [1008029] Apache mod_alias Contains a Buffer Overflow
22265| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
22266| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
22267| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
22268| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
22269| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
22270| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
22271| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
22272| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
22273| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
22274| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
22275| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
22276| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
22277| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
22278| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
22279| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
22280| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
22281| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
22282| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
22283| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
22284| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
22285| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
22286| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
22287| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
22288| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
22289| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
22290| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
22291| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
22292| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
22293| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
22294| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
22295| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
22296| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
22297| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
22298| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
22299| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
22300| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
22301| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
22302| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
22303| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22304| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
22305| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
22306| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
22307| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
22308| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
22309| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
22310| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
22311| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
22312| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
22313| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
22314| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
22315| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
22316| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
22317| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
22318| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
22319| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
22320| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
22321|
22322| OSVDB - http://www.osvdb.org:
22323| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
22324| [96077] Apache CloudStack Global Settings Multiple Field XSS
22325| [96076] Apache CloudStack Instances Menu Display Name Field XSS
22326| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
22327| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
22328| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
22329| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
22330| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
22331| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
22332| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
22333| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
22334| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
22335| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22336| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
22337| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
22338| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
22339| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
22340| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
22341| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
22342| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
22343| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
22344| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
22345| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
22346| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
22347| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
22348| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
22349| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
22350| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
22351| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
22352| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
22353| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
22354| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
22355| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
22356| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
22357| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
22358| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
22359| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
22360| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
22361| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
22362| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
22363| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
22364| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
22365| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
22366| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
22367| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
22368| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
22369| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
22370| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
22371| [94279] Apache Qpid CA Certificate Validation Bypass
22372| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
22373| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
22374| [94042] Apache Axis JAX-WS Java Unspecified Exposure
22375| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
22376| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
22377| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
22378| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
22379| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
22380| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
22381| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
22382| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
22383| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
22384| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
22385| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
22386| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
22387| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
22388| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
22389| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
22390| [93541] Apache Solr json.wrf Callback XSS
22391| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
22392| [93521] Apache jUDDI Security API Token Session Persistence Weakness
22393| [93520] Apache CloudStack Default SSL Key Weakness
22394| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
22395| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
22396| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
22397| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
22398| [93515] Apache HBase table.jsp name Parameter XSS
22399| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
22400| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
22401| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
22402| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
22403| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
22404| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
22405| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
22406| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
22407| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
22408| [93252] Apache Tomcat FORM Authenticator Session Fixation
22409| [93172] Apache Camel camel/endpoints/ Endpoint XSS
22410| [93171] Apache Sling HtmlResponse Error Message XSS
22411| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
22412| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
22413| [93168] Apache Click ErrorReport.java id Parameter XSS
22414| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
22415| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
22416| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
22417| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
22418| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
22419| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
22420| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
22421| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
22422| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
22423| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
22424| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
22425| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
22426| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
22427| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
22428| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
22429| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
22430| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
22431| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
22432| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
22433| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
22434| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
22435| [93144] Apache Solr Admin Command Execution CSRF
22436| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
22437| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
22438| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
22439| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
22440| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
22441| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
22442| [92748] Apache CloudStack VM Console Access Restriction Bypass
22443| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
22444| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
22445| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
22446| [92706] Apache ActiveMQ Debug Log Rendering XSS
22447| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
22448| [92270] Apache Tomcat Unspecified CSRF
22449| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
22450| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
22451| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
22452| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
22453| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
22454| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
22455| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
22456| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
22457| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
22458| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
22459| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
22460| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
22461| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
22462| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
22463| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
22464| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
22465| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
22466| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
22467| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
22468| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
22469| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
22470| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
22471| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
22472| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
22473| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
22474| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
22475| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
22476| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
22477| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
22478| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
22479| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
22480| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
22481| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
22482| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
22483| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
22484| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
22485| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
22486| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
22487| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
22488| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
22489| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
22490| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
22491| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
22492| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
22493| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
22494| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
22495| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
22496| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
22497| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
22498| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
22499| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
22500| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
22501| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
22502| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
22503| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
22504| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
22505| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
22506| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
22507| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
22508| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
22509| [86901] Apache Tomcat Error Message Path Disclosure
22510| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
22511| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
22512| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
22513| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
22514| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
22515| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
22516| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
22517| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
22518| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
22519| [85430] Apache mod_pagespeed Module Unspecified XSS
22520| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
22521| [85249] Apache Wicket Unspecified XSS
22522| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
22523| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
22524| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
22525| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
22526| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
22527| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
22528| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
22529| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
22530| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
22531| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
22532| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
22533| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
22534| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
22535| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
22536| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
22537| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
22538| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
22539| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
22540| [83339] Apache Roller Blogger Roll Unspecified XSS
22541| [83270] Apache Roller Unspecified Admin Action CSRF
22542| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
22543| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
22544| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
22545| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
22546| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
22547| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
22548| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
22549| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
22550| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
22551| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
22552| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
22553| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
22554| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
22555| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
22556| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
22557| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
22558| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
22559| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
22560| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
22561| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
22562| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
22563| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
22564| [80300] Apache Wicket wicket:pageMapName Parameter XSS
22565| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
22566| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
22567| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
22568| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
22569| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
22570| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
22571| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
22572| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
22573| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
22574| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
22575| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
22576| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
22577| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
22578| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
22579| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
22580| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
22581| [78331] Apache Tomcat Request Object Recycling Information Disclosure
22582| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
22583| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
22584| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
22585| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
22586| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
22587| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
22588| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
22589| [77593] Apache Struts Conversion Error OGNL Expression Injection
22590| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
22591| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
22592| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
22593| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
22594| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
22595| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
22596| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
22597| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
22598| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
22599| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
22600| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
22601| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
22602| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
22603| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
22604| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
22605| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
22606| [74725] Apache Wicket Multi Window Support Unspecified XSS
22607| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
22608| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
22609| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
22610| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
22611| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
22612| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
22613| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
22614| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
22615| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
22616| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
22617| [73644] Apache XML Security Signature Key Parsing Overflow DoS
22618| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
22619| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
22620| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
22621| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
22622| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
22623| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
22624| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
22625| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
22626| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
22627| [73154] Apache Archiva Multiple Unspecified CSRF
22628| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
22629| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
22630| [72238] Apache Struts Action / Method Names <
22631| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
22632| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
22633| [71557] Apache Tomcat HTML Manager Multiple XSS
22634| [71075] Apache Archiva User Management Page XSS
22635| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
22636| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
22637| [70924] Apache Continuum Multiple Admin Function CSRF
22638| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
22639| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
22640| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
22641| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
22642| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
22643| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
22644| [69520] Apache Archiva Administrator Credential Manipulation CSRF
22645| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
22646| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
22647| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
22648| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
22649| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
22650| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
22651| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
22652| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
22653| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
22654| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
22655| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
22656| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
22657| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
22658| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
22659| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
22660| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
22661| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
22662| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
22663| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
22664| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
22665| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
22666| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
22667| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
22668| [65054] Apache ActiveMQ Jetty Error Handler XSS
22669| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
22670| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
22671| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
22672| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
22673| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
22674| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
22675| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
22676| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
22677| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
22678| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
22679| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
22680| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
22681| [63895] Apache HTTP Server mod_headers Unspecified Issue
22682| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
22683| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
22684| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
22685| [63140] Apache Thrift Service Malformed Data Remote DoS
22686| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
22687| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
22688| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
22689| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
22690| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
22691| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
22692| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
22693| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
22694| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
22695| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
22696| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
22697| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
22698| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
22699| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
22700| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
22701| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
22702| [60678] Apache Roller Comment Email Notification Manipulation DoS
22703| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
22704| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
22705| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
22706| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
22707| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
22708| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
22709| [60232] PHP on Apache php.exe Direct Request Remote DoS
22710| [60176] Apache Tomcat Windows Installer Admin Default Password
22711| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
22712| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
22713| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
22714| [59944] Apache Hadoop jobhistory.jsp XSS
22715| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
22716| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
22717| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
22718| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
22719| [59019] Apache mod_python Cookie Salting Weakness
22720| [59018] Apache Harmony Error Message Handling Overflow
22721| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
22722| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
22723| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
22724| [59010] Apache Solr get-file.jsp XSS
22725| [59009] Apache Solr action.jsp XSS
22726| [59008] Apache Solr analysis.jsp XSS
22727| [59007] Apache Solr schema.jsp Multiple Parameter XSS
22728| [59006] Apache Beehive select / checkbox Tag XSS
22729| [59005] Apache Beehive jpfScopeID Global Parameter XSS
22730| [59004] Apache Beehive Error Message XSS
22731| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
22732| [59002] Apache Jetspeed default-page.psml URI XSS
22733| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
22734| [59000] Apache CXF Unsigned Message Policy Bypass
22735| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
22736| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
22737| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
22738| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
22739| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
22740| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
22741| [58993] Apache Hadoop browseBlock.jsp XSS
22742| [58991] Apache Hadoop browseDirectory.jsp XSS
22743| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
22744| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
22745| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
22746| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
22747| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
22748| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
22749| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
22750| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
22751| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
22752| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
22753| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
22754| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
22755| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
22756| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
22757| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
22758| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
22759| [58974] Apache Sling /apps Script User Session Management Access Weakness
22760| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
22761| [58931] Apache Geronimo Cookie Parameters Validation Weakness
22762| [58930] Apache Xalan-C++ XPath Handling Remote DoS
22763| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
22764| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
22765| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
22766| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
22767| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
22768| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
22769| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
22770| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
22771| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
22772| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
22773| [58805] Apache Derby Unauthenticated Database / Admin Access
22774| [58804] Apache Wicket Header Contribution Unspecified Issue
22775| [58803] Apache Wicket Session Fixation
22776| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
22777| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
22778| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
22779| [58799] Apache Tapestry Logging Cleartext Password Disclosure
22780| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
22781| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
22782| [58796] Apache Jetspeed Unsalted Password Storage Weakness
22783| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
22784| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
22785| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
22786| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
22787| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
22788| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
22789| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
22790| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
22791| [58775] Apache JSPWiki preview.jsp action Parameter XSS
22792| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22793| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
22794| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
22795| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
22796| [58770] Apache JSPWiki Group.jsp group Parameter XSS
22797| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
22798| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
22799| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
22800| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
22801| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
22802| [58763] Apache JSPWiki Include Tag Multiple Script XSS
22803| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
22804| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
22805| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
22806| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
22807| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
22808| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
22809| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
22810| [58755] Apache Harmony DRLVM Non-public Class Member Access
22811| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
22812| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
22813| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
22814| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
22815| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
22816| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
22817| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
22818| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
22819| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
22820| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
22821| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
22822| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
22823| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
22824| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
22825| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
22826| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
22827| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
22828| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
22829| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
22830| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
22831| [58725] Apache Tapestry Basic String ACL Bypass Weakness
22832| [58724] Apache Roller Logout Functionality Failure Session Persistence
22833| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
22834| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
22835| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
22836| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
22837| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
22838| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
22839| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
22840| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
22841| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
22842| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
22843| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
22844| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
22845| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
22846| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
22847| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
22848| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
22849| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
22850| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
22851| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
22852| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
22853| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
22854| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
22855| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
22856| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
22857| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
22858| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
22859| [58687] Apache Axis Invalid wsdl Request XSS
22860| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
22861| [58685] Apache Velocity Template Designer Privileged Code Execution
22862| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
22863| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
22864| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
22865| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
22866| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
22867| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
22868| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
22869| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
22870| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
22871| [58667] Apache Roller Database Cleartext Passwords Disclosure
22872| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
22873| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
22874| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
22875| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
22876| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
22877| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
22878| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
22879| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
22880| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
22881| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
22882| [56984] Apache Xerces2 Java Malformed XML Input DoS
22883| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
22884| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
22885| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
22886| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
22887| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
22888| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
22889| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
22890| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
22891| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
22892| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
22893| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
22894| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
22895| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
22896| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
22897| [55056] Apache Tomcat Cross-application TLD File Manipulation
22898| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
22899| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
22900| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
22901| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
22902| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
22903| [54589] Apache Jserv Nonexistent JSP Request XSS
22904| [54122] Apache Struts s:a / s:url Tag href Element XSS
22905| [54093] Apache ActiveMQ Web Console JMS Message XSS
22906| [53932] Apache Geronimo Multiple Admin Function CSRF
22907| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
22908| [53930] Apache Geronimo /console/portal/ URI XSS
22909| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
22910| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
22911| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
22912| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
22913| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
22914| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
22915| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
22916| [53380] Apache Struts Unspecified XSS
22917| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
22918| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
22919| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
22920| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
22921| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
22922| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
22923| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
22924| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
22925| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
22926| [51151] Apache Roller Search Function q Parameter XSS
22927| [50482] PHP with Apache php_value Order Unspecified Issue
22928| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
22929| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
22930| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
22931| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
22932| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
22933| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
22934| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
22935| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
22936| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
22937| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
22938| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
22939| [47096] Oracle Weblogic Apache Connector POST Request Overflow
22940| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
22941| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
22942| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
22943| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
22944| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
22945| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
22946| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
22947| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
22948| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
22949| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
22950| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
22951| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
22952| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
22953| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
22954| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
22955| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
22956| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
22957| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
22958| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
22959| [43452] Apache Tomcat HTTP Request Smuggling
22960| [43309] Apache Geronimo LoginModule Login Method Bypass
22961| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
22962| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
22963| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
22964| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
22965| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
22966| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
22967| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
22968| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
22969| [42091] Apache Maven Site Plugin Installation Permission Weakness
22970| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
22971| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
22972| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
22973| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
22974| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
22975| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
22976| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
22977| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
22978| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
22979| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
22980| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
22981| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
22982| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
22983| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
22984| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
22985| [40262] Apache HTTP Server mod_status refresh XSS
22986| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
22987| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
22988| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
22989| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
22990| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
22991| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
22992| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
22993| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
22994| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
22995| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
22996| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
22997| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
22998| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
22999| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
23000| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
23001| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
23002| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
23003| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
23004| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
23005| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
23006| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
23007| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
23008| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
23009| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
23010| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
23011| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
23012| [36080] Apache Tomcat JSP Examples Crafted URI XSS
23013| [36079] Apache Tomcat Manager Uploaded Filename XSS
23014| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
23015| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
23016| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
23017| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
23018| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
23019| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
23020| [34881] Apache Tomcat Malformed Accept-Language Header XSS
23021| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
23022| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
23023| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
23024| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
23025| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
23026| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
23027| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
23028| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
23029| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
23030| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
23031| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
23032| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
23033| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
23034| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
23035| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
23036| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
23037| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
23038| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
23039| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
23040| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
23041| [32724] Apache mod_python _filter_read Freed Memory Disclosure
23042| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
23043| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
23044| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
23045| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
23046| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
23047| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
23048| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
23049| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
23050| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
23051| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
23052| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
23053| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
23054| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
23055| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
23056| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
23057| [24365] Apache Struts Multiple Function Error Message XSS
23058| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
23059| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
23060| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
23061| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
23062| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
23063| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
23064| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
23065| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
23066| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
23067| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
23068| [22459] Apache Geronimo Error Page XSS
23069| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
23070| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
23071| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
23072| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
23073| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
23074| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
23075| [21021] Apache Struts Error Message XSS
23076| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
23077| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
23078| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
23079| [20439] Apache Tomcat Directory Listing Saturation DoS
23080| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
23081| [20285] Apache HTTP Server Log File Control Character Injection
23082| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
23083| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
23084| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
23085| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
23086| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
23087| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
23088| [19821] Apache Tomcat Malformed Post Request Information Disclosure
23089| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
23090| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
23091| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
23092| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
23093| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
23094| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
23095| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
23096| [18233] Apache HTTP Server htdigest user Variable Overfow
23097| [17738] Apache HTTP Server HTTP Request Smuggling
23098| [16586] Apache HTTP Server Win32 GET Overflow DoS
23099| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
23100| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
23101| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
23102| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
23103| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
23104| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
23105| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
23106| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
23107| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
23108| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
23109| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
23110| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
23111| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
23112| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
23113| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
23114| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
23115| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
23116| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
23117| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
23118| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
23119| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
23120| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
23121| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
23122| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
23123| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
23124| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
23125| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
23126| [13304] Apache Tomcat realPath.jsp Path Disclosure
23127| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
23128| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
23129| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
23130| [12848] Apache HTTP Server htdigest realm Variable Overflow
23131| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
23132| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
23133| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
23134| [12557] Apache HTTP Server prefork MPM accept Error DoS
23135| [12233] Apache Tomcat MS-DOS Device Name Request DoS
23136| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
23137| [12231] Apache Tomcat web.xml Arbitrary File Access
23138| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
23139| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
23140| [12178] Apache Jakarta Lucene results.jsp XSS
23141| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
23142| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
23143| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
23144| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
23145| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
23146| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
23147| [10471] Apache Xerces-C++ XML Parser DoS
23148| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
23149| [10068] Apache HTTP Server htpasswd Local Overflow
23150| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
23151| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
23152| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
23153| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
23154| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
23155| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
23156| [9717] Apache HTTP Server mod_cookies Cookie Overflow
23157| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
23158| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
23159| [9714] Apache Authentication Module Threaded MPM DoS
23160| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
23161| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
23162| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
23163| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
23164| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
23165| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
23166| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
23167| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
23168| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
23169| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
23170| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
23171| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
23172| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
23173| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
23174| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
23175| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
23176| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
23177| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
23178| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
23179| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
23180| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
23181| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
23182| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
23183| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
23184| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
23185| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
23186| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
23187| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
23188| [9208] Apache Tomcat .jsp Encoded Newline XSS
23189| [9204] Apache Tomcat ROOT Application XSS
23190| [9203] Apache Tomcat examples Application XSS
23191| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
23192| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
23193| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
23194| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
23195| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
23196| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
23197| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
23198| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
23199| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
23200| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
23201| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
23202| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
23203| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
23204| [7611] Apache HTTP Server mod_alias Local Overflow
23205| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
23206| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
23207| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
23208| [6882] Apache mod_python Malformed Query String Variant DoS
23209| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
23210| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
23211| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
23212| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
23213| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
23214| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
23215| [5526] Apache Tomcat Long .JSP URI Path Disclosure
23216| [5278] Apache Tomcat web.xml Restriction Bypass
23217| [5051] Apache Tomcat Null Character DoS
23218| [4973] Apache Tomcat servlet Mapping XSS
23219| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
23220| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
23221| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
23222| [4568] mod_survey For Apache ENV Tags SQL Injection
23223| [4553] Apache HTTP Server ApacheBench Overflow DoS
23224| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
23225| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
23226| [4383] Apache HTTP Server Socket Race Condition DoS
23227| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
23228| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
23229| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
23230| [4231] Apache Cocoon Error Page Server Path Disclosure
23231| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
23232| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
23233| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
23234| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
23235| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
23236| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
23237| [3322] mod_php for Apache HTTP Server Process Hijack
23238| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
23239| [2885] Apache mod_python Malformed Query String DoS
23240| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
23241| [2733] Apache HTTP Server mod_rewrite Local Overflow
23242| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
23243| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
23244| [2149] Apache::Gallery Privilege Escalation
23245| [2107] Apache HTTP Server mod_ssl Host: Header XSS
23246| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
23247| [1833] Apache HTTP Server Multiple Slash GET Request DoS
23248| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
23249| [872] Apache Tomcat Multiple Default Accounts
23250| [862] Apache HTTP Server SSI Error Page XSS
23251| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
23252| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
23253| [845] Apache Tomcat MSDOS Device XSS
23254| [844] Apache Tomcat Java Servlet Error Page XSS
23255| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
23256| [838] Apache HTTP Server Chunked Encoding Remote Overflow
23257| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
23258| [775] Apache mod_python Module Importing Privilege Function Execution
23259| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
23260| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
23261| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
23262| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
23263| [637] Apache HTTP Server UserDir Directive Username Enumeration
23264| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
23265| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
23266| [562] Apache HTTP Server mod_info /server-info Information Disclosure
23267| [561] Apache Web Servers mod_status /server-status Information Disclosure
23268| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
23269| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
23270| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
23271| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
23272| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
23273| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
23274| [376] Apache Tomcat contextAdmin Arbitrary File Access
23275| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
23276| [222] Apache HTTP Server test-cgi Arbitrary File Access
23277| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
23278| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
23279|_
23280445/tcp closed microsoft-ds
23281465/tcp open smtp Postfix smtpd
23282| vulscan: VulDB - https://vuldb.com:
23283| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
23284| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
23285| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
23286| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
23287| [57422] Postfix memory corruption
23288| [56843] Postfix up to 2.7.2 Cleartext weak encryption
23289|
23290| MITRE CVE - https://cve.mitre.org:
23291| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
23292| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
23293| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
23294| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
23295| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
23296| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
23297| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
23298| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
23299| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
23300| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
23301| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
23302| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
23303| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
23304| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
23305| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
23306| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
23307| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
23308| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
23309| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
23310| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
23311|
23312| SecurityFocus - https://www.securityfocus.com/bid/:
23313| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
23314| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
23315| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
23316| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
23317| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
23318| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
23319| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
23320| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
23321| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
23322| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
23323| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
23324| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
23325| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
23326| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
23327| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
23328| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
23329| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
23330| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
23331| [8361] Postfix Connection Proxying Vulnerability
23332| [8333] Multiple Postfix Denial of Service Vulnerabilities
23333| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
23334| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
23335| [3544] Postfix SMTP Log Denial Of Service Vulnerability
23336| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
23337|
23338| IBM X-Force - https://exchange.xforce.ibmcloud.com:
23339| [72752] Postfix Admin multiple parameters SQL injection
23340| [72751] PostfixAdmin multiple parameters cross-site scripting
23341| [67359] Postfix Cyrus SASL library in the SMTP server code execution
23342| [55970] SUSE Linux Enterprise postfix security bypass
23343| [53425] Postfix in Debian and Ubuntu pid symlink
23344| [45876] Apple Mac OS X Postfix configuration file weak security
23345| [44865] Postfix file descriptor denial of service
23346| [44461] Postfix email information disclosure
23347| [44460] Postfix symlink code execution
23348| [22655] RHSA-2005:152 updates for postfix not installed
23349| [19218] Postfix IPv6 mail relay
23350| [18435] SQLgrey Postfix greylisting service SQL injection
23351| [18353] Postfix CRAM-MD5 authentication replay attack
23352| [17998] SQLgrey Postfix greylisting service SQL injection
23353| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
23354| [12816] Postfix MAIL FROM or RCPT TO denial of service
23355| [12815] Postfix could be used as a distributed denial of service tool
23356| [7568] Postfix SMTP log denial of service
23357| [4905] Cyrus with postfix and procmail integration could allow remote command execution
23358|
23359| Exploit-DB - https://www.exploit-db.com:
23360| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
23361| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
23362| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
23363| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
23364| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
23365| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
23366| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
23367| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
23368|
23369| OpenVAS (Nessus) - http://www.openvas.org:
23370| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
23371| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
23372| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
23373| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
23374| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
23375| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
23376| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
23377| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
23378| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
23379| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
23380| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
23381| [870658] RedHat Update for postfix RHSA-2011:0423-01
23382| [870440] RedHat Update for postfix RHSA-2011:0843-01
23383| [870418] RedHat Update for postfix RHSA-2011:0422-01
23384| [870021] RedHat Update for postfix RHSA-2008:0839-01
23385| [863100] Fedora Update for postfix FEDORA-2011-6777
23386| [863097] Fedora Update for postfix FEDORA-2011-6771
23387| [862950] Fedora Update for postfix FEDORA-2011-3394
23388| [862938] Fedora Update for postfix FEDORA-2011-3355
23389| [860510] Fedora Update for postfix FEDORA-2008-8593
23390| [860419] Fedora Update for postfix FEDORA-2008-8595
23391| [850126] SuSE Update for postfix SUSE-SA:2010:011
23392| [850031] SuSE Update for postfix SUSE-SA:2008:040
23393| [840658] Ubuntu Update for postfix USN-1131-1
23394| [840648] Ubuntu Update for postfix USN-1113-1
23395| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
23396| [840190] Ubuntu Update for postfix vulnerability USN-636-1
23397| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
23398| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
23399| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
23400| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
23401| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
23402| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
23403| [70744] FreeBSD Ports: postfixadmin
23404| [69770] FreeBSD Ports: postfix, postfix-base
23405| [69733] Debian Security Advisory DSA 2233-1 (postfix)
23406| [69363] FreeBSD Ports: postfix, postfix-base
23407| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
23408| [65957] SLES10: Security update for Postfix
23409| [65911] SLES10: Security update for Postfix
23410| [65353] SLES9: Security update for Postfix
23411| [65350] SLES9: Security update for postfix
23412| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
23413| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
23414| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
23415| [61435] Debian Security Advisory DSA 1629-2 (postfix)
23416| [61434] Debian Security Advisory DSA 1629-1 (postfix)
23417| [60836] FreeBSD Ports: postfix-policyd-weight
23418| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
23419| [53833] Debian Security Advisory DSA 093-1 (postfix)
23420| [53652] Debian Security Advisory DSA 363-1 (postfix)
23421|
23422| SecurityTracker - https://www.securitytracker.com:
23423| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
23424| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
23425| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
23426| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
23427| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
23428| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
23429| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
23430| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
23431| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
23432|
23433| OSVDB - http://www.osvdb.org:
23434| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
23435| [78567] Postfix Admin backup.php Unspecified SQL Injection
23436| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
23437| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
23438| [78564] Postfix Admin Unspecified XSS
23439| [78563] Postfix Admin edit-alias.php Unspecified XSS
23440| [78562] Postfix Admin create-alias.php Unspecified XSS
23441| [78561] Postfix Admin create-domain.php Unspecified XSS
23442| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
23443| [78559] Postfix Admin templates/menu.php domain Parameter XSS
23444| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
23445| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
23446| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
23447| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
23448| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
23449| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
23450| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
23451| [48108] Postfix epoll File Descriptor Leak Local DoS
23452| [47659] Postfix Cross-user Filename Local Mail Interception
23453| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
23454| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
23455| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
23456| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
23457| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
23458| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
23459| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
23460| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
23461| [10545] Postfix Multiple Mail Header SMTP listener DoS
23462| [10544] Postfix Malformed Envelope Address nqmgr DoS
23463| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
23464| [6551] Postfix Bounce Scan / Packet Amplification DDoS
23465| [1991] Postfix SMTP Log DoS
23466|_
23467587/tcp open smtp Postfix smtpd
23468| vulscan: VulDB - https://vuldb.com:
23469| [108975] Apple macOS up to 10.13.1 Postfix unknown vulnerability
23470| [98314] PostfixAdmin up to 3.0.1 AliasHandler delete.php gen_show_status denial of service
23471| [71720] Postfix up to 2.3.0 backup.php pacrypt sql injection
23472| [12746] Postfix Admin 2.3.6 functions.inc.php sql injection
23473| [57422] Postfix memory corruption
23474| [56843] Postfix up to 2.7.2 Cleartext weak encryption
23475|
23476| MITRE CVE - https://cve.mitre.org:
23477| [CVE-2013-2852] Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
23478| [CVE-2011-1720] The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.
23479| [CVE-2011-0411] The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.
23480| [CVE-2010-0230] SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
23481| [CVE-2009-2939] The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
23482| [CVE-2008-4977] ** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it."
23483| [CVE-2008-3889] Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
23484| [CVE-2008-3646] The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
23485| [CVE-2008-2937] Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
23486| [CVE-2008-2936] Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
23487| [CVE-2007-3791] Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
23488| [CVE-2006-0213] Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.
23489| [CVE-2005-1127] Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
23490| [CVE-2005-0337] Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
23491| [CVE-2004-1113] SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
23492| [CVE-2004-1088] Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
23493| [CVE-2004-0925] Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
23494| [CVE-2003-0540] The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.
23495| [CVE-2003-0468] Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.
23496| [CVE-2001-0894] Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
23497|
23498| SecurityFocus - https://www.securityfocus.com/bid/:
23499| [96142] PostfixAdmin CVE-2017-5930 Session Management Security Bypass Vulnerability
23500| [90814] Postfix Admin Multiple Cross Site Request Forgery Vulnerabilities
23501| [67250] Postfix Arbitrary Content Security Bypass Vulnerability
23502| [66455] Postfix Admin 'functions.inc.php' SQL Injection Vulnerability
23503| [65184] Fail2ban Postfix Filter Remote Denial of Service Vulnerability
23504| [51680] Postfix Admin Multiple SQL Injection and Cross Site Scripting Vulnerabilities
23505| [47778] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
23506| [36469] Debian and Ubuntu Postfix Insecure Temporary File Creation Vulnerability
23507| [31721] Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
23508| [30977] Postfix 'epoll' Linux Event Handler Local Denial of Service Vulnerability
23509| [30691] Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
23510| [13133] Salim Gasmi GLD Postfix Greylisting Daemon Format String Vulnerability
23511| [13129] Salim Gasmi GLD Postfix Greylisting Daemon Buffer Overflow Vulnerability
23512| [12445] Postfix IPv6 Unauthorized Mail Relay Vulnerability
23513| [11898] SQLgrey Postfix Greylisting Service Unspecified SQL Injection Vulnerability
23514| [11633] SQLgrey Postfix Greylisting Service SQL Injection Vulnerability
23515| [11323] Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of Service Vulnerability
23516| [8362] Postfix SMTP Malformed E-mail Envelope Address Denial of Service Vulnerability
23517| [8361] Postfix Connection Proxying Vulnerability
23518| [8333] Multiple Postfix Denial of Service Vulnerabilities
23519| [3638] SuSEConfig.postfix chroot Local DoS Attack Vulnerability
23520| [3637] SuSEConfig.postfix chroot File Ownership Vulnerability
23521| [3544] Postfix SMTP Log Denial Of Service Vulnerability
23522| [1428] cyrus With postfix and Procmail Remote Shell Expansion Vulnerabilities
23523|
23524| IBM X-Force - https://exchange.xforce.ibmcloud.com:
23525| [72752] Postfix Admin multiple parameters SQL injection
23526| [72751] PostfixAdmin multiple parameters cross-site scripting
23527| [67359] Postfix Cyrus SASL library in the SMTP server code execution
23528| [55970] SUSE Linux Enterprise postfix security bypass
23529| [53425] Postfix in Debian and Ubuntu pid symlink
23530| [45876] Apple Mac OS X Postfix configuration file weak security
23531| [44865] Postfix file descriptor denial of service
23532| [44461] Postfix email information disclosure
23533| [44460] Postfix symlink code execution
23534| [22655] RHSA-2005:152 updates for postfix not installed
23535| [19218] Postfix IPv6 mail relay
23536| [18435] SQLgrey Postfix greylisting service SQL injection
23537| [18353] Postfix CRAM-MD5 authentication replay attack
23538| [17998] SQLgrey Postfix greylisting service SQL injection
23539| [17595] Apple Mac OS postfix SMTPD AUTH denial of service
23540| [12816] Postfix MAIL FROM or RCPT TO denial of service
23541| [12815] Postfix could be used as a distributed denial of service tool
23542| [7568] Postfix SMTP log denial of service
23543| [4905] Cyrus with postfix and procmail integration could allow remote command execution
23544|
23545| Exploit-DB - https://www.exploit-db.com:
23546| [25392] Salim Gasmi GLD 1.x Postfix Greylisting Daemon Buffer Overflow Vulnerability
23547| [22982] Postfix 1.1.x Denial of Service Vulnerabilities (2)
23548| [22981] Postfix 1.1.x Denial of Service Vulnerabilities (1)
23549| [16841] GLD (Greylisting Daemon) Postfix Buffer Overflow
23550| [10023] Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow
23551| [6472] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit
23552| [6337] Postfix <= 2.6-20080814 - (symlink) Local Privilege Escalation Exploit
23553| [934] gld 1.4 (Postfix Greylisting Daemon) Remote Format String Exploit
23554|
23555| OpenVAS (Nessus) - http://www.openvas.org:
23556| [902517] Postfix SMTP Server Cyrus SASL Support Memory Corruption Vulnerability
23557| [881389] CentOS Update for postfix CESA-2011:0422 centos5 x86_64
23558| [881293] CentOS Update for postfix CESA-2011:0843 centos4 x86_64
23559| [881278] CentOS Update for postfix CESA-2011:0422 centos4 x86_64
23560| [881267] CentOS Update for postfix CESA-2011:0843 centos5 x86_64
23561| [880520] CentOS Update for postfix CESA-2011:0422 centos5 i386
23562| [880509] CentOS Update for postfix CESA-2011:0843 centos5 i386
23563| [880488] CentOS Update for postfix CESA-2011:0843 centos4 i386
23564| [880485] CentOS Update for postfix CESA-2011:0422 centos4 i386
23565| [880268] CentOS Update for postfix CESA-2008:0839 centos3 i386
23566| [880023] CentOS Update for postfix CESA-2008:0839 centos3 x86_64
23567| [870658] RedHat Update for postfix RHSA-2011:0423-01
23568| [870440] RedHat Update for postfix RHSA-2011:0843-01
23569| [870418] RedHat Update for postfix RHSA-2011:0422-01
23570| [870021] RedHat Update for postfix RHSA-2008:0839-01
23571| [863100] Fedora Update for postfix FEDORA-2011-6777
23572| [863097] Fedora Update for postfix FEDORA-2011-6771
23573| [862950] Fedora Update for postfix FEDORA-2011-3394
23574| [862938] Fedora Update for postfix FEDORA-2011-3355
23575| [860510] Fedora Update for postfix FEDORA-2008-8593
23576| [860419] Fedora Update for postfix FEDORA-2008-8595
23577| [850126] SuSE Update for postfix SUSE-SA:2010:011
23578| [850031] SuSE Update for postfix SUSE-SA:2008:040
23579| [840658] Ubuntu Update for postfix USN-1131-1
23580| [840648] Ubuntu Update for postfix USN-1113-1
23581| [840227] Ubuntu Update for postfix vulnerabilities USN-642-1
23582| [840190] Ubuntu Update for postfix vulnerability USN-636-1
23583| [831400] Mandriva Update for postfix MDVSA-2011:090 (postfix)
23584| [830713] Mandriva Update for postfix MDVSA-2008:171 (postfix)
23585| [830635] Mandriva Update for postfix MDVSA-2008:190 (postfix)
23586| [830075] Mandriva Update for postfix MDKA-2007:079 (postfix)
23587| [72452] Gentoo Security Advisory GLSA 201209-18 (postfixadmin)
23588| [71559] Gentoo Security Advisory GLSA 201206-33 (Postfix)
23589| [70744] FreeBSD Ports: postfixadmin
23590| [69770] FreeBSD Ports: postfix, postfix-base
23591| [69733] Debian Security Advisory DSA 2233-1 (postfix)
23592| [69363] FreeBSD Ports: postfix, postfix-base
23593| [66394] Mandriva Security Advisory MDVSA-2009:224-1 (postfix)
23594| [65957] SLES10: Security update for Postfix
23595| [65911] SLES10: Security update for Postfix
23596| [65353] SLES9: Security update for Postfix
23597| [65350] SLES9: Security update for postfix
23598| [64696] Mandrake Security Advisory MDVSA-2009:224 (postfix)
23599| [61646] Gentoo Security Advisory GLSA 200809-09 (postfix)
23600| [61445] Gentoo Security Advisory GLSA 200808-12 (postfix)
23601| [61435] Debian Security Advisory DSA 1629-2 (postfix)
23602| [61434] Debian Security Advisory DSA 1629-1 (postfix)
23603| [60836] FreeBSD Ports: postfix-policyd-weight
23604| [58580] Debian Security Advisory DSA 1361-1 (postfix-policyd)
23605| [53833] Debian Security Advisory DSA 093-1 (postfix)
23606| [53652] Debian Security Advisory DSA 363-1 (postfix)
23607|
23608| SecurityTracker - https://www.securitytracker.com:
23609| [1025521] Postfix SASL Authentication Heap Overflow Lets Remote Users Deny Service
23610| [1025179] Postfix Plaintext to TLS Switching Error Lets Remote Users Inject Plaintext Commands
23611| [1020800] Postfix Linux epoll File Descriptor Leak Lets Local Users Deny Service
23612| [1020700] Postfix Symlink Dereference Bug Lets Local Users Gain Elevated Privileges
23613| [1012395] Postfix CRAM-MD5 Replay Attack May Let Remote Users Send Mail
23614| [1011532] Postfix Buffer Error May Prevent Remote Users from Being Able to Authenticate Using SMTPD AUTH
23615| [1007382] Postfix Bounce Messages Let Remote Users Scan for Open Ports on Other Hosts
23616| [1007381] Postfix Address Resolver Parsing Bug Lets Remote Users Hang the System
23617| [1002756] Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
23618|
23619| OSVDB - http://www.osvdb.org:
23620| [94034] Linux Kernel Broadcom B43 Wireless Driver b43_request_firmware Function fwpostfix modprobe Parameter Format String Local Privilege Escalation
23621| [78567] Postfix Admin backup.php Unspecified SQL Injection
23622| [78566] Postfix Admin functions.inc.php pacrypt() Function Unspecified SQL Injection
23623| [78565] Postfix Admin create-domain.php Unspecified SQL Injection
23624| [78564] Postfix Admin Unspecified XSS
23625| [78563] Postfix Admin edit-alias.php Unspecified XSS
23626| [78562] Postfix Admin create-alias.php Unspecified XSS
23627| [78561] Postfix Admin create-domain.php Unspecified XSS
23628| [78560] Postfix Admin templates/edit-vacation.php domain Parameter XSS
23629| [78559] Postfix Admin templates/menu.php domain Parameter XSS
23630| [72259] Postfix SMTP Cyrus SASL Authentication Context Data Reuse Memory Corruption
23631| [71021] Postfix STARTTLS Arbitrary Plaintext Command Injection
23632| [68340] Artica postfix.events.php Unrestricted Access Information Disclosure
23633| [61983] SUSE Linux postfix Network Interface Remote Access Restriction Bypass
23634| [58325] Debian GNU/Linux postfix postfix.postinst Symlink Arbitrary File Overwrite
23635| [49634] Postfix postfix_groups.pl Multiple Temporary File Symlink Arbitrary File Overwrite
23636| [48973] Apple Mac OS X Postfix Network Access Configuration Weakness
23637| [48108] Postfix epoll File Descriptor Leak Local DoS
23638| [47659] Postfix Cross-user Filename Local Mail Interception
23639| [47658] Postfix Hardlink to Symlink Mailspool Arbitrary Content Append
23640| [43888] policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
23641| [38091] policyd for Postfix sockets.c read_w() Function SMTP Command Remote Overflow
23642| [22381] Kolab Server Secure SMTP postfix.log Authentication Credential Disclosure
23643| [13470] Postfix IPv6 Patch if_inet6 Failure Arbitrary Mail Relay
23644| [12339] SQLgrey Postfix greylisting service Unspecified SQL Injection
23645| [12200] Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
23646| [11571] SQLgrey Postfix greylisting Email Address SQL Injection
23647| [10545] Postfix Multiple Mail Header SMTP listener DoS
23648| [10544] Postfix Malformed Envelope Address nqmgr DoS
23649| [10500] Apple Mac OS X Postfix SMTPD AUTH Username Overflow DoS
23650| [6551] Postfix Bounce Scan / Packet Amplification DDoS
23651| [1991] Postfix SMTP Log DoS
23652|_
23653993/tcp open ssl/imaps?
23654995/tcp open ssl/pop3s?
23655Device type: general purpose
23656Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
23657OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
23658Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.10 - 4.11 (86%), Linux 3.10 - 3.12 (86%), Linux 4.4 (86%), Linux 4.9 (85%), Linux 3.2 - 4.9 (85%)
23659No exact OS matches for host (test conditions non-ideal).
23660Uptime guess: 20.625 days (since Sun Dec 29 19:02:26 2019)
23661Network Distance: 2 hops
23662TCP Sequence Prediction: Difficulty=255 (Good luck!)
23663IP ID Sequence Generation: All zeros
23664Service Info: Host: mail.hp4u.jp
23665
23666TRACEROUTE (using port 445/tcp)
23667HOP RTT ADDRESS
236681 130.26 ms 10.249.204.1
236692 130.27 ms 223-29-54-96.tobila.com (223.29.54.96)
23670
23671NSE: Script Post-scanning.
23672Initiating NSE at 10:01
23673Completed NSE at 10:01, 0.00s elapsed
23674Initiating NSE at 10:01
23675Completed NSE at 10:01, 0.00s elapsed
23676######################################################################################################################################
23677Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-19 10:01 EST
23678NSE: Loaded 47 scripts for scanning.
23679NSE: Script Pre-scanning.
23680Initiating NSE at 10:01
23681Completed NSE at 10:01, 0.00s elapsed
23682Initiating NSE at 10:01
23683Completed NSE at 10:01, 0.00s elapsed
23684Initiating Parallel DNS resolution of 1 host. at 10:01
23685Completed Parallel DNS resolution of 1 host. at 10:01, 0.02s elapsed
23686Initiating UDP Scan at 10:01
23687Scanning 223-29-54-96.tobila.com (223.29.54.96) [15 ports]
23688Completed UDP Scan at 10:01, 2.72s elapsed (15 total ports)
23689Initiating Service scan at 10:01
23690Scanning 13 services on 223-29-54-96.tobila.com (223.29.54.96)
23691Service scan Timing: About 7.69% done; ETC: 10:23 (0:19:36 remaining)
23692Completed Service scan at 10:03, 102.61s elapsed (13 services on 1 host)
23693Initiating OS detection (try #1) against 223-29-54-96.tobila.com (223.29.54.96)
23694Retrying OS detection (try #2) against 223-29-54-96.tobila.com (223.29.54.96)
23695Initiating Traceroute at 10:03
23696Completed Traceroute at 10:03, 7.06s elapsed
23697Initiating Parallel DNS resolution of 1 host. at 10:03
23698Completed Parallel DNS resolution of 1 host. at 10:03, 0.00s elapsed
23699NSE: Script scanning 223.29.54.96.
23700Initiating NSE at 10:03
23701Completed NSE at 10:03, 7.24s elapsed
23702Initiating NSE at 10:03
23703Completed NSE at 10:03, 1.26s elapsed
23704Nmap scan report for 223-29-54-96.tobila.com (223.29.54.96)
23705Host is up (0.17s latency).
23706
23707PORT STATE SERVICE VERSION
2370853/udp open|filtered domain
2370967/udp open|filtered dhcps
2371068/udp open|filtered dhcpc
2371169/udp open|filtered tftp
2371288/udp open|filtered kerberos-sec
23713123/udp open|filtered ntp
23714137/udp filtered netbios-ns
23715138/udp filtered netbios-dgm
23716139/udp open|filtered netbios-ssn
23717161/udp open|filtered snmp
23718162/udp open|filtered snmptrap
23719389/udp open|filtered ldap
23720500/udp open|filtered isakmp
23721|_ike-version: ERROR: Script execution failed (use -d to debug)
23722520/udp open|filtered route
237232049/udp open|filtered nfs
23724Too many fingerprints match this host to give specific OS details
23725
23726TRACEROUTE (using port 138/udp)
23727HOP RTT ADDRESS
237281 30.53 ms 10.249.204.1
237292 ... 3
237304 33.33 ms 10.249.204.1
237315 102.98 ms 10.249.204.1
237326 102.99 ms 10.249.204.1
237337 102.98 ms 10.249.204.1
237348 102.98 ms 10.249.204.1
237359 102.97 ms 10.249.204.1
2373610 31.68 ms 10.249.204.1
2373711 ... 18
2373819 33.28 ms 10.249.204.1
2373920 33.74 ms 10.249.204.1
2374021 ... 28
2374129 98.37 ms 10.249.204.1
2374230 76.90 ms 10.249.204.1
23743
23744NSE: Script Post-scanning.
23745Initiating NSE at 10:03
23746Completed NSE at 10:03, 0.00s elapsed
23747Initiating NSE at 10:03
23748Completed NSE at 10:03, 0.00s elapsed
23749######################################################################################################################################
23750 Anonymous JTSEC #OpWhales Full Recon #21