· 6 years ago · Jan 27, 2020, 04:48 AM
1######################################################################################################################################
2=====================================================================================================================================
3Hostname www.nagasaki-tabinet.com ISP IDC Frontier Inc.
4Continent Asia Flag
5JP
6Country Japan Country Code JP
7Region Unknown Local time 27 Jan 2020 12:42 JST
8City Unknown Postal Code Unknown
9IP Address 210.140.228.109 Latitude 35.69
10 Longitude 139.69
11=====================================================================================================================================
12#####################################################################################################################################
13> www.nagasaki-tabinet.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18www.nagasaki-tabinet.com canonical name = nagasaki-tabinet.com.
19Name: nagasaki-tabinet.com
20Address: 210.140.228.109
21>
22######################################################################################################################################
23 Domain Name: NAGASAKI-TABINET.COM
24 Registry Domain ID: 686428799_DOMAIN_COM-VRSN
25 Registrar WHOIS Server: whois.discount-domain.com
26 Registrar URL: http://gmo.jp
27 Updated Date: 2018-11-03T21:58:32Z
28 Creation Date: 2006-11-27T07:24:16Z
29 Registry Expiry Date: 2021-11-27T07:24:16Z
30 Registrar: GMO Internet, Inc. d/b/a Onamae.com
31 Registrar IANA ID: 49
32 Registrar Abuse Contact Email: abuse@gmo.jp
33 Registrar Abuse Contact Phone: +81.337709199
34 Domain Status: ok https://icann.org/epp#ok
35 Name Server: 01.DNSV.JP
36 Name Server: 02.DNSV.JP
37 DNSSEC: unsigned
38######################################################################################################################################
39Domain Name: nagasaki-tabinet.com
40Registry Domain ID: 686428799_DOMAIN_COM-VRSN
41Registrar WHOIS Server: whois.discount-domain.com
42Registrar URL: http://www.onamae.com
43Updated Date: 2018-11-04T06:58:32Z
44Creation Date: 2006-11-27T07:24:16Z
45Registrar Registration Expiration Date: 2021-11-27T07:24:16Z
46Registrar: GMO INTERNET, INC.
47Registrar IANA ID: 49
48Registrar Abuse Contact Email: abuse@gmo.jp
49Registrar Abuse Contact Phone: +81.337709199
50Domain Status: ok https://icann.org/epp#ok
51Registry Registrant ID: Not Available From Registry
52Registrant Name: Nagasaki Prefectual
53Registrant Organization: Nagasaki Prefectual
54Registrant Street: 1-4-15 Hiro
55Registrant Street: 2F
56Registrant City: Shibuya-ku
57Registrant State/Province: Tokyo
58Registrant Postal Code: 150-0012
59Registrant Country: JP
60Registrant Phone: +81.359627607
61Registrant Phone Ext:
62Registrant Fax: +81.2046243982
63Registrant Fax Ext:
64Registrant Email: oizumit@travelzip.jp
65Registry Admin ID: Not Available From Registry
66Admin Name: Toshiro Oizumi
67Admin Organization: Travelzip Co.,Ltd.
68Admin Street: 1-4-15 2F Hiro
69Admin City: Shibuya Ku
70Admin State/Province: Tokyo
71Admin Postal Code: 150-0012
72Admin Country: JP
73Admin Phone: +81.359627607
74Admin Phone Ext:
75Admin Fax: +81.2046243982
76Admin Fax Ext:
77Admin Email: info@travelzip.jp
78Registry Tech ID: Not Available From Registry
79Tech Name: Toshiro Oizumi
80Tech Organization: Travelzip Co.,Ltd.
81Tech Street: 1-4-15 2F Hiro
82Tech City: Shibuya Ku
83Tech State/Province: Tokyo
84Tech Postal Code: 150-0012
85Tech Country: JP
86Tech Phone: +81.359627607
87Tech Phone Ext:
88Tech Fax: +81.2046243982
89Tech Fax Ext:
90Tech Email: info@travelzip.jp
91Name Server: 01.dnsv.jp
92Name Server: 02.dnsv.jp
93DNSSEC: unsigned
94######################################################################################################################################
95[+] Target : www.nagasaki-tabinet.com
96
97[+] IP Address : 210.140.228.109
98
99[+] Headers :
100
101[+] Date : Mon, 27 Jan 2020 03:48:04 GMT
102[+] Server : Apache
103[+] Set-Cookie : CFID=65797293; Expires=Tue, 28-Jan-2020 03:48:04 GMT; Path=/; HttpOnly, CFTOKEN=81d539601f2297f2-F3228610-ADE2-6E5D-69733DC2F3959976; Expires=Tue, 28-Jan-2020 03:48:04 GMT; Path=/; HttpOnly, USERTOKEN=Qa8F0CQoYZq2GXJTvKv61xdStiz9z0xytHI72SStNzBIgVGLlUvNxqk21MKAs9vS; Expires=Wed, 19-Jan-2050 03:48:04 GMT; Path=/, PERSONAL_TOKEN=11D723B4D2A38D3B195D1440ACF28607; Domain=www.nagasaki-tabinet.com; Expires=Wed, 19-Jan-2050 03:48:04 GMT; Path=/, CFGLOBALS=urltoken%3DCFID%23%3D65797293%26CFTOKEN%23%3D81d539601f2297f2%2DF3228610%2DADE2%2D6E5D%2D69733DC2F3959976%23lastvisit%3D%7Bts%20%272020%2D01%2D27%2012%3A48%3A04%27%7D%23hitcount%3D2%23timecreated%3D%7Bts%20%272020%2D01%2D27%2012%3A48%3A04%27%7D%23cftoken%3D81d539601f2297f2%2DF3228610%2DADE2%2D6E5D%2D69733DC2F3959976%23cfid%3D65797293%23; Expires=Wed, 19-Jan-2050 03:48:04 GMT; Path=/; HttpOnly
104[+] Vary : Accept-Encoding,User-Agent
105[+] Content-Encoding : gzip
106[+] Keep-Alive : timeout=6, max=128
107[+] Connection : Keep-Alive
108[+] Transfer-Encoding : chunked
109[+] Content-Type : text/html;charset=UTF-8
110
111[+] SSL Certificate Information :
112
113[+] commonName : nagasaki-tabinet.com
114[+] countryName : US
115[+] organizationName : Let's Encrypt
116[+] commonName : Let's Encrypt Authority X3
117[+] Version : 3
118[+] Serial Number : 035E7E8D804015E247D92C7B0991DB28C0A6
119[+] Not Before : Jan 13 14:00:14 2020 GMT
120[+] Not After : Apr 12 14:00:14 2020 GMT
121[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
122[+] subject Alt Name : (('DNS', 'nagasaki-tabinet.com'), ('DNS', 'www.nagasaki-tabinet.com'))
123[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
124
125[+] Whois Lookup :
126
127[+] NIR : {'query': '210.140.228.109', 'raw': None, 'nets': [{'cidr': '210.140.228.0/25', 'name': 'LINK, Inc.', 'handle': 'LINKNET', 'range': '210.140.228.1 - 210.140.228.127', 'country': 'JP', 'address': None, 'postal_code': None, 'nameservers': None, 'created': None, 'updated': '2017-04-26T02:41:03', 'contacts': {'admin': {'name': 'Okada, Ganji', 'email': 'info@link.co.jp', 'reply_email': '', 'organization': 'LINK, Inc.', 'division': '', 'title': 'President', 'phone': '', 'fax': '', 'updated': '2015-06-12T07:26:05'}, 'tech': {'name': 'Hosotani, Toru', 'email': 'setup@link.co.jp', 'reply_email': '', 'organization': 'LINK, Inc.', 'division': '', 'title': '', 'phone': '03-5785-0555', 'fax': '', 'updated': '2015-06-15T01:38:06'}}}]}
128[+] ASN Registry : apnic
129[+] ASN : 4694
130[+] ASN CIDR : 210.140.192.0/18
131[+] ASN Country Code : JP
132[+] ASN Date : 1996-10-14
133[+] ASN Description : IDCF IDC Frontier Inc., JP
134[+] cidr : 210.136.0.0/13
135[+] name : JPNIC-NET-JP
136[+] handle : JNIC1-AP
137[+] range : 210.136.0.0 - 210.143.255.255
138[+] description : Japan Network Information Center
139[+] country : JP
140[+] state : None
141[+] city : None
142[+] address : Urbannet-Kanda Bldg 4F, 3-6-2 Uchi-Kanda
143Chiyoda-ku, Tokyo 101-0047, Japan
144[+] postal_code : None
145[+] emails : ['hostmaster@nic.ad.jp']
146[+] created : None
147[+] updated : None
148
149[+] Crawling Target...
150
151[+] Looking for robots.txt........[ Found ]
152[+] Extracting robots Links.......[ 1 ]
153[+] Looking for sitemap.xml.......[ Not Found ]
154[+] Extracting CSS Links..........[ 10 ]
155[+] Extracting Javascript Links...[ 22 ]
156[+] Extracting Internal Links.....[ 19 ]
157[+] Extracting External Links.....[ 23 ]
158[+] Extracting Images.............[ 102 ]
159
160[+] Total Links Extracted : 177
161
162[+] Dumping Links in /opt/FinalRecon/dumps/www.nagasaki-tabinet.com.dump
163[+] Completed!
164######################################################################################################################################
165[i] Scanning Site: https://210.140.228.109
166
167
168
169B A S I C I N F O
170====================
171
172
173[+] Site Title:
174[+] IP address: 210.140.228.109
175[+] Web Server: Apache
176[+] CMS: Could Not Detect
177[+] Cloudflare: Not Detected
178[+] Robots File: Could NOT Find robots.txt!
179
180
181
182
183W H O I S L O O K U P
184========================
185
186 % This is the RIPE Database query service.
187% The objects are in RPSL format.
188%
189% The RIPE Database is subject to Terms and Conditions.
190% See http://www.ripe.net/db/support/db-terms-conditions.pdf
191
192% Note: this output has been filtered.
193% To receive output for a database update, use the "-B" flag.
194
195% Information related to '209.251.254.0 - 211.255.255.255'
196
197% No abuse contact registered for 209.251.254.0 - 211.255.255.255
198
199inetnum: 209.251.254.0 - 211.255.255.255
200netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
201descr: IPv4 address block not managed by the RIPE NCC
202remarks: ------------------------------------------------------
203remarks:
204remarks: For registration information,
205remarks: you can consult the following sources:
206remarks:
207remarks: IANA
208remarks: http://www.iana.org/assignments/ipv4-address-space
209remarks: http://www.iana.org/assignments/iana-ipv4-special-registry
210remarks: http://www.iana.org/assignments/ipv4-recovered-address-space
211remarks:
212remarks: AFRINIC (Africa)
213remarks: http://www.afrinic.net/ whois.afrinic.net
214remarks:
215remarks: APNIC (Asia Pacific)
216remarks: http://www.apnic.net/ whois.apnic.net
217remarks:
218remarks: ARIN (Northern America)
219remarks: http://www.arin.net/ whois.arin.net
220remarks:
221remarks: LACNIC (Latin America and the Carribean)
222remarks: http://www.lacnic.net/ whois.lacnic.net
223remarks:
224remarks: ------------------------------------------------------
225country: EU # Country is really world wide
226admin-c: IANA1-RIPE
227tech-c: IANA1-RIPE
228status: ALLOCATED UNSPECIFIED
229mnt-by: RIPE-NCC-HM-MNT
230created: 2019-01-07T10:47:20Z
231last-modified: 2019-01-07T10:47:20Z
232source: RIPE
233
234% This query was served by the RIPE Database Query Service version 1.96 (ANGUS)
235
236
237
238
239
240
241G E O I P L O O K U P
242=========================
243
244[i] IP Address: 210.140.228.109
245[i] Country: Japan
246[i] State:
247[i] City:
248[i] Latitude: 35.69
249[i] Longitude: 139.69
250
251
252
253
254H T T P H E A D E R S
255=======================
256
257
258[i] HTTP/1.1 403 Forbidden
259[i] Date: Mon, 27 Jan 2020 03:48:17 GMT
260[i] Server: Apache
261[i] Content-Length: 202
262[i] Connection: close
263[i] Content-Type: text/html; charset=iso-8859-1
264
265
266
267
268D N S L O O K U P
269===================
270
271no records found
272
273
274
275S U B N E T C A L C U L A T I O N
276====================================
277
278Address = 210.140.228.109
279Network = 210.140.228.109 / 32
280Netmask = 255.255.255.255
281Broadcast = not needed on Point-to-Point links
282Wildcard Mask = 0.0.0.0
283Hosts Bits = 0
284Max. Hosts = 1 (2^0 - 0)
285Host Range = { 210.140.228.109 - 210.140.228.109 }
286
287
288
289N M A P P O R T S C A N
290============================
291
292Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-27 03:48 UTC
293Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
294Host is up (0.17s latency).
295
296PORT STATE SERVICE
29721/tcp filtered ftp
29822/tcp filtered ssh
29923/tcp filtered telnet
30080/tcp open http
301110/tcp filtered pop3
302143/tcp filtered imap
303443/tcp open https
3043389/tcp filtered ms-wbt-server
305
306Nmap done: 1 IP address (1 host up) scanned in 3.12 seconds
307#######################################################################################################################################
308[+] Starting At 2020-01-26 22:48:45.834407
309[+] Collecting Information On: https://www.nagasaki-tabinet.com/
310[#] Status: 200
311--------------------------------------------------
312[#] Web Server Detected: Apache
313[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
314- Date: Mon, 27 Jan 2020 03:48:41 GMT
315- Server: Apache
316- Set-Cookie: CFID=65797362; Expires=Tue, 28-Jan-2020 03:48:41 GMT; Path=/; HttpOnly, CFTOKEN=8c84e7e69b9b1f5a-F32834FE-EED6-D731-9FB1F6FF29939EDD; Expires=Tue, 28-Jan-2020 03:48:41 GMT; Path=/; HttpOnly, USERTOKEN=dPgaoAOj9RdW1WwY7Pin2G88YTDYPYJbT1lyTxJd2TYvpQbTOywpn00YTmXu0VON; Expires=Wed, 19-Jan-2050 03:48:41 GMT; Path=/, PERSONAL_TOKEN=413CFF105221BAFDC73B30353600BB8D; Domain=www.nagasaki-tabinet.com; Expires=Wed, 19-Jan-2050 03:48:41 GMT; Path=/, CFGLOBALS=urltoken%3DCFID%23%3D65797362%26CFTOKEN%23%3D8c84e7e69b9b1f5a%2DF32834FE%2DEED6%2DD731%2D9FB1F6FF29939EDD%23lastvisit%3D%7Bts%20%272020%2D01%2D27%2012%3A48%3A41%27%7D%23hitcount%3D2%23timecreated%3D%7Bts%20%272020%2D01%2D27%2012%3A48%3A41%27%7D%23cftoken%3D8c84e7e69b9b1f5a%2DF32834FE%2DEED6%2DD731%2D9FB1F6FF29939EDD%23cfid%3D65797362%23; Expires=Wed, 19-Jan-2050 03:48:41 GMT; Path=/; HttpOnly
317- Vary: Accept-Encoding,User-Agent
318- Content-Encoding: gzip
319- Keep-Alive: timeout=6, max=128
320- Connection: Keep-Alive
321- Transfer-Encoding: chunked
322- Content-Type: text/html;charset=UTF-8
323--------------------------------------------------
324[#] Finding Location..!
325[#] status: success
326[#] country: Japan
327[#] countryCode: JP
328[#] region: 13
329[#] regionName: Tokyo
330[#] city: Chiyoda
331[#] zip: 100-0001
332[#] lat: 35.6906
333[#] lon: 139.77
334[#] timezone: Asia/Tokyo
335[#] isp: TokyoNet
336[#] org: Yahoo Japan Corporation
337[#] as: AS4694 IDC Frontier Inc.
338[#] query: 210.140.228.109
339--------------------------------------------------
340[x] Didn't Detect WAF Presence on: https://www.nagasaki-tabinet.com/
341--------------------------------------------------
342[#] Starting Reverse DNS
343[-] Failed ! Fail
344--------------------------------------------------
345[!] Scanning Open Port
346[#] 80/tcp open http
347[#] 443/tcp open https
348--------------------------------------------------
349[+] Getting SSL Info
350{'OCSP': ('http://ocsp.int-x3.letsencrypt.org',),
351 'caIssuers': ('http://cert.int-x3.letsencrypt.org/',),
352 'issuer': ((('countryName', 'US'),),
353 (('organizationName', "Let's Encrypt"),),
354 (('commonName', "Let's Encrypt Authority X3"),)),
355 'notAfter': 'Apr 12 14:00:14 2020 GMT',
356 'notBefore': 'Jan 13 14:00:14 2020 GMT',
357 'serialNumber': '035E7E8D804015E247D92C7B0991DB28C0A6',
358 'subject': ((('commonName', 'nagasaki-tabinet.com'),),),
359 'subjectAltName': (('DNS', 'nagasaki-tabinet.com'),
360 ('DNS', 'www.nagasaki-tabinet.com')),
361 'version': 3}
362-----BEGIN CERTIFICATE-----
363MIIDADCCAegCCQCA7KYTkoK8ejANBgkqhkiG9w0BAQsFADBCMQswCQYDVQQGEwJY
364WDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBh
365bnkgTHRkMB4XDTE4MDIwNzIzNTQzN1oXDTI4MDIwNTIzNTQzN1owQjELMAkGA1UE
366BhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBD
367b21wYW55IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ6bmBlU
368Dd8gbvTSMPUHZZIDs6w0GG+juUBaoOixc2ApekbNG2Ffx5UkyrNn3gUyg+9nhdls
369U8nSq9FfI5BL1f8HcKZjd9ZzjNQ/mZOvRqsP31TJZYsBgmph4QCduCIl+w3SFkvr
3703UNCJiXkEpHiG91aCdzUAB/7LP4jPJU7nc2jjNFFZeHUDnq1AnXRsJPeLoHyC+/T
371yJoAdZz0Oa6MHPV6QvxprOn48NJmXemx6Kizgicr2IE0tOheHhNpLkU/qmEQ2n9u
372SFz4+0sl5sny1ZmMvY1WIw3hduFfAUSSDFkbwcXsMpe/493FVH8KO8u3OW350Zi2
373383Wkw18c/vtcw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEADOUPjBr9jS1Ah+jz
374SSfNbA4JkcqTivy20ffTMjJ+IrBNnFRz3Sf5YPfabKOQG8YHO5nUzybgocRAUE4D
375kJwFmJm2Ezm0msVvbOz46olnpKag/6W7u+6h8n4ZFkXQiGIxrjMJAoHlpprvC3+H
376kj8uX21Exv1Rbo9mQkHgQ3HTq4+moCQxzgRcS/8SDVmcZjniwHCBXfeFvPCUj1xC
377Rl/My97awwHvLRWWmxqeEOAbsnBwMRxZ3PJcncYJJRkjC0GWmbqxx9Ni2GGJznwN
378i8j81LNlz9dWY82a08Esja/KfAfa0Z7cq4GDIvG9lZo3ksEk1jTOPKuiSccCUuxQ
379/DUE0A==
380-----END CERTIFICATE-----
381
382--------------------------------------------------
383[+] Collecting Information Disclosure!
384[#] Detecting sitemap.xml file
385[-] sitemap.xml file not Found!?
386[#] Detecting robots.txt file
387[!] robots.txt File Found: https://www.nagasaki-tabinet.com//robots.txt
388[#] Detecting GNU Mailman
389[-] GNU Mailman App Not Detected!?
390--------------------------------------------------
391[+] Crawling Url Parameter On: https://www.nagasaki-tabinet.com/
392--------------------------------------------------
393[#] Searching Html Form !
394[+] Html Form Discovered
395[#] action: //www.google.com/cse
396[#] class: ['hidden123']
397[#] id: cse-search-box
398[#] method: None
399--------------------------------------------------
400[!] Found 23 dom parameter
401[#] https://www.nagasaki-tabinet.com//#
402[#] https://www.nagasaki-tabinet.com//#
403[#] https://www.nagasaki-tabinet.com///news/#wn1906
404[#] https://www.nagasaki-tabinet.com///news/#wn1861
405[#] https://www.nagasaki-tabinet.com///news/#wn1830
406[#] https://www.nagasaki-tabinet.com///news/#wn1907
407[#] https://www.nagasaki-tabinet.com///news/#wn1918
408[#] https://www.nagasaki-tabinet.com///news/#wn1917
409[#] https://www.nagasaki-tabinet.com///news/#wn1916
410[#] https://www.nagasaki-tabinet.com///news/#wn1915
411[#] https://www.nagasaki-tabinet.com///news/#wn1912
412[#] https://www.nagasaki-tabinet.com///news/#wn1910
413[#] https://www.nagasaki-tabinet.com///local/#wn1906
414[#] https://www.nagasaki-tabinet.com///local/#wn1903
415[#] https://www.nagasaki-tabinet.com///local/#wn1897
416[#] https://www.nagasaki-tabinet.com///local/#wn1888
417[#] https://www.nagasaki-tabinet.com///local/#wn1887
418[#] https://www.nagasaki-tabinet.com///local/#wn1884
419[#] https://www.nagasaki-tabinet.com///local/#wn1885
420[#] https://www.nagasaki-tabinet.com///local/#wn1881
421[#] https://www.nagasaki-tabinet.com///local/#wn1878
422[#] https://www.nagasaki-tabinet.com///local/#wn1877
423[#] https://www.nagasaki-tabinet.com//#
424--------------------------------------------------
425[-] No internal Dynamic Parameter Found!?
426--------------------------------------------------
427[-] No external Dynamic Paramter Found!?
428--------------------------------------------------
429[!] 152 Internal links Discovered
430[+] https://www.nagasaki-tabinet.com///favicon.ico
431[+] https://www.nagasaki-tabinet.com///favicon.ico
432[+] https://www.nagasaki-tabinet.com///theme2016/vendor/bootstrap/css/styles.css
433[+] https://www.nagasaki-tabinet.com////maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
434[+] https://www.nagasaki-tabinet.com///theme2016/vendor/FlexSlider/flexslider.css
435[+] https://www.nagasaki-tabinet.com////code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css
436[+] https://www.nagasaki-tabinet.com///theme2016/css/fixedFooter.css
437[+] https://www.nagasaki-tabinet.com///theme2016/css/flexSlider.css
438[+] https://www.nagasaki-tabinet.com///theme2016/css/styles.css
439[+] https://www.nagasaki-tabinet.com///theme2016/css/enquete-popup_pc.css
440[+] https://www.nagasaki-tabinet.com///theme2016/css/enquete-popup_sp.css
441[+] https://www.nagasaki-tabinet.com///theme2016/css/main/style.css
442[+] https://www.nagasaki-tabinet.com///
443[+] https://www.nagasaki-tabinet.com///houjin/
444[+] https://www.nagasaki-tabinet.com///ritou/
445[+] https://www.nagasaki-tabinet.com///
446[+] http://www.nagasaki-tabinet.com.tw/
447[+] https://www.nagasaki-tabinet.com///feature/
448[+] https://www.nagasaki-tabinet.com///guide/
449[+] https://www.nagasaki-tabinet.com///course/
450[+] https://www.nagasaki-tabinet.com///event/
451[+] https://www.nagasaki-tabinet.com///eat/
452[+] https://www.nagasaki-tabinet.com///junrei/
453[+] https://www.nagasaki-tabinet.com///tour/
454[+] https://www.nagasaki-tabinet.com///tv/
455[+] https://www.nagasaki-tabinet.com///stay/
456[+] https://www.nagasaki-tabinet.com///access/
457[+] https://www.nagasaki-tabinet.com///favorite/
458[+] https://www.nagasaki-tabinet.com/feature/lp2_03/nagasaki_lantern/
459[+] https://www.nagasaki-tabinet.com/feature/coupon/ittoku/
460[+] https://www.nagasaki-tabinet.com/feature/coupon/top/
461[+] https://www.nagasaki-tabinet.com/islands/
462[+] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
463[+] http://meguritabi.nagasaki-tabinet.com/
464[+] https://www.nagasaki-tabinet.com/feature/kirishitan/handbook/
465[+] https://www.nagasaki-tabinet.com/feature/kirishitan/top/
466[+] https://www.nagasaki-tabinet.com/feature/coupon/top/
467[+] https://www.nagasaki-tabinet.com/feature/kirishitan/top/
468[+] https://www.nagasaki-tabinet.com/ritou/island_cp/
469[+] https://www.nagasaki-tabinet.com/feature/iroduku/top/
470[+] https://www.nagasaki-tabinet.com/feature/boken/top/
471[+] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
472[+] https://www.nagasaki-tabinet.com/wazawaza/
473[+] http://meguritabi.nagasaki-tabinet.com/
474[+] https://www.nagasaki-tabinet.com/feature/peninsula/top/
475[+] https://www.nagasaki-tabinet.com/feature/coupon/top/
476[+] https://www.nagasaki-tabinet.com/ritou/island_cp/
477[+] https://www.nagasaki-tabinet.com/course/60906/
478[+] https://www.nagasaki-tabinet.com/feature/kirishitan/top/
479[+] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
480[+] https://www.nagasaki-tabinet.com/feature/iroduku/top/
481[+] http://meguritabi.nagasaki-tabinet.com/
482[+] https://www.nagasaki-tabinet.com/feature/peninsula/top/
483[+] https://www.nagasaki-tabinet.com/feature/boken/top/
484[+] https://www.nagasaki-tabinet.com/wazawaza/
485[+] http://www.nagasaki-tabinet.com/course/60919/
486[+] https://www.nagasaki-tabinet.com/feature/coupon/top/
487[+] https://www.nagasaki-tabinet.com/course/64538/
488[+] https://www.nagasaki-tabinet.com/feature/iroduku/top/
489[+] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
490[+] https://www.nagasaki-tabinet.com/wazawaza/
491[+] http://meguritabi.nagasaki-tabinet.com/
492[+] https://www.nagasaki-tabinet.com/feature/peninsula/top/
493[+] https://www.nagasaki-tabinet.com/feature/boken/top/
494[+] https://www.nagasaki-tabinet.com/feature/coupon/top/
495[+] https://www.nagasaki-tabinet.com/islands/
496[+] https://www.nagasaki-tabinet.com/feature/lp2_03/nagasaki_lantern/
497[+] https://www.nagasaki-tabinet.com/feature/kirishitan/top/
498[+] https://www.nagasaki-tabinet.com/feature/20191124/top/
499[+] https://www.nagasaki-tabinet.com/feature/iroduku/top/
500[+] https://www.nagasaki-tabinet.com/wazawaza/
501[+] https://www.nagasaki-tabinet.com/feature/boken/top/
502[+] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
503[+] http://meguritabi.nagasaki-tabinet.com/
504[+] https://www.nagasaki-tabinet.com/feature/peninsula/top/
505[+] https://www.nagasaki-tabinet.com///event/51795/
506[+] https://www.nagasaki-tabinet.com///course/60273/
507[+] https://www.nagasaki-tabinet.com///guide/51797/
508[+] https://www.nagasaki-tabinet.com///course/60913/
509[+] https://www.nagasaki-tabinet.com///guide/63/
510[+] https://www.nagasaki-tabinet.com///course/60915/
511[+] https://www.nagasaki-tabinet.com///course/60948/
512[+] https://www.nagasaki-tabinet.com///guide/63127/
513[+] https://www.nagasaki-tabinet.com///event/51295/
514[+] https://www.nagasaki-tabinet.com///tour/62518/
515[+] https://www.nagasaki-tabinet.com///course/62238/
516[+] https://www.nagasaki-tabinet.com///course/60029/
517[+] https://www.nagasaki-tabinet.com///guide/854/
518[+] https://www.nagasaki-tabinet.com///guide/50125/
519[+] https://www.nagasaki-tabinet.com///guide/1028/
520[+] https://www.nagasaki-tabinet.com///guide/839/
521[+] https://www.nagasaki-tabinet.com///event/65003/
522[+] https://www.nagasaki-tabinet.com///event/62836/
523[+] https://www.nagasaki-tabinet.com///event/51795/
524[+] https://www.nagasaki-tabinet.com///event/50196/
525[+] https://www.nagasaki-tabinet.com///event/51728/
526[+] https://www.nagasaki-tabinet.com///event/51147/
527[+] https://www.nagasaki-tabinet.com///news/
528[+] https://www.nagasaki-tabinet.com///local/
529[+] https://www.nagasaki-tabinet.com///opinion/
530[+] https://www.nagasaki-tabinet.com/feature/omotenashi/top/
531[+] https://www.nagasaki-tabinet.com///photolib/
532[+] https://www.nagasaki-tabinet.com///houjin/film/
533[+] https://www.nagasaki-tabinet.com///houjin/cruise/
534[+] http://tomocchi.nagasaki-tabinet.com/
535[+] http://tomocchi.nagasaki-tabinet.com/post-11128/
536[+] http://tomocchi.nagasaki-tabinet.com/post-11128/
537[+] https://www.nagasaki-tabinet.com///sponsor/yamasakaiun/45/
538[+] https://www.nagasaki-tabinet.com///sponsor/fukusaya/24/
539[+] https://www.nagasaki-tabinet.com///sponsor/greatbeans/67/
540[+] https://www.nagasaki-tabinet.com///sponsor/toyota-r/382/
541[+] https://www.nagasaki-tabinet.com///sponsor/retrip/397/
542[+] https://www.nagasaki-tabinet.com///sponsor/nagasakikan/209/
543[+] https://www.nagasaki-tabinet.com///sponsor/kosodate/251/
544[+] https://www.nagasaki-tabinet.com///sponsor/unzenhyakei/323/
545[+] https://www.nagasaki-tabinet.com///
546[+] https://www.nagasaki-tabinet.com///feature/
547[+] https://www.nagasaki-tabinet.com///guide/
548[+] https://www.nagasaki-tabinet.com///course/
549[+] https://www.nagasaki-tabinet.com///event/
550[+] https://www.nagasaki-tabinet.com///eat/
551[+] https://www.nagasaki-tabinet.com///junrei/
552[+] https://www.nagasaki-tabinet.com///tour/
553[+] https://www.nagasaki-tabinet.com///tv/
554[+] https://www.nagasaki-tabinet.com///stay/
555[+] https://www.nagasaki-tabinet.com///access/
556[+] https://www.nagasaki-tabinet.com///ritou/
557[+] https://www.nagasaki-tabinet.com///ritou/about/
558[+] https://www.nagasaki-tabinet.com///ritou/tsushima/
559[+] https://www.nagasaki-tabinet.com///ritou/iki/
560[+] https://www.nagasaki-tabinet.com///ritou/uku/
561[+] https://www.nagasaki-tabinet.com///ritou/ojika/
562[+] https://www.nagasaki-tabinet.com///ritou/kamigoto/
563[+] https://www.nagasaki-tabinet.com///ritou/shimogoto/
564[+] https://www.nagasaki-tabinet.com///houjin/
565[+] https://www.nagasaki-tabinet.com///houjin/industrial/
566[+] https://www.nagasaki-tabinet.com///houjin/excursion/
567[+] https://www.nagasaki-tabinet.com///photolib/
568[+] https://www.nagasaki-tabinet.com///houjin/convention/
569[+] https://www.nagasaki-tabinet.com///houjin/film/
570[+] https://www.nagasaki-tabinet.com///houjin/cruise/
571[+] http://www.nagasaki-tabinet.com.tw/
572[+] https://www.nagasaki-tabinet.com///privacy/
573[+] https://www.nagasaki-tabinet.com///spec/
574[+] https://www.nagasaki-tabinet.com///sitemap/
575[+] https://www.nagasaki-tabinet.com///feature/link/top/
576[+] https://www.nagasaki-tabinet.com///inquiry/
577[+] https://www.nagasaki-tabinet.com///topics/banner/
578[+] https://www.nagasaki-tabinet.com///ad/
579[+] https://www.nagasaki-tabinet.com///s/
580[+] https://www.nagasaki-tabinet.com/feature/research/top/
581[+] https://www.nagasaki-tabinet.com/feature/research/top/
582--------------------------------------------------
583[!] 29 External links Discovered
584[#] https://discover-nagasaki.com/
585[#] http://nagasakiyou.net/
586[#] http://www.nagasaki-tabi.com/
587[#] http://visit-nagasaki.com/fr/
588[#] http://visit-nagasaki.com/es/
589[#] http://visit-nagasaki.com/nl/
590[#] http://visit-nagasaki.com/it/
591[#] https://www.teletama.jp/machicomi/otonasanpo_sp/
592[#] https://www.jr-odekake.net/
593[#] https://www.jal.co.jp/jalmile/use/coupon/shimatobicoupon/
594[#] https://tabelog.com/tieup/main/nagasaki_rst/
595[#] https://tabelog.com/tieup/main/nagasaki_rst/
596[#] https://tabelog.com/tieup/main/nagasaki_rst/
597[#] https://tabelog.com/tieup/main/nagasaki_rst/
598[#] http://oratio.jp/
599[#] http://kirishitan.jp/
600[#] http://tabinaga.jp/
601[#] http://www.facebook.com/nagasaki.kankou
602[#] http://nagasakiken-barrierfree.org/
603[#] http://tour.busan.go.kr/jpn/index.busan
604[#] http://www.shanghaikanko.com/
605[#] http://visit-nagasaki.com/
606[#] http://nagasakiyou.net/
607[#] http://www.nagasaki-tabi.com/
608[#] http://visit-nagasaki.com/fr/
609[#] http://visit-nagasaki.com/es/
610[#] http://visit-nagasaki.com/nl/
611[#] http://visit-nagasaki.com/it/
612[#] https://www.pref.nagasaki.jp/section/kanko/
613--------------------------------------------------
614[#] Mapping Subdomain..
615[!] Found 11 Subdomain
616- photolib.nagasaki-tabinet.com
617- stage.nagasaki-tabinet.com
618- meguritabi.nagasaki-tabinet.com
619- tomocchi.nagasaki-tabinet.com
620- api.nagasaki-tabinet.com
621- mail.nagasaki-tabinet.com
622- goto.nagasaki-tabinet.com
623- stage.goto.nagasaki-tabinet.com
624- shinkamigoto.nagasaki-tabinet.com
625- interpreter.nagasaki-tabinet.com
626- dev.nagasaki-tabinet.com
627--------------------------------------------------
628[!] Done At 2020-01-26 22:49:21.310217
629######################################################################################################################################
630[INFO] ------TARGET info------
631[*] TARGET: https://www.nagasaki-tabinet.com/
632[*] TARGET IP: 210.140.228.109
633[INFO] NO load balancer detected for www.nagasaki-tabinet.com...
634[*] DNS servers: nagasaki-tabinet.com.
635[*] TARGET server: Apache
636[*] CC: JP
637[*] Country: Japan
638[*] RegionCode: 13
639[*] RegionName: Tokyo
640[*] City: Chiyoda
641[*] ASN: AS4694
642[*] BGP_PREFIX: 210.140.0.0/16
643[*] ISP: IDCF IDC Frontier Inc., JP
644[INFO] SSL/HTTPS certificate detected
645[*] Issuer: issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
646[*] Subject: subject=CN = nagasaki-tabinet.com
647[ALERT] Let's Encrypt is commonly used for Phishing
648[INFO] DNS enumeration:
649[*] api.nagasaki-tabinet.com 210.140.228.109
650[*] ftp.nagasaki-tabinet.com nagasaki-tabinet.com. 210.140.228.109
651[*] mail.nagasaki-tabinet.com 119.18.223.137
652[INFO] Possible abuse mails are:
653[*] abuse@nagasaki-tabinet.com
654[*] abuse@www.nagasaki-tabinet.com
655[*] setup@link.co.jp
656[INFO] NO PAC (Proxy Auto Configuration) file FOUND
657[ALERT] robots.txt file FOUND in http://www.nagasaki-tabinet.com/robots.txt
658[INFO] Checking for HTTP status codes recursively from http://www.nagasaki-tabinet.com/robots.txt
659[INFO] Status code Folders
660[INFO] Starting FUZZing in http://www.nagasaki-tabinet.com/FUzZzZzZzZz...
661[INFO] Status code Folders
662[ALERT] Look in the source code. It may contain passwords
663[INFO] Links found from https://www.nagasaki-tabinet.com/ http://210.140.228.109/:
664[*] http://kirishitan.jp/
665[*] http://meguritabi.nagasaki-tabinet.com/
666[*] http://nagasakiken-barrierfree.org/
667[*] http://nagasakiyou.net/
668[*] http://oratio.jp/
669[*] https://discover-nagasaki.com/
670[*] https://nspt.unitag.jp/8429b31f12e8db19_4083.php
671[*] https://tabelog.com/tieup/main/nagasaki_rst/
672[*] https://www.googletagmanager.com/ns.html?id=GTM-P2BH899
673[*] https://www.jal.co.jp/jalmile/use/coupon/shimatobicoupon/
674[*] https://www.jr-odekake.net/
675[*] https://www.nagasaki-tabinet.com/
676[*] https://www.nagasaki-tabinet.com/access/
677[*] https://www.nagasaki-tabinet.com/ad/
678[*] https://www.nagasaki-tabinet.com/course/
679[*] https://www.nagasaki-tabinet.com/course/60029/
680[*] https://www.nagasaki-tabinet.com/course/60273/
681[*] https://www.nagasaki-tabinet.com/course/60906/
682[*] https://www.nagasaki-tabinet.com/course/60913/
683[*] https://www.nagasaki-tabinet.com/course/60915/
684[*] https://www.nagasaki-tabinet.com/course/60948/
685[*] https://www.nagasaki-tabinet.com/course/62238/
686[*] https://www.nagasaki-tabinet.com/course/64538/
687[*] https://www.nagasaki-tabinet.com/eat/
688[*] https://www.nagasaki-tabinet.com/event/
689[*] https://www.nagasaki-tabinet.com/event/50196/
690[*] https://www.nagasaki-tabinet.com/event/51147/
691[*] https://www.nagasaki-tabinet.com/event/51295/
692[*] https://www.nagasaki-tabinet.com/event/51728/
693[*] https://www.nagasaki-tabinet.com/event/51795/
694[*] https://www.nagasaki-tabinet.com/event/62836/
695[*] https://www.nagasaki-tabinet.com/event/65003/
696[*] https://www.nagasaki-tabinet.com/favorite/
697[*] https://www.nagasaki-tabinet.com/feature/
698[*] https://www.nagasaki-tabinet.com/feature/20191124/top/
699[*] https://www.nagasaki-tabinet.com/feature/boken/top/
700[*] https://www.nagasaki-tabinet.com/feature/coupon/ittoku/
701[*] https://www.nagasaki-tabinet.com/feature/coupon/top/
702[*] https://www.nagasaki-tabinet.com/feature/iroduku/top/
703[*] https://www.nagasaki-tabinet.com/feature/kirishitan/handbook/
704[*] https://www.nagasaki-tabinet.com/feature/kirishitan/top/
705[*] https://www.nagasaki-tabinet.com/feature/link/top/
706[*] https://www.nagasaki-tabinet.com/feature/lp2_03/nagasaki_lantern/
707[*] https://www.nagasaki-tabinet.com/feature/omotenashi/top/
708[*] https://www.nagasaki-tabinet.com/feature/peninsula/top/
709[*] https://www.nagasaki-tabinet.com/feature/research/top/
710[*] https://www.nagasaki-tabinet.com/guide/
711[*] https://www.nagasaki-tabinet.com/guide/1028/
712[*] https://www.nagasaki-tabinet.com/guide/50125/
713[*] https://www.nagasaki-tabinet.com/guide/51797/
714[*] https://www.nagasaki-tabinet.com/guide/63/
715[*] https://www.nagasaki-tabinet.com/guide/63127/
716[*] https://www.nagasaki-tabinet.com/guide/839/
717[*] https://www.nagasaki-tabinet.com/guide/854/
718[*] https://www.nagasaki-tabinet.com/houjin/
719[*] https://www.nagasaki-tabinet.com/houjin/convention/
720[*] https://www.nagasaki-tabinet.com/houjin/cruise/
721[*] https://www.nagasaki-tabinet.com/houjin/excursion/
722[*] https://www.nagasaki-tabinet.com/houjin/film/
723[*] https://www.nagasaki-tabinet.com/houjin/industrial/
724[*] https://www.nagasaki-tabinet.com/inquiry/
725[*] https://www.nagasaki-tabinet.com/islands/
726[*] https://www.nagasaki-tabinet.com/junrei/
727[*] https://www.nagasaki-tabinet.com/local/
728[*] https://www.nagasaki-tabinet.com/local/#wn1877
729[*] https://www.nagasaki-tabinet.com/local/#wn1878
730[*] https://www.nagasaki-tabinet.com/local/#wn1881
731[*] https://www.nagasaki-tabinet.com/local/#wn1884
732[*] https://www.nagasaki-tabinet.com/local/#wn1885
733[*] https://www.nagasaki-tabinet.com/local/#wn1887
734[*] https://www.nagasaki-tabinet.com/local/#wn1888
735[*] https://www.nagasaki-tabinet.com/local/#wn1897
736[*] https://www.nagasaki-tabinet.com/local/#wn1903
737[*] https://www.nagasaki-tabinet.com/local/#wn1906
738[*] https://www.nagasaki-tabinet.com/news/
739[*] https://www.nagasaki-tabinet.com/news/#wn1830
740[*] https://www.nagasaki-tabinet.com/news/#wn1861
741[*] https://www.nagasaki-tabinet.com/news/#wn1906
742[*] https://www.nagasaki-tabinet.com/news/#wn1907
743[*] https://www.nagasaki-tabinet.com/news/#wn1910
744[*] https://www.nagasaki-tabinet.com/news/#wn1912
745[*] https://www.nagasaki-tabinet.com/news/#wn1915
746[*] https://www.nagasaki-tabinet.com/news/#wn1916
747[*] https://www.nagasaki-tabinet.com/news/#wn1917
748[*] https://www.nagasaki-tabinet.com/news/#wn1918
749[*] https://www.nagasaki-tabinet.com/n-selection/2017nintei.cfm
750[*] https://www.nagasaki-tabinet.com/opinion/
751[*] https://www.nagasaki-tabinet.com/photolib/
752[*] https://www.nagasaki-tabinet.com/privacy/
753[*] https://www.nagasaki-tabinet.com/ritou/
754[*] https://www.nagasaki-tabinet.com/ritou/about/
755[*] https://www.nagasaki-tabinet.com/ritou/iki/
756[*] https://www.nagasaki-tabinet.com/ritou/island_cp/
757[*] https://www.nagasaki-tabinet.com/ritou/kamigoto/
758[*] https://www.nagasaki-tabinet.com/ritou/ojika/
759[*] https://www.nagasaki-tabinet.com/ritou/shimogoto/
760[*] https://www.nagasaki-tabinet.com/ritou/tsushima/
761[*] https://www.nagasaki-tabinet.com/ritou/uku/
762[*] https://www.nagasaki-tabinet.com/s/
763[*] https://www.nagasaki-tabinet.com/spec/
764[*] https://www.nagasaki-tabinet.com/sponsor/fukusaya/24/
765[*] https://www.nagasaki-tabinet.com/sponsor/greatbeans/67/
766[*] https://www.nagasaki-tabinet.com/sponsor/kosodate/251/
767[*] https://www.nagasaki-tabinet.com/sponsor/nagasakikan/209/
768[*] https://www.nagasaki-tabinet.com/sponsor/retrip/397/
769[*] https://www.nagasaki-tabinet.com/sponsor/toyota-r/382/
770[*] https://www.nagasaki-tabinet.com/sponsor/unzenhyakei/323/
771[*] https://www.nagasaki-tabinet.com/sponsor/yamasakaiun/45/
772[*] https://www.nagasaki-tabinet.com/stay/
773[*] https://www.nagasaki-tabinet.com/topics/banner/
774[*] https://www.nagasaki-tabinet.com/tour/
775[*] https://www.nagasaki-tabinet.com/tour/62518/
776[*] https://www.nagasaki-tabinet.com/tv/
777[*] https://www.nagasaki-tabinet.com/wazawaza/
778[*] https://www.pref.nagasaki.jp/section/kanko/
779[*] https://www.teletama.jp/machicomi/otonasanpo_sp/
780[*] http://tabinaga.jp/
781[*] http://tomocchi.nagasaki-tabinet.com/
782[*] http://tomocchi.nagasaki-tabinet.com/post-11128/
783[*] http://tour.busan.go.kr/jpn/index.busan
784[*] http://visit-nagasaki.com/
785[*] http://visit-nagasaki.com/es/
786[*] http://visit-nagasaki.com/fr/
787[*] http://visit-nagasaki.com/it/
788[*] http://visit-nagasaki.com/nl/
789[*] http://www.facebook.com/nagasaki.kankou
790[*] http://www.nagasaki-tabi.com/
791[*] http://www.nagasaki-tabinet.com/course/60919/
792[*] http://www.nagasaki-tabinet.com.tw/
793[*] http://www.shanghaikanko.com/
794cut: intervalle de champ incorrecte
795Saisissez « cut --help » pour plus d'informations.
796[INFO] Shodan detected the following opened ports on 210.140.228.109:
797[*] 25
798[*] 443
799[*] 80
800[INFO] ------VirusTotal SECTION------
801[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
802[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
803[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
804[INFO] ------Alexa Rank SECTION------
805[INFO] Percent of Visitors Rank in Country:
806[INFO] Percent of Search Traffic:
807[INFO] Percent of Unique Visits:
808[INFO] Total Sites Linking In:
809[*] Total Sites
810[INFO] Useful links related to www.nagasaki-tabinet.com - 210.140.228.109:
811[*] https://www.virustotal.com/pt/ip-address/210.140.228.109/information/
812[*] https://www.hybrid-analysis.com/search?host=210.140.228.109
813[*] https://www.shodan.io/host/210.140.228.109
814[*] https://www.senderbase.org/lookup/?search_string=210.140.228.109
815[*] https://www.alienvault.com/open-threat-exchange/ip/210.140.228.109
816[*] http://pastebin.com/search?q=210.140.228.109
817[*] http://urlquery.net/search.php?q=210.140.228.109
818[*] http://www.alexa.com/siteinfo/www.nagasaki-tabinet.com
819[*] http://www.google.com/safebrowsing/diagnostic?site=www.nagasaki-tabinet.com
820[*] https://censys.io/ipv4/210.140.228.109
821[*] https://www.abuseipdb.com/check/210.140.228.109
822[*] https://urlscan.io/search/#210.140.228.109
823[*] https://github.com/search?q=210.140.228.109&type=Code
824[INFO] Useful links related to AS4694 - 210.140.0.0/16:
825[*] http://www.google.com/safebrowsing/diagnostic?site=AS:4694
826[*] https://www.senderbase.org/lookup/?search_string=210.140.0.0/16
827[*] http://bgp.he.net/AS4694
828[*] https://stat.ripe.net/AS4694
829[INFO] Date: 26/01/20 | Time: 22:50:19
830[INFO] Total time: 1 minute(s) and 41 second(s)
831######################################################################################################################################
832Trying "nagasaki-tabinet.com"
833;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51572
834;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 6
835
836;; QUESTION SECTION:
837;nagasaki-tabinet.com. IN ANY
838
839;; ANSWER SECTION:
840nagasaki-tabinet.com. 300 IN TXT "v=spf1 +ip4:112.78.200.229 include:spf.tricorn.net ~all"
841nagasaki-tabinet.com. 300 IN TXT "facebook-domain-verification=6eu05zwizjv49w0gndyk50tq7ineit"
842nagasaki-tabinet.com. 300 IN MX 10 mail.nagasaki-tabinet.com.
843nagasaki-tabinet.com. 300 IN A 210.140.228.109
844nagasaki-tabinet.com. 43200 IN SOA 01.dnsv.jp. hostmaster.dnsv.jp. 1566864330 3600 900 604800 300
845nagasaki-tabinet.com. 43200 IN NS 01.dnsv.jp.
846nagasaki-tabinet.com. 43200 IN NS 02.dnsv.jp.
847nagasaki-tabinet.com. 43200 IN NS 03.dnsv.jp.
848nagasaki-tabinet.com. 43200 IN NS 04.dnsv.jp.
849
850;; ADDITIONAL SECTION:
85101.dnsv.jp. 24109 IN A 157.7.32.53
85202.dnsv.jp. 38616 IN A 157.7.33.53
85303.dnsv.jp. 38616 IN A 157.7.32.35
85404.dnsv.jp. 38616 IN A 157.7.33.35
85503.dnsv.jp. 38616 IN AAAA 2400:8500:3000::53
85604.dnsv.jp. 38616 IN AAAA 2400:8500:3fff::53
857
858Received 457 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 234 ms
859#####################################################################################################################################
860; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace nagasaki-tabinet.com any
861;; global options: +cmd
862. 84274 IN NS a.root-servers.net.
863. 84274 IN NS f.root-servers.net.
864. 84274 IN NS m.root-servers.net.
865. 84274 IN NS k.root-servers.net.
866. 84274 IN NS l.root-servers.net.
867. 84274 IN NS b.root-servers.net.
868. 84274 IN NS i.root-servers.net.
869. 84274 IN NS e.root-servers.net.
870. 84274 IN NS h.root-servers.net.
871. 84274 IN NS j.root-servers.net.
872. 84274 IN NS g.root-servers.net.
873. 84274 IN NS c.root-servers.net.
874. 84274 IN NS d.root-servers.net.
875. 84274 IN RRSIG NS 8 0 518400 20200208170000 20200126160000 33853 . Ww3LbUzEW+MLqufxC+7CVooCeixgoP386uBW4Nlr7iamYKC8yVqG/ww6 6dnBRB/sG+urWP/40OdyodW0kS6q87jEM0cXKkdZqB1FyJX3bRCIEbLg VLwvNAuXpSDEqBeec7+aKSaWiHf6y1p4Hwu5mKQnFGWYfruyl7CUEcaz BTTpYU5Qz5g1SQoDpdFV7pzzXt3Hscqq1egiXO6HGpkaMsZPUQE6fIeN 0egd26wfU/C8IPzvEctriO+Mq7spHLzhxslwOJbmWnerAsYfKu2AHf+O wKUCZulJF7UgHWm5fY3XVUqxkvSRsgpVDiPpiZxVTv/uoOzbNqSDAeFJ vYH8kQ==
876;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 158 ms
877
878com. 172800 IN NS a.gtld-servers.net.
879com. 172800 IN NS b.gtld-servers.net.
880com. 172800 IN NS c.gtld-servers.net.
881com. 172800 IN NS d.gtld-servers.net.
882com. 172800 IN NS e.gtld-servers.net.
883com. 172800 IN NS f.gtld-servers.net.
884com. 172800 IN NS g.gtld-servers.net.
885com. 172800 IN NS h.gtld-servers.net.
886com. 172800 IN NS i.gtld-servers.net.
887com. 172800 IN NS j.gtld-servers.net.
888com. 172800 IN NS k.gtld-servers.net.
889com. 172800 IN NS l.gtld-servers.net.
890com. 172800 IN NS m.gtld-servers.net.
891com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
892com. 86400 IN RRSIG DS 8 1 86400 20200208170000 20200126160000 33853 . Sf2/H41oXmknsdRhx6IgZkHBRDbIvKRODAojwt6t6Xzpm20UmFENRlN9 CybWc3ajnchKHTeFbHsRVq4zrwV38Vr5EcXC52zZPcakBXP2bZ6PZ9aW R94v3sDLXACboVQ9TdfN6N9kmLfGBJxdPUmWeWboIoGltKWelJlYMWqX Y7T6RP0DFQzoJ5h0tqdWEVjnYBAOi3+Xzhu+yiYQBdDUU1Pxwh+4LWav XcapbuYHyBq7s82bTYy74h9Cfpvg7wvy1Tq/P+G5k/6Uu73fOgblaV2j +iRk6se0LZ+M9Uh2q9eiL0xEiE0mKrSKzW9myFZd3SfPCur4ocOiEESp 0SrUXw==
893;; Received 1180 bytes from 192.203.230.10#53(e.root-servers.net) in 279 ms
894
895nagasaki-tabinet.com. 172800 IN NS 01.dnsv.jp.
896nagasaki-tabinet.com. 172800 IN NS 02.dnsv.jp.
897CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
898CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200130054828 20200123043828 56311 com. jqkRkq+T5MSNGwt4IAhXi2IoqGIlTswjt7iDX5t07beBDi8z9HL3Fkr2 xuwCtvKnElavypaxuA6uofzWCb3jsemIVeb58FEqRypXCeiFFzeSJWXZ dB99ljZ5YCy2K3z5tTZx14r9EDhZXqmZyXc7spT+ELY+7PV11607Gw5w urhYBmil2OH63c2fkvCvGnySSAJh7puJSBzQESXAIwJaZw==
899L3VHB4L88DJC1TVKI4NRL40RUQ72SATI.com. 86400 IN NSEC3 1 1 0 - L3VI05S35QBJI6580Q1E7GBME9Q3C06U NS DS RRSIG
900L3VHB4L88DJC1TVKI4NRL40RUQ72SATI.com. 86400 IN RRSIG NSEC3 8 2 86400 20200131064433 20200124053433 56311 com. qpOwDo7Sx8OddAKa4mHVpKuI3avf4xJeUI7Np3VbE7flo1sYohioWGra hwmjblJkjCSuYKdHFI6HzRIZCEFhIVupj1aOGrqLi7V9LdtDhhck/etf LbU3t4x9mMojoqD59BWgJ2pIkaiRgh3JGp1+qZIh3DBO9A2K0ZUsrNF9 2dYjcveMAPMLmtJZy7sPVUWdAXBghOLN770IKh1vGAcOpQ==
901;; Received 639 bytes from 192.48.79.30#53(j.gtld-servers.net) in 158 ms
902
903nagasaki-tabinet.com. 86400 IN SOA 01.dnsv.jp. hostmaster.dnsv.jp. 1566864330 3600 900 604800 300
904nagasaki-tabinet.com. 86400 IN NS 01.dnsv.jp.
905nagasaki-tabinet.com. 86400 IN NS 02.dnsv.jp.
906nagasaki-tabinet.com. 86400 IN NS 03.dnsv.jp.
907nagasaki-tabinet.com. 86400 IN NS 04.dnsv.jp.
908nagasaki-tabinet.com. 300 IN A 210.140.228.109
909nagasaki-tabinet.com. 300 IN MX 10 mail.nagasaki-tabinet.com.
910nagasaki-tabinet.com. 300 IN TXT "facebook-domain-verification=6eu05zwizjv49w0gndyk50tq7ineit"
911nagasaki-tabinet.com. 300 IN TXT "v=spf1 +ip4:112.78.200.229 include:spf.tricorn.net ~all"
912;; Received 364 bytes from 157.7.32.53#53(01.dnsv.jp) in 314 ms
913#####################################################################################################################################
914[*] Performing General Enumeration of Domain: nagasaki-tabinet.com
915[-] DNSSEC is not configured for nagasaki-tabinet.com
916[*] SOA 01.dnsv.jp 157.7.32.53
917[*] NS 02.dnsv.jp 157.7.33.53
918[*] NS 01.dnsv.jp 157.7.32.53
919[*] NS 04.dnsv.jp 157.7.33.35
920[*] NS 04.dnsv.jp 2400:8500:3fff::53
921[*] NS 03.dnsv.jp 157.7.32.35
922[*] NS 03.dnsv.jp 2400:8500:3000::53
923[*] MX mail.nagasaki-tabinet.com 119.18.223.137
924[*] A nagasaki-tabinet.com 210.140.228.109
925[*] TXT nagasaki-tabinet.com facebook-domain-verification=6eu05zwizjv49w0gndyk50tq7ineit
926[*] TXT nagasaki-tabinet.com v=spf1 +ip4:112.78.200.229 include:spf.tricorn.net ~all
927[*] Enumerating SRV Records
928[-] No SRV Records Found for nagasaki-tabinet.com
929[+] 0 Records Found
930######################################################################################################################################
931[*] Processing domain nagasaki-tabinet.com
932[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
933[+] Getting nameservers
934157.7.33.53 - 02.dnsv.jp
935157.7.32.53 - 01.dnsv.jp
936157.7.33.35 - 04.dnsv.jp
937157.7.32.35 - 03.dnsv.jp
938[-] Zone transfer failed
939
940[+] TXT records found
941"facebook-domain-verification=6eu05zwizjv49w0gndyk50tq7ineit"
942"v=spf1 +ip4:112.78.200.229 include:spf.tricorn.net ~all"
943
944[+] MX records found, added to target list
94510 mail.nagasaki-tabinet.com.
946
947[*] Scanning nagasaki-tabinet.com for A records
948210.140.228.109 - nagasaki-tabinet.com
949210.140.228.109 - api.nagasaki-tabinet.com
950210.140.228.109 - dev.nagasaki-tabinet.com
951210.140.228.109 - ftp.nagasaki-tabinet.com
952119.18.223.137 - mail.nagasaki-tabinet.com
953210.140.228.109 - stage.nagasaki-tabinet.com
954133.167.7.2 - static.nagasaki-tabinet.com
955210.140.228.109 - www.nagasaki-tabinet.com
956#####################################################################################################################################
957 AVAILABLE PLUGINS
958 -----------------
959
960 RobotPlugin
961 HttpHeadersPlugin
962 OpenSslCipherSuitesPlugin
963 FallbackScsvPlugin
964 CertificateInfoPlugin
965 EarlyDataPlugin
966 CompressionPlugin
967 SessionRenegotiationPlugin
968 SessionResumptionPlugin
969 OpenSslCcsInjectionPlugin
970 HeartbleedPlugin
971
972
973
974 CHECKING HOST(S) AVAILABILITY
975 -----------------------------
976
977 210.140.228.109:443 => 210.140.228.109
978
979
980
981
982 SCAN RESULTS FOR 210.140.228.109:443 - 210.140.228.109
983 ------------------------------------------------------
984
985 * SSLV2 Cipher Suites:
986 Server rejected all cipher suites.
987
988 * OpenSSL CCS Injection:
989 OK - Not vulnerable to OpenSSL CCS injection
990
991 * TLSV1_3 Cipher Suites:
992 Server rejected all cipher suites.
993
994 * Session Renegotiation:
995 Client-initiated Renegotiation: OK - Rejected
996 Secure Renegotiation: OK - Supported
997
998 * TLSV1_1 Cipher Suites:
999 Forward Secrecy OK - Supported
1000 RC4 INSECURE - Supported
1001
1002 Preferred:
1003 None - Server followed client cipher suite preference.
1004 Accepted:
1005 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1006 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1007 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
1008 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 403 Forbidden
1009 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1010 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1011 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1012 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1013 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1014 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1015 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1016 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1017 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1018 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1019 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1020 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1021 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1022 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1023 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1024
1025 * Downgrade Attacks:
1026 TLS_FALLBACK_SCSV: OK - Supported
1027
1028 * OpenSSL Heartbleed:
1029 OK - Not vulnerable to Heartbleed
1030
1031 * TLSV1_2 Cipher Suites:
1032 Forward Secrecy OK - Supported
1033 RC4 INSECURE - Supported
1034
1035 Preferred:
1036 None - Server followed client cipher suite preference.
1037 Accepted:
1038 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1039 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1040 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
1041 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 403 Forbidden
1042 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1043 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1044 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1045 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
1046 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1047 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1048 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1049 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1050 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1051 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1052 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1053 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 403 Forbidden
1054 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1055 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1056 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1057 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1058 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1059 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1060 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1061 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1062 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 403 Forbidden
1063 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 403 Forbidden
1064 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1065 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 403 Forbidden
1066 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 403 Forbidden
1067 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1068 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1069 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1070
1071 * TLS 1.2 Session Resumption Support:
1072 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1073 With TLS Tickets: OK - Supported
1074
1075 * Deflate Compression:
1076 OK - Compression disabled
1077
1078 * Certificate Information:
1079 Content
1080 SHA1 Fingerprint: dffe7760571bfb0c424d2b3188fb4420341d2916
1081 Common Name: countryName=XX, localityName=Default City, organizationName=Default Company Ltd
1082 Issuer: countryName=XX, localityName=Default City, organizationName=Default Company Ltd
1083 Serial Number: 9289982734351121530
1084 Not Before: 2018-02-07 23:54:37
1085 Not After: 2028-02-05 23:54:37
1086 Signature Algorithm: sha256
1087 Public Key Algorithm: RSA
1088 Key Size: 2048
1089 Exponent: 65537 (0x10001)
1090 DNS Subject Alternative Names: []
1091
1092 Trust
1093 Hostname Validation: FAILED - Certificate does NOT match 210.140.228.109
1094 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
1095 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
1096 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
1097 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
1098 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
1099 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1100 Received Chain: countryName=XX, localityName=Default City, organizationName=Default Company Ltd
1101 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
1102 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
1103 Received Chain Order: OK - Order is valid
1104 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
1105
1106 Extensions
1107 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1108 Certificate Transparency: NOT SUPPORTED - Extension not found
1109
1110 OCSP Stapling
1111 NOT SUPPORTED - Server did not send back an OCSP response
1112
1113 * ROBOT Attack:
1114 OK - Not vulnerable
1115
1116 * TLSV1 Cipher Suites:
1117 Forward Secrecy OK - Supported
1118 RC4 INSECURE - Supported
1119
1120 Preferred:
1121 None - Server followed client cipher suite preference.
1122 Accepted:
1123 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1124 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1125 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
1126 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 403 Forbidden
1127 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1128 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1129 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1130 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1131 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1132 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1133 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1134 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1135 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1136 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1137 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1138 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1139 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1140 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1141 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1142
1143 * SSLV3 Cipher Suites:
1144 Forward Secrecy OK - Supported
1145 RC4 INSECURE - Supported
1146
1147 Preferred:
1148 None - Server followed client cipher suite preference.
1149 Accepted:
1150 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1151 TLS_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1152 TLS_RSA_WITH_RC4_128_MD5 128 bits HTTP 403 Forbidden
1153 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 403 Forbidden
1154 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1155 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1156 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1157 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1158 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1159 TLS_ECDHE_RSA_WITH_RC4_128_SHA 128 bits HTTP 403 Forbidden
1160 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1161 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1162 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1163 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 403 Forbidden
1164 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 403 Forbidden
1165 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 403 Forbidden
1166 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 403 Forbidden
1167 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 403 Forbidden
1168 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 403 Forbidden
1169
1170
1171 SCAN COMPLETED IN 30.03 S
1172 -------------------------
1173######################################################################################################################################
1174Domains still to check: 1
1175 Checking if the hostname nagasaki-tabinet.com. given is in fact a domain...
1176
1177Analyzing domain: nagasaki-tabinet.com.
1178 Checking NameServers using system default resolver...
1179 IP: 157.7.33.53 (Japan)
1180 HostName: 02.dnsv.jp Type: NS
1181 HostName: 02.dnsv.jp Type: PTR
1182 IP: 157.7.32.53 (Japan)
1183 HostName: 01.dnsv.jp Type: NS
1184 HostName: 01.dnsv.jp Type: PTR
1185 IP: 157.7.33.35 (Japan)
1186 HostName: 04.dnsv.jp Type: NS
1187 HostName: 04.dnsv.jp Type: PTR
1188 IP: 157.7.32.35 (Japan)
1189 HostName: 03.dnsv.jp Type: NS
1190 HostName: 03.dnsv.jp Type: PTR
1191
1192 Checking MailServers using system default resolver...
1193 IP: 119.18.223.137 (Japan)
1194 HostName: mail.nagasaki-tabinet.com Type: MX
1195 HostName: www.bb-serve5.jp Type: PTR
1196
1197 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1198 No zone transfer found on nameserver 157.7.33.53
1199 No zone transfer found on nameserver 157.7.32.53
1200 No zone transfer found on nameserver 157.7.32.35
1201 No zone transfer found on nameserver 157.7.33.35
1202
1203 Checking SPF record...
1204 New IP found: 112.78.200.229
1205
1206 Checking SPF record...
1207
1208 Checking SPF record...
1209 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 211.10.12.192/26, but only the network IP
1210 New IP found: 211.10.12.192
1211 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.218.125.64/26, but only the network IP
1212 New IP found: 202.218.125.64
1213 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.183.50.128/25, but only the network IP
1214 New IP found: 203.183.50.128
1215 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.234.6.128/25, but only the network IP
1216 New IP found: 202.234.6.128
1217 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 210.129.210.0/25, but only the network IP
1218 New IP found: 210.129.210.0
1219 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.218.77.128/25, but only the network IP
1220 New IP found: 202.218.77.128
1221 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.183.233.128/25, but only the network IP
1222 New IP found: 203.183.233.128
1223 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.183.236.0/24, but only the network IP
1224 New IP found: 203.183.236.0
1225 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 203.183.137.128/25, but only the network IP
1226 New IP found: 203.183.137.128
1227 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 61.195.171.0/27, but only the network IP
1228 New IP found: 61.195.171.0
1229 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 202.230.13.128/25, but only the network IP
1230 New IP found: 202.230.13.128
1231
1232 Checking 192 most common hostnames using system default resolver...
1233 IP: 210.140.228.109 (Japan)
1234 HostName: www.nagasaki-tabinet.com. Type: A
1235 IP: 210.140.228.109 (Japan)
1236 HostName: www.nagasaki-tabinet.com. Type: A
1237 HostName: ftp.nagasaki-tabinet.com. Type: A
1238 HostName: 210x140x228x109.rev.barem.jp Type: PTR
1239 IP: 119.18.223.137 (Japan)
1240 HostName: mail.nagasaki-tabinet.com Type: MX
1241 HostName: www.bb-serve5.jp Type: PTR
1242 HostName: mail.nagasaki-tabinet.com. Type: A
1243
1244 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1245 Checking netblock 203.183.236.0
1246 Checking netblock 157.7.32.0
1247 Checking netblock 61.195.171.0
1248 Checking netblock 203.183.50.0
1249 Checking netblock 112.78.200.0
1250 Checking netblock 202.234.6.0
1251 Checking netblock 157.7.33.0
1252 Checking netblock 210.129.210.0
1253 Checking netblock 202.218.125.0
1254 Checking netblock 202.218.77.0
1255 Checking netblock 210.140.228.0
1256 Checking netblock 119.18.223.0
1257 Checking netblock 203.183.233.0
1258 Checking netblock 211.10.12.0
1259 Checking netblock 202.230.13.0
1260 Checking netblock 203.183.137.0
1261
1262 Searching for nagasaki-tabinet.com. emails in Google
1263
1264 Checking 18 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1265 Host 203.183.236.0 is up (reset ttl 64)
1266 Host 157.7.32.53 is up (reset ttl 64)
1267 Host 61.195.171.0 is up (reset ttl 64)
1268 Host 203.183.50.128 is up (reset ttl 64)
1269 Host 112.78.200.229 is up (reset ttl 64)
1270 Host 202.234.6.128 is up (reset ttl 64)
1271 Host 157.7.33.53 is up (reset ttl 64)
1272 Host 210.129.210.0 is up (reset ttl 64)
1273 Host 202.218.125.64 is up (reset ttl 64)
1274 Host 202.218.77.128 is up (reset ttl 64)
1275 Host 210.140.228.109 is up (reset ttl 64)
1276 Host 119.18.223.137 is up (reset ttl 64)
1277 Host 203.183.233.128 is up (reset ttl 64)
1278 Host 157.7.32.35 is up (reset ttl 64)
1279 Host 157.7.33.35 is up (reset ttl 64)
1280 Host 211.10.12.192 is up (reset ttl 64)
1281 Host 202.230.13.128 is up (reset ttl 64)
1282 Host 203.183.137.128 is up (reset ttl 64)
1283
1284 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1285 Scanning ip 203.183.236.0 ():
1286 Scanning ip 157.7.32.53 (01.dnsv.jp (PTR)):
1287 53/tcp open tcpwrapped syn-ack ttl 49
1288 | dns-nsid:
1289 | NSID: acc (616363)
1290 |_ id.server: GDNS version 20180305
1291 Device type: storage-misc|general purpose
1292 Scanning ip 61.195.171.0 ():
1293 Scanning ip 203.183.50.128 ():
1294 Scanning ip 112.78.200.229 ():
1295 Scanning ip 202.234.6.128 ():
1296 Scanning ip 157.7.33.53 (02.dnsv.jp (PTR)):
1297 53/tcp open tcpwrapped syn-ack ttl 49
1298 | dns-nsid:
1299 | NSID: ach (616368)
1300 |_ id.server: GDNS version 20180305
1301 Device type: storage-misc|general purpose
1302 Scanning ip 210.129.210.0 ():
1303 Scanning ip 202.218.125.64 ():
1304 Scanning ip 202.218.77.128 ():
1305 Scanning ip 210.140.228.109 (210x140x228x109.rev.barem.jp (PTR)):
1306 80/tcp open http syn-ack ttl 38 Apache httpd
1307 | http-methods:
1308 |_ Supported Methods: POST OPTIONS GET HEAD
1309 |_http-server-header: Apache
1310 |_http-title: 403 Forbidden
1311 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
1312 | http-methods:
1313 |_ Supported Methods: POST OPTIONS GET HEAD
1314 |_http-server-header: Apache
1315 |_http-title: 403 Forbidden
1316 | ssl-cert: Subject: organizationName=Default Company Ltd/countryName=XX
1317 | Issuer: organizationName=Default Company Ltd/countryName=XX
1318 | Public Key type: rsa
1319 | Public Key bits: 2048
1320 | Signature Algorithm: sha256WithRSAEncryption
1321 | Not valid before: 2018-02-07T23:54:37
1322 | Not valid after: 2028-02-05T23:54:37
1323 | MD5: dc82 14b2 cbdd 7e52 7776 6d4d 1b72 afec
1324 |_SHA-1: dffe 7760 571b fb0c 424d 2b31 88fb 4420 341d 2916
1325 |_ssl-date: TLS randomness does not represent time
1326 Scanning ip 119.18.223.137 (mail.nagasaki-tabinet.com.):
1327 Scanning ip 203.183.233.128 ():
1328 Scanning ip 157.7.32.35 (03.dnsv.jp (PTR)):
1329 53/tcp open tcpwrapped syn-ack ttl 49
1330 | dns-nsid:
1331 | NSID: acd (616364)
1332 |_ id.server: GDNS version 20180305
1333 Device type: storage-misc|general purpose|WAP
1334 Running (JUST GUESSING): HP embedded (87%), Linux 3.X|2.6.X (86%)
1335 Scanning ip 157.7.33.35 (04.dnsv.jp (PTR)):
1336 53/tcp open domain syn-ack ttl 49 ISC BIND
1337 | dns-nsid:
1338 | NSID: ach (616368)
1339 |_ id.server: GDNS version 20180305
1340 Device type: storage-misc|general purpose|specialized
1341 Scanning ip 211.10.12.192 ():
1342 Scanning ip 202.230.13.128 ():
1343 Scanning ip 203.183.137.128 ():
1344 WebCrawling domain's web servers... up to 50 max links.
1345
1346 + URL to crawl: http://ftp.nagasaki-tabinet.com.
1347 + Date: 2020-01-26
1348
1349 + Crawling URL: http://ftp.nagasaki-tabinet.com.:
1350 + Links:
1351 + Crawling http://ftp.nagasaki-tabinet.com. (403 Forbidden)
1352 + Searching for directories...
1353 + Searching open folders...
1354
1355
1356 + URL to crawl: http://www.nagasaki-tabinet.com.
1357 + Date: 2020-01-26
1358
1359 + Crawling URL: http://www.nagasaki-tabinet.com.:
1360 + Links:
1361 + Crawling http://www.nagasaki-tabinet.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1362 + Searching for directories...
1363 + Searching open folders...
1364
1365
1366 + URL to crawl: https://ftp.nagasaki-tabinet.com.
1367 + Date: 2020-01-26
1368
1369 + Crawling URL: https://ftp.nagasaki-tabinet.com.:
1370 + Links:
1371 + Crawling https://ftp.nagasaki-tabinet.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1372 + Searching for directories...
1373 + Searching open folders...
1374
1375
1376 + URL to crawl: https://www.nagasaki-tabinet.com.
1377 + Date: 2020-01-26
1378
1379 + Crawling URL: https://www.nagasaki-tabinet.com.:
1380 + Links:
1381 + Crawling https://www.nagasaki-tabinet.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1382 + Searching for directories...
1383 + Searching open folders...
1384
1385--Finished--
1386Summary information for domain nagasaki-tabinet.com.
1387-----------------------------------------
1388
1389 Domain Ips Information:
1390 IP: 203.183.236.0
1391 Type: SPF
1392 Is Active: True (reset ttl 64)
1393 IP: 157.7.32.53
1394 HostName: 01.dnsv.jp Type: NS
1395 HostName: 01.dnsv.jp Type: PTR
1396 Country: Japan
1397 Is Active: True (reset ttl 64)
1398 Port: 53/tcp open tcpwrapped syn-ack ttl 49
1399 Script Info: | dns-nsid:
1400 Script Info: | NSID: acc (616363)
1401 Script Info: |_ id.server: GDNS version 20180305
1402 Script Info: Device type: storage-misc|general purpose
1403 IP: 61.195.171.0
1404 Type: SPF
1405 Is Active: True (reset ttl 64)
1406 IP: 203.183.50.128
1407 Type: SPF
1408 Is Active: True (reset ttl 64)
1409 IP: 112.78.200.229
1410 Type: SPF
1411 Is Active: True (reset ttl 64)
1412 IP: 202.234.6.128
1413 Type: SPF
1414 Is Active: True (reset ttl 64)
1415 IP: 157.7.33.53
1416 HostName: 02.dnsv.jp Type: NS
1417 HostName: 02.dnsv.jp Type: PTR
1418 Country: Japan
1419 Is Active: True (reset ttl 64)
1420 Port: 53/tcp open tcpwrapped syn-ack ttl 49
1421 Script Info: | dns-nsid:
1422 Script Info: | NSID: ach (616368)
1423 Script Info: |_ id.server: GDNS version 20180305
1424 Script Info: Device type: storage-misc|general purpose
1425 IP: 210.129.210.0
1426 Type: SPF
1427 Is Active: True (reset ttl 64)
1428 IP: 202.218.125.64
1429 Type: SPF
1430 Is Active: True (reset ttl 64)
1431 IP: 202.218.77.128
1432 Type: SPF
1433 Is Active: True (reset ttl 64)
1434 IP: 210.140.228.109
1435 HostName: www.nagasaki-tabinet.com. Type: A
1436 HostName: ftp.nagasaki-tabinet.com. Type: A
1437 HostName: 210x140x228x109.rev.barem.jp Type: PTR
1438 Country: Japan
1439 Is Active: True (reset ttl 64)
1440 Port: 80/tcp open http syn-ack ttl 38 Apache httpd
1441 Script Info: | http-methods:
1442 Script Info: |_ Supported Methods: POST OPTIONS GET HEAD
1443 Script Info: |_http-server-header: Apache
1444 Script Info: |_http-title: 403 Forbidden
1445 Port: 443/tcp open ssl/http syn-ack ttl 43 Apache httpd
1446 Script Info: | http-methods:
1447 Script Info: |_ Supported Methods: POST OPTIONS GET HEAD
1448 Script Info: |_http-server-header: Apache
1449 Script Info: |_http-title: 403 Forbidden
1450 Script Info: | ssl-cert: Subject: organizationName=Default Company Ltd/countryName=XX
1451 Script Info: | Issuer: organizationName=Default Company Ltd/countryName=XX
1452 Script Info: | Public Key type: rsa
1453 Script Info: | Public Key bits: 2048
1454 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1455 Script Info: | Not valid before: 2018-02-07T23:54:37
1456 Script Info: | Not valid after: 2028-02-05T23:54:37
1457 Script Info: | MD5: dc82 14b2 cbdd 7e52 7776 6d4d 1b72 afec
1458 Script Info: |_SHA-1: dffe 7760 571b fb0c 424d 2b31 88fb 4420 341d 2916
1459 Script Info: |_ssl-date: TLS randomness does not represent time
1460 IP: 119.18.223.137
1461 HostName: mail.nagasaki-tabinet.com Type: MX
1462 HostName: www.bb-serve5.jp Type: PTR
1463 HostName: mail.nagasaki-tabinet.com. Type: A
1464 Country: Japan
1465 Is Active: True (reset ttl 64)
1466 IP: 203.183.233.128
1467 Type: SPF
1468 Is Active: True (reset ttl 64)
1469 IP: 157.7.32.35
1470 HostName: 03.dnsv.jp Type: NS
1471 HostName: 03.dnsv.jp Type: PTR
1472 Country: Japan
1473 Is Active: True (reset ttl 64)
1474 Port: 53/tcp open tcpwrapped syn-ack ttl 49
1475 Script Info: | dns-nsid:
1476 Script Info: | NSID: acd (616364)
1477 Script Info: |_ id.server: GDNS version 20180305
1478 Script Info: Device type: storage-misc|general purpose|WAP
1479 Script Info: Running (JUST GUESSING): HP embedded (87%), Linux 3.X|2.6.X (86%)
1480 IP: 157.7.33.35
1481 HostName: 04.dnsv.jp Type: NS
1482 HostName: 04.dnsv.jp Type: PTR
1483 Country: Japan
1484 Is Active: True (reset ttl 64)
1485 Port: 53/tcp open domain syn-ack ttl 49 ISC BIND
1486 Script Info: | dns-nsid:
1487 Script Info: | NSID: ach (616368)
1488 Script Info: |_ id.server: GDNS version 20180305
1489 Script Info: Device type: storage-misc|general purpose|specialized
1490 IP: 211.10.12.192
1491 Type: SPF
1492 Is Active: True (reset ttl 64)
1493 IP: 202.230.13.128
1494 Type: SPF
1495 Is Active: True (reset ttl 64)
1496 IP: 203.183.137.128
1497 Type: SPF
1498 Is Active: True (reset ttl 64)
1499
1500--------------End Summary --------------
1501-----------------------------------------
1502#####################################################################################################################################
1503traceroute to www.nagasaki-tabinet.com (210.140.228.109), 30 hops max, 60 byte packets
1504 1 10.242.204.1 (10.242.204.1) 37.074 ms 73.554 ms 73.550 ms
1505 2 104.245.145.177 (104.245.145.177) 73.530 ms 73.510 ms 73.479 ms
1506 3 te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 73.470 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 73.412 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 73.403 ms
1507 4 be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 73.398 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 73.347 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 73.338 ms
1508 5 te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 73.317 ms 75.977 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 164.430 ms
1509 6 be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233) 164.364 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 85.081 ms be2993.ccr21.cle04.atlas.cogentco.com (154.54.31.225) 101.014 ms
1510 7 be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89) 151.417 ms be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 151.318 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129) 151.259 ms
1511 8 be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165) 151.302 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97) 151.304 ms be2831.ccr21.mci01.atlas.cogentco.com (154.54.42.165) 151.219 ms
1512 9 be3110.ccr22.sfo01.atlas.cogentco.com (154.54.44.141) 198.712 ms 198.692 ms 198.618 ms
151310 be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 151.150 ms be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14) 198.629 ms be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 151.047 ms
151411 38.88.224.178 (38.88.224.178) 198.548 ms 198.502 ms 135.068 ms
151512 be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14) 143.163 ms 111.87.3.113 (111.87.3.113) 143.111 ms 111.87.3.105 (111.87.3.105) 143.071 ms
151613 38.88.224.178 (38.88.224.178) 143.073 ms 106.187.13.29 (106.187.13.29) 248.716 ms 106.187.13.25 (106.187.13.25) 248.716 ms
151714 111.87.3.113 (111.87.3.113) 143.041 ms 111.87.3.117 (111.87.3.117) 143.031 ms 27.85.227.105 (27.85.227.105) 248.620 ms
151815 oteJIN301.int-gw.kddi.ne.jp (27.86.32.6) 246.784 ms oteJIN301.int-gw.kddi.ne.jp (27.86.32.2) 236.501 ms oteACS002.int-gw.kddi.ne.jp (106.187.13.17) 246.585 ms
151916 111.108.12.170 (111.108.12.170) 285.092 ms 285.089 ms 27.85.227.117 (27.85.227.117) 246.593 ms
152017 202.93.95.182 (202.93.95.182) 246.576 ms 261.327 ms 365.826 ms
152118 111.108.12.170 (111.108.12.170) 365.765 ms 365.809 ms 315.384 ms
152219 202.93.95.182 (202.93.95.182) 365.720 ms 158.205.134.62 (158.205.134.62) 365.701 ms 365.639 ms
152320 118.151.224.194 (118.151.224.194) 717.928 ms 634.419 ms 586.798 ms
152421 158.205.134.62 (158.205.134.62) 266.046 ms 158.205.83.66 (158.205.83.66) 306.409 ms 158.205.134.62 (158.205.134.62) 265.990 ms
152522 * * *
152623 158.205.83.66 (158.205.83.66) 267.219 ms 267.216 ms *
1527######################################################################################################################################
1528
1529----- nagasaki-tabinet.com -----
1530
1531
1532Host's addresses:
1533__________________
1534
1535nagasaki-tabinet.com. 300 IN A 210.140.228.109
1536
1537
1538Name Servers:
1539______________
1540
154102.dnsv.jp. 70986 IN A 157.7.33.53
154201.dnsv.jp. 71601 IN A 157.7.32.53
154304.dnsv.jp. 70986 IN A 157.7.33.35
154403.dnsv.jp. 70986 IN A 157.7.32.35
1545
1546
1547Mail (MX) Servers:
1548___________________
1549
1550mail.nagasaki-tabinet.com. 300 IN A 119.18.223.137
1551
1552
1553Brute forcing with /usr/share/dnsenum/dns.txt:
1554_______________________________________________
1555
1556ftp.nagasaki-tabinet.com. 300 IN CNAME nagasaki-tabinet.com.
1557nagasaki-tabinet.com. 300 IN A 210.140.228.109
1558mail.nagasaki-tabinet.com. 247 IN A 119.18.223.137
1559www.nagasaki-tabinet.com. 300 IN CNAME nagasaki-tabinet.com.
1560nagasaki-tabinet.com. 300 IN A 210.140.228.109
1561
1562
1563Launching Whois Queries:
1564_________________________
1565
1566 whois ip result: 119.18.223.0 -> 119.18.223.0/24
1567 whois ip result: 210.140.228.0 -> 210.140.228.0/25
1568
1569
1570nagasaki-tabinet.com____________________
1571
1572 119.18.223.0/24
1573 210.140.228.0/25
1574######################################################################################################################################
1575WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1576Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 22:52 EST
1577Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
1578Host is up (0.25s latency).
1579Not shown: 490 filtered ports, 4 closed ports
1580Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1581PORT STATE SERVICE
158280/tcp open http
1583443/tcp open https
1584
1585Nmap done: 1 IP address (1 host up) scanned in 11.31 seconds
1586#####################################################################################################################################
1587Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 22:53 EST
1588Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
1589Host is up (0.16s latency).
1590Not shown: 2 filtered ports
1591PORT STATE SERVICE
159253/udp open|filtered domain
159367/udp open|filtered dhcps
159468/udp open|filtered dhcpc
159569/udp open|filtered tftp
159688/udp open|filtered kerberos-sec
1597123/udp open|filtered ntp
1598139/udp open|filtered netbios-ssn
1599161/udp open|filtered snmp
1600162/udp open|filtered snmptrap
1601389/udp open|filtered ldap
1602500/udp open|filtered isakmp
1603520/udp open|filtered route
16042049/udp open|filtered nfs
1605
1606Nmap done: 1 IP address (1 host up) scanned in 3.74 seconds
1607#####################################################################################################################################
1608HTTP/1.1 403 Forbidden
1609Date: Mon, 27 Jan 2020 03:53:03 GMT
1610Server: Apache
1611Content-Type: text/html; charset=iso-8859-1
1612
1613Allow: POST,OPTIONS,GET,HEAD
1614#####################################################################################################################################
1615
1616wig - WebApp Information Gatherer
1617
1618
1619Scanning http://210.140.228.109...
1620_________________________________________ SITE INFO _________________________________________
1621IP Title
1622210.140.228.109 403 Forbidden
1623
1624__________________________________________ VERSION __________________________________________
1625Name Versions Type
1626Apache 2.4.10 | 2.4.11 | 2.4.12 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 Platform
1627 2.4.9
1628
1629_____________________________________________________________________________________________
1630Time: 61.1 sec Urls: 812 Fingerprints: 40401
1631#####################################################################################################################################
1632Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 22:54 EST
1633NSE: Loaded 161 scripts for scanning.
1634NSE: Script Pre-scanning.
1635Initiating NSE at 22:54
1636Completed NSE at 22:54, 0.00s elapsed
1637Initiating NSE at 22:54
1638Completed NSE at 22:54, 0.00s elapsed
1639Initiating Parallel DNS resolution of 1 host. at 22:54
1640Completed Parallel DNS resolution of 1 host. at 22:54, 0.02s elapsed
1641Initiating SYN Stealth Scan at 22:54
1642Scanning 210x140x228x109.rev.barem.jp (210.140.228.109) [1 port]
1643Discovered open port 80/tcp on 210.140.228.109
1644Completed SYN Stealth Scan at 22:54, 0.31s elapsed (1 total ports)
1645Initiating Service scan at 22:54
1646Scanning 1 service on 210x140x228x109.rev.barem.jp (210.140.228.109)
1647Completed Service scan at 22:54, 6.71s elapsed (1 service on 1 host)
1648Initiating OS detection (try #1) against 210x140x228x109.rev.barem.jp (210.140.228.109)
1649Retrying OS detection (try #2) against 210x140x228x109.rev.barem.jp (210.140.228.109)
1650Initiating Traceroute at 22:54
1651Completed Traceroute at 22:54, 3.32s elapsed
1652Initiating Parallel DNS resolution of 21 hosts. at 22:54
1653Completed Parallel DNS resolution of 21 hosts. at 22:54, 1.01s elapsed
1654NSE: Script scanning 210.140.228.109.
1655Initiating NSE at 22:54
1656Completed NSE at 22:55, 60.66s elapsed
1657Initiating NSE at 22:55
1658Completed NSE at 22:55, 1.23s elapsed
1659Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
1660Host is up (0.25s latency).
1661
1662PORT STATE SERVICE VERSION
166380/tcp open http Apache httpd
1664| http-brute:
1665|_ Path "/" does not require authentication
1666|_http-chrono: Request times for /; avg: 271.15ms; min: 217.54ms; max: 350.45ms
1667|_http-csrf: Couldn't find any CSRF vulnerabilities.
1668|_http-date: Mon, 27 Jan 2020 03:54:55 GMT; -6s from local time.
1669|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1670|_http-dombased-xss: Couldn't find any DOM based XSS.
1671|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1672| http-errors:
1673| Spidering limited to: maxpagecount=40; withinhost=210x140x228x109.rev.barem.jp
1674| Found the following error pages:
1675|
1676| Error Code: 403
1677|_ http://210x140x228x109.rev.barem.jp:80/
1678|_http-feed: Couldn't find any feeds.
1679|_http-fetch: Please enter the complete path of the directory to save data in.
1680| http-headers:
1681| Date: Mon, 27 Jan 2020 03:55:01 GMT
1682| Server: Apache
1683| Content-Length: 202
1684| Connection: close
1685| Content-Type: text/html; charset=iso-8859-1
1686|
1687|_ (Request type: GET)
1688|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1689| http-methods:
1690|_ Supported Methods: POST OPTIONS GET HEAD
1691|_http-mobileversion-checker: No mobile version detected.
1692|_http-security-headers:
1693|_http-server-header: Apache
1694| http-sitemap-generator:
1695| Directory structure:
1696| Longest directory structure:
1697| Depth: 0
1698| Dir: /
1699| Total files found (by extension):
1700|_
1701|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1702|_http-title: 403 Forbidden
1703| http-vhosts:
1704|_127 names had status 403
1705|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1706|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1707|_http-xssed: No previously reported XSS vuln.
1708Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1709Device type: specialized|storage-misc
1710Running (JUST GUESSING): Crestron 2-Series (87%), HP embedded (85%)
1711OS CPE: cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
1712Aggressive OS guesses: Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
1713No exact OS matches for host (test conditions non-ideal).
1714Uptime guess: 21.189 days (since Sun Jan 5 18:23:42 2020)
1715Network Distance: 24 hops
1716TCP Sequence Prediction: Difficulty=258 (Good luck!)
1717IP ID Sequence Generation: All zeros
1718
1719TRACEROUTE (using port 80/tcp)
1720HOP RTT ADDRESS
17211 97.17 ms 10.242.204.1
17222 144.67 ms 104.245.145.177
17233 144.73 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
17244 144.75 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
17255 144.73 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153)
17266 144.78 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
17277 144.81 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
17288 144.86 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
17299 144.86 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
173010 144.88 ms be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14)
173111 113.17 ms be3110.ccr22.sfo01.atlas.cogentco.com (154.54.44.141)
173212 157.18 ms 111.87.3.225
173313 214.15 ms 38.88.224.178
173414 214.10 ms 111.87.3.225
173515 270.85 ms oteACS002.int-gw.kddi.ne.jp (106.187.13.17)
173616 270.80 ms 27.86.46.89
173717 270.75 ms oteJIN301.int-gw.kddi.ne.jp (27.86.32.6)
173818 270.80 ms 111.108.12.170
173919 270.82 ms 158.205.134.62
174020 717.07 ms 118.151.224.194
174121 245.84 ms 158.205.134.62
174222 ...
174323 227.39 ms 158.205.83.66
174424 314.88 ms 210x140x228x109.rev.barem.jp (210.140.228.109)
1745
1746NSE: Script Post-scanning.
1747Initiating NSE at 22:55
1748Completed NSE at 22:55, 0.00s elapsed
1749Initiating NSE at 22:55
1750Completed NSE at 22:55, 0.00s elapsed
1751######################################################################################################################################
1752Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 22:56 EST
1753NSE: Loaded 161 scripts for scanning.
1754NSE: Script Pre-scanning.
1755Initiating NSE at 22:56
1756Completed NSE at 22:56, 0.00s elapsed
1757Initiating NSE at 22:56
1758Completed NSE at 22:56, 0.00s elapsed
1759Initiating Parallel DNS resolution of 1 host. at 22:56
1760Completed Parallel DNS resolution of 1 host. at 22:56, 0.02s elapsed
1761Initiating SYN Stealth Scan at 22:56
1762Scanning 210x140x228x109.rev.barem.jp (210.140.228.109) [1 port]
1763Discovered open port 443/tcp on 210.140.228.109
1764Completed SYN Stealth Scan at 22:56, 0.27s elapsed (1 total ports)
1765Initiating Service scan at 22:56
1766Scanning 1 service on 210x140x228x109.rev.barem.jp (210.140.228.109)
1767Completed Service scan at 22:56, 13.87s elapsed (1 service on 1 host)
1768Initiating OS detection (try #1) against 210x140x228x109.rev.barem.jp (210.140.228.109)
1769Retrying OS detection (try #2) against 210x140x228x109.rev.barem.jp (210.140.228.109)
1770Initiating Traceroute at 22:56
1771Completed Traceroute at 22:56, 3.35s elapsed
1772Initiating Parallel DNS resolution of 18 hosts. at 22:56
1773Completed Parallel DNS resolution of 18 hosts. at 22:56, 0.80s elapsed
1774NSE: Script scanning 210.140.228.109.
1775Initiating NSE at 22:56
1776Completed NSE at 22:58, 90.09s elapsed
1777Initiating NSE at 22:58
1778Completed NSE at 22:58, 1.97s elapsed
1779Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
1780Host is up (0.25s latency).
1781
1782PORT STATE SERVICE VERSION
1783443/tcp open ssl/http Apache httpd
1784| http-brute:
1785|_ Path "/" does not require authentication
1786|_http-chrono: Request times for /; avg: 385.23ms; min: 300.47ms; max: 636.44ms
1787|_http-csrf: Couldn't find any CSRF vulnerabilities.
1788|_http-date: Mon, 27 Jan 2020 03:56:59 GMT; -7s from local time.
1789|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1790|_http-dombased-xss: Couldn't find any DOM based XSS.
1791|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1792| http-errors:
1793| Spidering limited to: maxpagecount=40; withinhost=210x140x228x109.rev.barem.jp
1794| Found the following error pages:
1795|
1796| Error Code: 403
1797|_ https://210x140x228x109.rev.barem.jp:443/
1798|_http-feed: Couldn't find any feeds.
1799|_http-fetch: Please enter the complete path of the directory to save data in.
1800| http-headers:
1801| Date: Mon, 27 Jan 2020 03:57:04 GMT
1802| Server: Apache
1803| Content-Length: 362
1804| Connection: close
1805| Content-Type: text/html; charset=iso-8859-1
1806|
1807|_ (Request type: GET)
1808|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1809| http-methods:
1810|_ Supported Methods: POST OPTIONS GET HEAD
1811|_http-mobileversion-checker: No mobile version detected.
1812| http-security-headers:
1813| Strict_Transport_Security:
1814|_ HSTS not configured in HTTPS Server
1815|_http-server-header: Apache
1816| http-sitemap-generator:
1817| Directory structure:
1818| Longest directory structure:
1819| Depth: 0
1820| Dir: /
1821| Total files found (by extension):
1822|_
1823|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1824|_http-title: 403 Forbidden
1825|_http-userdir-enum: Potential Users: root, admin, administrator, webadmin, sysadmin, netadmin, guest, user, web, test
1826| http-vhosts:
1827| crs.rev.barem.jp : 400
1828|_126 names had status 403
1829|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1830|_http-xssed: No previously reported XSS vuln.
1831Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1832Device type: specialized|storage-misc
1833Running (JUST GUESSING): Crestron 2-Series (87%), HP embedded (85%)
1834OS CPE: cpe:/o:crestron:2_series cpe:/h:hp:p2000_g3
1835Aggressive OS guesses: Crestron XPanel control system (87%), HP P2000 G3 NAS device (85%)
1836No exact OS matches for host (test conditions non-ideal).
1837Uptime guess: 21.191 days (since Sun Jan 5 18:23:42 2020)
1838Network Distance: 23 hops
1839TCP Sequence Prediction: Difficulty=257 (Good luck!)
1840IP ID Sequence Generation: All zeros
1841
1842TRACEROUTE (using port 443/tcp)
1843HOP RTT ADDRESS
18441 180.22 ms 10.242.204.1
18452 180.26 ms 104.245.145.177
18463 180.27 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
18474 180.29 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
18485 180.32 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
18496 180.33 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
18507 180.34 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
18518 180.37 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
18529 180.40 ms be3036.ccr22.den01.atlas.cogentco.com (154.54.31.89)
185310 114.36 ms be3038.ccr32.slc01.atlas.cogentco.com (154.54.42.97)
185411 136.82 ms 38.88.224.178
185512 142.01 ms be3670.ccr41.sjc03.atlas.cogentco.com (154.54.43.14)
185613 297.41 ms oteACS001.int-gw.kddi.ne.jp.13.187.106.in-addr.arpa (106.187.13.13)
185714 141.93 ms 111.87.3.105
185815 297.43 ms 106.187.13.25
185916 242.23 ms 111.108.12.170
186017 297.44 ms 202.93.95.182
186118 728.16 ms 118.151.224.194
186219 297.42 ms 158.205.134.62
186320 728.18 ms 118.151.224.194
186421 279.30 ms 158.205.134.62
186522 ...
186623 324.06 ms 210x140x228x109.rev.barem.jp (210.140.228.109)
1867
1868NSE: Script Post-scanning.
1869Initiating NSE at 22:58
1870Completed NSE at 22:58, 0.00s elapsed
1871Initiating NSE at 22:58
1872Completed NSE at 22:58, 0.00s elapsed
1873######################################################################################################################################
1874Version: 1.11.13-static
1875OpenSSL 1.0.2-chacha (1.0.2g-dev)
1876
1877Connected to 210.140.228.109
1878
1879Testing SSL server 210.140.228.109 on port 443 using SNI name 210.140.228.109
1880
1881 TLS Fallback SCSV:
1882Server supports TLS Fallback SCSV
1883
1884 TLS renegotiation:
1885Secure session renegotiation supported
1886
1887 TLS Compression:
1888Compression disabled
1889
1890 Heartbleed:
1891TLS 1.2 not vulnerable to heartbleed
1892TLS 1.1 not vulnerable to heartbleed
1893TLS 1.0 not vulnerable to heartbleed
1894
1895 Supported Server Cipher(s):
1896Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
1897Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
1898Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1899Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
1900Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
1901Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1902Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1903Accepted TLSv1.2 256 bits AES256-GCM-SHA384
1904Accepted TLSv1.2 256 bits AES256-SHA256
1905Accepted TLSv1.2 256 bits AES256-SHA
1906Accepted TLSv1.2 256 bits CAMELLIA256-SHA
1907Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
1908Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
1909Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1910Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
1911Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
1912Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1913Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1914Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1915Accepted TLSv1.2 128 bits AES128-GCM-SHA256
1916Accepted TLSv1.2 128 bits AES128-SHA256
1917Accepted TLSv1.2 128 bits AES128-SHA
1918Accepted TLSv1.2 128 bits SEED-SHA
1919Accepted TLSv1.2 128 bits CAMELLIA128-SHA
1920Accepted TLSv1.2 128 bits IDEA-CBC-SHA
1921Accepted TLSv1.2 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1922Accepted TLSv1.2 128 bits RC4-SHA
1923Accepted TLSv1.2 128 bits RC4-MD5
1924Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1925Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1926Accepted TLSv1.2 112 bits DES-CBC3-SHA
1927Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1928Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1929Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1930Accepted TLSv1.1 256 bits AES256-SHA
1931Accepted TLSv1.1 256 bits CAMELLIA256-SHA
1932Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1933Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1934Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1935Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1936Accepted TLSv1.1 128 bits AES128-SHA
1937Accepted TLSv1.1 128 bits SEED-SHA
1938Accepted TLSv1.1 128 bits CAMELLIA128-SHA
1939Accepted TLSv1.1 128 bits IDEA-CBC-SHA
1940Accepted TLSv1.1 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1941Accepted TLSv1.1 128 bits RC4-SHA
1942Accepted TLSv1.1 128 bits RC4-MD5
1943Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1944Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1945Accepted TLSv1.1 112 bits DES-CBC3-SHA
1946Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1947Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1948Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1949Accepted TLSv1.0 256 bits AES256-SHA
1950Accepted TLSv1.0 256 bits CAMELLIA256-SHA
1951Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1952Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1953Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1954Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1955Accepted TLSv1.0 128 bits AES128-SHA
1956Accepted TLSv1.0 128 bits SEED-SHA
1957Accepted TLSv1.0 128 bits CAMELLIA128-SHA
1958Accepted TLSv1.0 128 bits IDEA-CBC-SHA
1959Accepted TLSv1.0 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1960Accepted TLSv1.0 128 bits RC4-SHA
1961Accepted TLSv1.0 128 bits RC4-MD5
1962Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1963Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1964Accepted TLSv1.0 112 bits DES-CBC3-SHA
1965Preferred SSLv3 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
1966Accepted SSLv3 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
1967Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
1968Accepted SSLv3 256 bits AES256-SHA
1969Accepted SSLv3 256 bits CAMELLIA256-SHA
1970Accepted SSLv3 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
1971Accepted SSLv3 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
1972Accepted SSLv3 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
1973Accepted SSLv3 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
1974Accepted SSLv3 128 bits AES128-SHA
1975Accepted SSLv3 128 bits SEED-SHA
1976Accepted SSLv3 128 bits CAMELLIA128-SHA
1977Accepted SSLv3 128 bits IDEA-CBC-SHA
1978Accepted SSLv3 128 bits ECDHE-RSA-RC4-SHA Curve P-256 DHE 256
1979Accepted SSLv3 128 bits RC4-SHA
1980Accepted SSLv3 128 bits RC4-MD5
1981Accepted SSLv3 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
1982Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
1983Accepted SSLv3 112 bits DES-CBC3-SHA
1984
1985 SSL Certificate:
1986Signature Algorithm: sha256WithRSAEncryption
1987RSA Key Strength: 2048
1988
1989Subject: /C=XX/L=Default City/O=Default Company Ltd
1990Issuer: /C=XX/L=Default City/O=Default Company Ltd
1991Not valid before: Feb 7 23:54:37 2018 GMT
1992Not valid after: Feb 5 23:54:37 2028 GMT
1993######################################################################################################################################
1994Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 23:04 EST
1995NSE: Loaded 46 scripts for scanning.
1996NSE: Script Pre-scanning.
1997Initiating NSE at 23:04
1998Completed NSE at 23:04, 0.00s elapsed
1999Initiating NSE at 23:04
2000Completed NSE at 23:04, 0.00s elapsed
2001Initiating Parallel DNS resolution of 1 host. at 23:04
2002Completed Parallel DNS resolution of 1 host. at 23:04, 0.02s elapsed
2003Initiating SYN Stealth Scan at 23:04
2004Scanning 210x140x228x109.rev.barem.jp (210.140.228.109) [65535 ports]
2005Discovered open port 80/tcp on 210.140.228.109
2006Discovered open port 443/tcp on 210.140.228.109
2007SYN Stealth Scan Timing: About 4.45% done; ETC: 23:15 (0:11:06 remaining)
2008SYN Stealth Scan Timing: About 13.56% done; ETC: 23:11 (0:06:29 remaining)
2009SYN Stealth Scan Timing: About 24.33% done; ETC: 23:10 (0:04:43 remaining)
2010SYN Stealth Scan Timing: About 31.79% done; ETC: 23:10 (0:04:20 remaining)
2011SYN Stealth Scan Timing: About 39.96% done; ETC: 23:10 (0:03:47 remaining)
2012SYN Stealth Scan Timing: About 47.14% done; ETC: 23:10 (0:03:23 remaining)
2013SYN Stealth Scan Timing: About 54.61% done; ETC: 23:11 (0:03:03 remaining)
2014SYN Stealth Scan Timing: About 60.85% done; ETC: 23:11 (0:02:41 remaining)
2015SYN Stealth Scan Timing: About 67.22% done; ETC: 23:11 (0:02:18 remaining)
2016SYN Stealth Scan Timing: About 75.39% done; ETC: 23:11 (0:01:42 remaining)
2017SYN Stealth Scan Timing: About 83.27% done; ETC: 23:11 (0:01:09 remaining)
2018SYN Stealth Scan Timing: About 92.47% done; ETC: 23:11 (0:00:30 remaining)
2019Completed SYN Stealth Scan at 23:11, 400.22s elapsed (65535 total ports)
2020Initiating Service scan at 23:11
2021Scanning 2 services on 210x140x228x109.rev.barem.jp (210.140.228.109)
2022Completed Service scan at 23:11, 14.37s elapsed (2 services on 1 host)
2023Initiating OS detection (try #1) against 210x140x228x109.rev.barem.jp (210.140.228.109)
2024Retrying OS detection (try #2) against 210x140x228x109.rev.barem.jp (210.140.228.109)
2025Initiating Traceroute at 23:11
2026Completed Traceroute at 23:11, 0.61s elapsed
2027Initiating Parallel DNS resolution of 22 hosts. at 23:11
2028Completed Parallel DNS resolution of 22 hosts. at 23:11, 0.97s elapsed
2029NSE: Script scanning 210.140.228.109.
2030Initiating NSE at 23:11
2031Completed NSE at 23:11, 2.36s elapsed
2032Initiating NSE at 23:11
2033Completed NSE at 23:11, 2.26s elapsed
2034Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
2035Host is up (0.22s latency).
2036Not shown: 65529 filtered ports
2037PORT STATE SERVICE VERSION
203825/tcp closed smtp
203980/tcp open http Apache httpd
2040|_http-server-header: Apache
2041139/tcp closed netbios-ssn
2042443/tcp open ssl/http Apache httpd
2043|_http-server-header: Apache
2044445/tcp closed microsoft-ds
20451723/tcp closed pptp
2046Aggressive OS guesses: HP P2000 G3 NAS device (90%), Linux 2.6.32 (89%), Linux 2.6.32 - 3.1 (89%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (89%), Linux 3.7 (89%), Linux 2.6.32 - 3.13 (88%), Linux 3.0 - 3.2 (88%), Infomir MAG-250 set-top box (87%), Ubiquiti AirOS 5.5.9 (87%), Linux 3.3 (87%)
2047No exact OS matches for host (test conditions non-ideal).
2048Uptime guess: 21.200 days (since Sun Jan 5 18:23:42 2020)
2049Network Distance: 24 hops
2050TCP Sequence Prediction: Difficulty=257 (Good luck!)
2051IP ID Sequence Generation: All zeros
2052
2053TRACEROUTE (using port 1723/tcp)
2054HOP RTT ADDRESS
20551 58.24 ms 10.242.204.1
20562 91.23 ms 104.245.145.177
20573 91.28 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
20584 91.30 ms be2994.ccr22.cle04.atlas.cogentco.com (154.54.31.233)
20595 91.32 ms be2718.ccr42.ord01.atlas.cogentco.com (154.54.7.129)
20606 91.35 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169)
20617 122.18 ms be2433.ccr32.dfw01.atlas.cogentco.com (154.54.3.213)
20628 122.23 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
20639 122.28 ms be2928.ccr21.elp01.atlas.cogentco.com (154.54.30.162)
206410 122.30 ms be2443.ccr42.iah01.atlas.cogentco.com (154.54.44.229)
206511 154.88 ms be2931.ccr41.lax01.atlas.cogentco.com (154.54.44.86)
206612 154.44 ms be2929.ccr31.phx01.atlas.cogentco.com (154.54.42.65)
206713 144.29 ms be2932.ccr42.lax01.atlas.cogentco.com (154.54.45.162)
206814 144.22 ms 203.181.106.165
206915 144.22 ms 38.88.225.10
207016 144.22 ms 203.181.106.237
207117 304.27 ms 106.187.12.1
207218 304.32 ms 27.85.227.121
207319 266.90 ms oteJIN301.int-gw.kddi.ne.jp (27.86.32.2)
207420 304.26 ms 111.108.12.170
207521 252.80 ms 158.205.134.62
207622 352.27 ms 118.151.224.194
207723 352.22 ms 158.205.134.62
207824 352.17 ms 210x140x228x109.rev.barem.jp (210.140.228.109)
2079
2080NSE: Script Post-scanning.
2081Initiating NSE at 23:11
2082Completed NSE at 23:11, 0.00s elapsed
2083Initiating NSE at 23:11
2084Completed NSE at 23:11, 0.00s elapsed
2085######################################################################################################################################
2086Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 23:11 EST
2087NSE: Loaded 46 scripts for scanning.
2088NSE: Script Pre-scanning.
2089Initiating NSE at 23:11
2090Completed NSE at 23:11, 0.00s elapsed
2091Initiating NSE at 23:11
2092Completed NSE at 23:11, 0.00s elapsed
2093Initiating Parallel DNS resolution of 1 host. at 23:11
2094Completed Parallel DNS resolution of 1 host. at 23:11, 0.02s elapsed
2095Initiating UDP Scan at 23:11
2096Scanning 210x140x228x109.rev.barem.jp (210.140.228.109) [15 ports]
2097Completed UDP Scan at 23:11, 2.19s elapsed (15 total ports)
2098Initiating Service scan at 23:11
2099Scanning 13 services on 210x140x228x109.rev.barem.jp (210.140.228.109)
2100Service scan Timing: About 7.69% done; ETC: 23:32 (0:19:24 remaining)
2101Completed Service scan at 23:13, 102.59s elapsed (13 services on 1 host)
2102Initiating OS detection (try #1) against 210x140x228x109.rev.barem.jp (210.140.228.109)
2103Retrying OS detection (try #2) against 210x140x228x109.rev.barem.jp (210.140.228.109)
2104Initiating Traceroute at 23:13
2105Completed Traceroute at 23:13, 7.08s elapsed
2106Initiating Parallel DNS resolution of 1 host. at 23:13
2107Completed Parallel DNS resolution of 1 host. at 23:13, 0.00s elapsed
2108NSE: Script scanning 210.140.228.109.
2109Initiating NSE at 23:13
2110Completed NSE at 23:13, 7.14s elapsed
2111Initiating NSE at 23:13
2112Completed NSE at 23:13, 1.03s elapsed
2113Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
2114Host is up (0.063s latency).
2115
2116PORT STATE SERVICE VERSION
211753/udp open|filtered domain
211867/udp open|filtered dhcps
211968/udp open|filtered dhcpc
212069/udp open|filtered tftp
212188/udp open|filtered kerberos-sec
2122123/udp open|filtered ntp
2123137/udp filtered netbios-ns
2124138/udp filtered netbios-dgm
2125139/udp open|filtered netbios-ssn
2126161/udp open|filtered snmp
2127162/udp open|filtered snmptrap
2128389/udp open|filtered ldap
2129500/udp open|filtered isakmp
2130|_ike-version: ERROR: Script execution failed (use -d to debug)
2131520/udp open|filtered route
21322049/udp open|filtered nfs
2133Too many fingerprints match this host to give specific OS details
2134
2135TRACEROUTE (using port 138/udp)
2136HOP RTT ADDRESS
21371 59.59 ms 10.242.204.1
21382 ... 3
21394 30.38 ms 10.242.204.1
21405 64.04 ms 10.242.204.1
21416 64.04 ms 10.242.204.1
21427 64.04 ms 10.242.204.1
21438 64.04 ms 10.242.204.1
21449 64.01 ms 10.242.204.1
214510 30.38 ms 10.242.204.1
214611 ... 18
214719 61.89 ms 10.242.204.1
214820 30.82 ms 10.242.204.1
214921 29.99 ms 10.242.204.1
215022 ... 29
215130 31.48 ms 10.242.204.1
2152
2153NSE: Script Post-scanning.
2154Initiating NSE at 23:13
2155Completed NSE at 23:13, 0.00s elapsed
2156Initiating NSE at 23:13
2157Completed NSE at 23:13, 0.00s elapsed
2158Read data files from: /usr/bin/../share/nmap
2159OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2160Nmap done: 1 IP address (1 host up) scanned in 124.23 seconds
2161 Raw packets sent: 150 (14.628KB) | Rcvd: 25 (2.624KB)
2162#####################################################################################################################################
2163Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-26 23:21 EST
2164Nmap scan report for 210x140x228x109.rev.barem.jp (210.140.228.109)
2165Host is up (0.21s latency).
2166Not shown: 994 filtered ports
2167PORT STATE SERVICE VERSION
216825/tcp closed smtp
216980/tcp open http Apache httpd
2170|_http-server-header: Apache
2171| vulscan: VulDB - https://vuldb.com:
2172| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2173| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2174| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2175| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2176| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2177| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2178| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2179| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2180| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2181| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2182| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2183| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2184| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2185| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2186| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2187| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2188| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2189| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2190| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2191| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2192| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2193| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2194| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2195| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2196| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2197| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2198| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2199| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2200| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2201| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2202| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2203| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2204| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2205| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2206| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2207| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2208| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2209| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2210| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2211| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2212| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2213| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2214| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2215| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2216| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2217| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2218| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2219| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2220| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2221| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2222| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2223| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2224| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2225| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2226| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2227| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2228| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2229| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2230| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2231| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2232| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2233| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2234| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2235| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2236| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2237| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2238| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2239| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2240| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2241| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2242| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2243| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2244| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2245| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2246| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2247| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2248| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2249| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2250| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2251| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2252| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2253| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2254| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
2255| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
2256| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
2257| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
2258| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
2259| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
2260| [136370] Apache Fineract up to 1.2.x sql injection
2261| [136369] Apache Fineract up to 1.2.x sql injection
2262| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
2263| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
2264| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
2265| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
2266| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
2267| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2268| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2269| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2270| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2271| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2272| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2273| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2274| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2275| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2276| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2277| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2278| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2279| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2280| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2281| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2282| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2283| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2284| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2285| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2286| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2287| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2288| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2289| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2290| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2291| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2292| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2293| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2294| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2295| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2296| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2297| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2298| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2299| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2300| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2301| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2302| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2303| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2304| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2305| [130629] Apache Guacamole Cookie Flag weak encryption
2306| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2307| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2308| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2309| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2310| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2311| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2312| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2313| [130123] Apache Airflow up to 1.8.2 information disclosure
2314| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2315| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2316| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2317| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2318| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2319| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2320| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2321| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2322| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2323| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2324| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2325| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2326| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2327| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2328| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2329| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2330| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2331| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2332| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2333| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2334| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2335| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2336| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2337| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2338| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2339| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2340| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2341| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2342| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2343| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2344| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2345| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2346| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2347| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2348| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2349| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2350| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2351| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2352| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2353| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2354| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2355| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2356| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2357| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2358| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2359| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2360| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2361| [127007] Apache Spark Request Code Execution
2362| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2363| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2364| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2365| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2366| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2367| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2368| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2369| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2370| [126346] Apache Tomcat Path privilege escalation
2371| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2372| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2373| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2374| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2375| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2376| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2377| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2378| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2379| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2380| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2381| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2382| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2383| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2384| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2385| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2386| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2387| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2388| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2389| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2390| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2391| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2392| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2393| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2394| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2395| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2396| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2397| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2398| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2399| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2400| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2401| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2402| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2403| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2404| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2405| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2406| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2407| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2408| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2409| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2410| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2411| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2412| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2413| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2414| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2415| [123197] Apache Sentry up to 2.0.0 privilege escalation
2416| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2417| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2418| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2419| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2420| [122800] Apache Spark 1.3.0 REST API weak authentication
2421| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2422| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2423| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2424| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2425| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2426| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2427| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2428| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2429| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2430| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2431| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2432| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2433| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2434| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2435| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2436| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2437| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2438| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2439| [121354] Apache CouchDB HTTP API Code Execution
2440| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2441| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2442| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2443| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2444| [120168] Apache CXF weak authentication
2445| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2446| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2447| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2448| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2449| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2450| [119306] Apache MXNet Network Interface privilege escalation
2451| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2452| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2453| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2454| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2455| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2456| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2457| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2458| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2459| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2460| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2461| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2462| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2463| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2464| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2465| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2466| [117115] Apache Tika up to 1.17 tika-server command injection
2467| [116929] Apache Fineract getReportType Parameter privilege escalation
2468| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2469| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2470| [116926] Apache Fineract REST Parameter privilege escalation
2471| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2472| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2473| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2474| [115883] Apache Hive up to 2.3.2 privilege escalation
2475| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2476| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2477| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2478| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2479| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2480| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2481| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2482| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2483| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2484| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2485| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2486| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2487| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2488| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2489| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2490| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2491| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2492| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2493| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2494| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2495| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2496| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2497| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2498| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2499| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2500| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2501| [113895] Apache Geode up to 1.3.x Code Execution
2502| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2503| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2504| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2505| [113747] Apache Tomcat Servlets privilege escalation
2506| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2507| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2508| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2509| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2510| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2511| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2512| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2513| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2514| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2515| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2516| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2517| [112885] Apache Allura up to 1.8.0 File information disclosure
2518| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2519| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2520| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2521| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2522| [112625] Apache POI up to 3.16 Loop denial of service
2523| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2524| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2525| [112339] Apache NiFi 1.5.0 Header privilege escalation
2526| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2527| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2528| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2529| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2530| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2531| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2532| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2533| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2534| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2535| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2536| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2537| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2538| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2539| [112114] Oracle 9.1 Apache Log4j privilege escalation
2540| [112113] Oracle 9.1 Apache Log4j privilege escalation
2541| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2542| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2543| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2544| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2545| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2546| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2547| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2548| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2549| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2550| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2551| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2552| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2553| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2554| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2555| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2556| [110701] Apache Fineract Query Parameter sql injection
2557| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2558| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2559| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2560| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2561| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2562| [110106] Apache CXF Fediz Spring cross site request forgery
2563| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2564| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2565| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2566| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2567| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2568| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2569| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2570| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2571| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2572| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2573| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2574| [108938] Apple macOS up to 10.13.1 apache denial of service
2575| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2576| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2577| [108935] Apple macOS up to 10.13.1 apache denial of service
2578| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2579| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2580| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2581| [108931] Apple macOS up to 10.13.1 apache denial of service
2582| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2583| [108929] Apple macOS up to 10.13.1 apache denial of service
2584| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2585| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2586| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2587| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2588| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2589| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2590| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2591| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2592| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2593| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2594| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2595| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2596| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2597| [108782] Apache Xerces2 XML Service denial of service
2598| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2599| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2600| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2601| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2602| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2603| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2604| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2605| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2606| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2607| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2608| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2609| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2610| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2611| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2612| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2613| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2614| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2615| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2616| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2617| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2618| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2619| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2620| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2621| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2622| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2623| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2624| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2625| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2626| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2627| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2628| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2629| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2630| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2631| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2632| [107639] Apache NiFi 1.4.0 XML External Entity
2633| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2634| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2635| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2636| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2637| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2638| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2639| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2640| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2641| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2642| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2643| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2644| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2645| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2646| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2647| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2648| [107084] Apache Struts up to 2.3.19 cross site scripting
2649| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2650| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2651| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2652| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2653| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2654| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2655| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2656| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2657| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2658| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2659| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2660| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2661| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2662| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2663| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2664| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2665| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2666| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2667| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2668| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2669| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2670| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2671| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2672| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2673| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2674| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2675| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2676| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2677| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2678| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2679| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2680| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2681| [105643] Apache Pony Mail up to 0.8b weak authentication
2682| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2683| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2684| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2685| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2686| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2687| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2688| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2689| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2690| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2691| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2692| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2693| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2694| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2695| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2696| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2697| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2698| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2699| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2700| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2701| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2702| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2703| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2704| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2705| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2706| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2707| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2708| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2709| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2710| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2711| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2712| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2713| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2714| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2715| [103690] Apache OpenMeetings 1.0.0 sql injection
2716| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2717| [103688] Apache OpenMeetings 1.0.0 weak encryption
2718| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2719| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2720| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2721| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2722| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2723| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2724| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2725| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2726| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2727| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2728| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2729| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2730| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2731| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2732| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2733| [103352] Apache Solr Node weak authentication
2734| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2735| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2736| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2737| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2738| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2739| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2740| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2741| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2742| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2743| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2744| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2745| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2746| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2747| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2748| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2749| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2750| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2751| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2752| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2753| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2754| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2755| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2756| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2757| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2758| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2759| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2760| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2761| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2762| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2763| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2764| [99937] Apache Batik up to 1.8 privilege escalation
2765| [99936] Apache FOP up to 2.1 privilege escalation
2766| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2767| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2768| [99930] Apache Traffic Server up to 6.2.0 denial of service
2769| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2770| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2771| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2772| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2773| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2774| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2775| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2776| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2777| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2778| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2779| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2780| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2781| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2782| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2783| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2784| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2785| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2786| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2787| [98605] Apple macOS up to 10.12.3 Apache denial of service
2788| [98604] Apple macOS up to 10.12.3 Apache denial of service
2789| [98603] Apple macOS up to 10.12.3 Apache denial of service
2790| [98602] Apple macOS up to 10.12.3 Apache denial of service
2791| [98601] Apple macOS up to 10.12.3 Apache denial of service
2792| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2793| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2794| [98199] Apache Camel Validation XML External Entity
2795| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2796| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2797| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2798| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2799| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2800| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2801| [97081] Apache Tomcat HTTPS Request denial of service
2802| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2803| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2804| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2805| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2806| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2807| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2808| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2809| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2810| [95311] Apache Storm UI Daemon privilege escalation
2811| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2812| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2813| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2814| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2815| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2816| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2817| [94540] Apache Tika 1.9 tika-server File information disclosure
2818| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2819| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2820| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2821| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2822| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2823| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2824| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2825| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2826| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2827| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2828| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2829| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2830| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2831| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2832| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2833| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2834| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2835| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2836| [93532] Apache Commons Collections Library Java privilege escalation
2837| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2838| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2839| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2840| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2841| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2842| [93098] Apache Commons FileUpload privilege escalation
2843| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2844| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2845| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2846| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2847| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2848| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2849| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2850| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2851| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2852| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2853| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2854| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2855| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2856| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2857| [92549] Apache Tomcat on Red Hat privilege escalation
2858| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2859| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2860| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2861| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2862| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2863| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2864| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2865| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2866| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2867| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2868| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2869| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2870| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2871| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2872| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2873| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2874| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2875| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2876| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2877| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2878| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2879| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2880| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2881| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2882| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2883| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2884| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2885| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2886| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2887| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2888| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2889| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2890| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2891| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2892| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2893| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2894| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2895| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2896| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2897| [90263] Apache Archiva Header denial of service
2898| [90262] Apache Archiva Deserialize privilege escalation
2899| [90261] Apache Archiva XML DTD Connection privilege escalation
2900| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2901| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2902| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2903| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2904| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2905| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2906| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2907| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2908| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2909| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2910| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2911| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2912| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2913| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2914| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2915| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2916| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2917| [87765] Apache James Server 2.3.2 Command privilege escalation
2918| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2919| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2920| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2921| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2922| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2923| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2924| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2925| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2926| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2927| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2928| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2929| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2930| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2931| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2932| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2933| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2934| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2935| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2936| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2937| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2938| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2939| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2940| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2941| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2942| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2943| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2944| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2945| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2946| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2947| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2948| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2949| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2950| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2951| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2952| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2953| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2954| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2955| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2956| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2957| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2958| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2959| [82076] Apache Ranger up to 0.5.1 privilege escalation
2960| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2961| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2962| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2963| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2964| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2965| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2966| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2967| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2968| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2969| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2970| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2971| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2972| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2973| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2974| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2975| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2976| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2977| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2978| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2979| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2980| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2981| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2982| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2983| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2984| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2985| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2986| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2987| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2988| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2989| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2990| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2991| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2992| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2993| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2994| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2995| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2996| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2997| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2998| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2999| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3000| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3001| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3002| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3003| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3004| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3005| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3006| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3007| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3008| [78989] Apache Ambari up to 2.1.1 Open Redirect
3009| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3010| [78987] Apache Ambari up to 2.0.x cross site scripting
3011| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3012| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3013| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3014| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3015| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3016| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3017| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3018| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3019| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3020| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3021| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
3022| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
3023| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
3024| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
3025| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
3026| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
3027| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
3028| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
3029| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
3030| [76567] Apache Struts 2.3.20 unknown vulnerability
3031| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
3032| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
3033| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3034| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
3035| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
3036| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
3037| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
3038| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
3039| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
3040| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
3041| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
3042| [74793] Apache Tomcat File Upload denial of service
3043| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
3044| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
3045| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
3046| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
3047| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
3048| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
3049| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
3050| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
3051| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
3052| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
3053| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
3054| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
3055| [74468] Apache Batik up to 1.6 denial of service
3056| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
3057| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
3058| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3059| [74174] Apache WSS4J up to 2.0.0 privilege escalation
3060| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
3061| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
3062| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
3063| [73731] Apache XML Security unknown vulnerability
3064| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
3065| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
3066| [73593] Apache Traffic Server up to 5.1.0 denial of service
3067| [73511] Apache POI up to 3.10 Deadlock denial of service
3068| [73510] Apache Solr up to 4.3.0 cross site scripting
3069| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
3070| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
3071| [73173] Apache CloudStack Stack-Based unknown vulnerability
3072| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
3073| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
3074| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3075| [72890] Apache Qpid 0.30 unknown vulnerability
3076| [72887] Apache Hive 0.13.0 File Permission privilege escalation
3077| [72878] Apache Cordova 3.5.0 cross site request forgery
3078| [72877] Apache Cordova 3.5.0 cross site request forgery
3079| [72876] Apache Cordova 3.5.0 cross site request forgery
3080| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3081| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
3082| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
3083| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
3084| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3085| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3086| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
3087| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
3088| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
3089| [71629] Apache Axis2/C spoofing
3090| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
3091| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
3092| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
3093| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
3094| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
3095| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
3096| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
3097| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
3098| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
3099| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
3100| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
3101| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
3102| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
3103| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
3104| [70809] Apache POI up to 3.11 Crash denial of service
3105| [70808] Apache POI up to 3.10 unknown vulnerability
3106| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
3107| [70749] Apache Axis up to 1.4 getCN spoofing
3108| [70701] Apache Traffic Server up to 3.3.5 denial of service
3109| [70700] Apache OFBiz up to 12.04.03 cross site scripting
3110| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
3111| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
3112| [70661] Apache Subversion up to 1.6.17 denial of service
3113| [70660] Apache Subversion up to 1.6.17 spoofing
3114| [70659] Apache Subversion up to 1.6.17 spoofing
3115| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
3116| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
3117| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
3118| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
3119| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
3120| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
3121| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
3122| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
3123| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
3124| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
3125| [69846] Apache HBase up to 0.94.8 information disclosure
3126| [69783] Apache CouchDB up to 1.2.0 memory corruption
3127| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
3128| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3129| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3130| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
3131| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3132| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3133| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3134| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3135| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3136| [69431] Apache Archiva up to 1.3.6 cross site scripting
3137| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3138| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3139| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3140| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3141| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3142| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3143| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3144| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3145| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3146| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3147| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3148| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3149| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3150| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3151| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3152| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3153| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3154| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3155| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3156| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3157| [66356] Apache Wicket up to 6.8.0 information disclosure
3158| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3159| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3160| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3161| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3162| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3163| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3164| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3165| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3166| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3167| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3168| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3169| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3170| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3171| [65668] Apache Solr 4.0.0 Updater denial of service
3172| [65665] Apache Solr up to 4.3.0 denial of service
3173| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3174| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3175| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3176| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3177| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3178| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3179| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3180| [65410] Apache Struts 2.3.15.3 cross site scripting
3181| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3182| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3183| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3184| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3185| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3186| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3187| [65340] Apache Shindig 2.5.0 information disclosure
3188| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3189| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3190| [10826] Apache Struts 2 File privilege escalation
3191| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3192| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3193| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3194| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3195| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3196| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3197| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3198| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3199| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3200| [64722] Apache XML Security for C++ Heap-based memory corruption
3201| [64719] Apache XML Security for C++ Heap-based memory corruption
3202| [64718] Apache XML Security for C++ verify denial of service
3203| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3204| [64716] Apache XML Security for C++ spoofing
3205| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3206| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3207| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3208| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3209| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3210| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3211| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3212| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3213| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3214| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3215| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3216| [64467] Apache Geronimo 3.0 memory corruption
3217| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3218| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3219| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3220| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3221| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3222| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3223| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3224| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3225| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3226| [8873] Apache Struts 2.3.14 privilege escalation
3227| [8872] Apache Struts 2.3.14 privilege escalation
3228| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3229| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3230| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3231| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3232| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3233| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3234| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3235| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3236| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3237| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3238| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3239| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3240| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3241| [8427] Apache Tomcat Session Transaction weak authentication
3242| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3243| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3244| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3245| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3246| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3247| [63747] Apache Rave up to 0.20 User Account information disclosure
3248| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3249| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3250| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3251| [7687] Apache CXF up to 2.7.2 Token weak authentication
3252| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3253| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3254| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3255| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3256| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3257| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3258| [63090] Apache Tomcat up to 4.1.24 denial of service
3259| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3260| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3261| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3262| [62833] Apache CXF -/2.6.0 spoofing
3263| [62832] Apache Axis2 up to 1.6.2 spoofing
3264| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3265| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3266| [62826] Apache Libcloud up to 0.11.0 spoofing
3267| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3268| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3269| [62661] Apache Axis2 unknown vulnerability
3270| [62658] Apache Axis2 unknown vulnerability
3271| [62467] Apache Qpid up to 0.17 denial of service
3272| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3273| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3274| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3275| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3276| [62035] Apache Struts up to 2.3.4 denial of service
3277| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
3278| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3279| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3280| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3281| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3282| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3283| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3284| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3285| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3286| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3287| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3288| [61229] Apache Sling up to 2.1.1 denial of service
3289| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3290| [61094] Apache Roller up to 5.0 cross site scripting
3291| [61093] Apache Roller up to 5.0 cross site request forgery
3292| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3293| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3294| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
3295| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3296| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3297| [60708] Apache Qpid 0.12 unknown vulnerability
3298| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3299| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3300| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3301| [4882] Apache Wicket up to 1.5.4 directory traversal
3302| [4881] Apache Wicket up to 1.4.19 cross site scripting
3303| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3304| [60352] Apache Struts up to 2.2.3 memory corruption
3305| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3306| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3307| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3308| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3309| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3310| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3311| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3312| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3313| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3314| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3315| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3316| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3317| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3318| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3319| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3320| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3321| [59888] Apache Tomcat up to 6.0.6 denial of service
3322| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3323| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3324| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
3325| [59850] Apache Geronimo up to 2.2.1 denial of service
3326| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3327| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3328| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3329| [58413] Apache Tomcat up to 6.0.10 spoofing
3330| [58381] Apache Wicket up to 1.4.17 cross site scripting
3331| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3332| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3333| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3334| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3335| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3336| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3337| [57568] Apache Archiva up to 1.3.4 cross site scripting
3338| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3339| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3340| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3341| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3342| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3343| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3344| [57025] Apache Tomcat up to 7.0.11 information disclosure
3345| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3346| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3347| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3348| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3349| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3350| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3351| [56512] Apache Continuum up to 1.4.0 cross site scripting
3352| [4285] Apache Tomcat 5.x JVM getLocale denial of service
3353| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
3354| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3355| [56441] Apache Tomcat up to 7.0.6 denial of service
3356| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3357| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3358| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3359| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3360| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3361| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3362| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3363| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3364| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3365| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3366| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3367| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3368| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3369| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3370| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3371| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3372| [54012] Apache Tomcat up to 6.0.10 denial of service
3373| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3374| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3375| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3376| [52894] Apache Tomcat up to 6.0.7 information disclosure
3377| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3378| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3379| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3380| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3381| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3382| [52584] Apache CouchDB up to 0.10.1 information disclosure
3383| [51757] Apache HTTP Server 2.0.44 cross site scripting
3384| [51756] Apache HTTP Server 2.0.44 spoofing
3385| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3386| [51690] Apache Tomcat up to 6.0 directory traversal
3387| [51689] Apache Tomcat up to 6.0 information disclosure
3388| [51688] Apache Tomcat up to 6.0 directory traversal
3389| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3390| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3391| [50626] Apache Solr 1.0.0 cross site scripting
3392| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3393| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3394| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3395| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3396| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3397| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3398| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3399| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3400| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3401| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3402| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3403| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3404| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3405| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3406| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3407| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3408| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3409| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3410| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3411| [47214] Apachefriends xampp 1.6.8 spoofing
3412| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3413| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3414| [47065] Apache Tomcat 4.1.23 cross site scripting
3415| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3416| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3417| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3418| [86625] Apache Struts directory traversal
3419| [44461] Apache Tomcat up to 5.5.0 information disclosure
3420| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3421| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3422| [43663] Apache Tomcat up to 6.0.16 directory traversal
3423| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3424| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3425| [43516] Apache Tomcat up to 4.1.20 directory traversal
3426| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3427| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3428| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3429| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3430| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3431| [40924] Apache Tomcat up to 6.0.15 information disclosure
3432| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3433| [40922] Apache Tomcat up to 6.0 information disclosure
3434| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3435| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3436| [40656] Apache Tomcat 5.5.20 information disclosure
3437| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3438| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3439| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3440| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3441| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3442| [40234] Apache Tomcat up to 6.0.15 directory traversal
3443| [40221] Apache HTTP Server 2.2.6 information disclosure
3444| [40027] David Castro Apache Authcas 0.4 sql injection
3445| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3446| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3447| [3414] Apache Tomcat WebDAV Stored privilege escalation
3448| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3449| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3450| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3451| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3452| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3453| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3454| [38524] Apache Geronimo 2.0 unknown vulnerability
3455| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3456| [38331] Apache Tomcat 4.1.24 information disclosure
3457| [38330] Apache Tomcat 4.1.24 information disclosure
3458| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3459| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3460| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3461| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3462| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3463| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3464| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3465| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3466| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3467| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3468| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3469| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3470| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3471| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3472| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3473| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3474| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3475| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3476| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3477| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3478| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3479| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3480| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3481| [34252] Apache HTTP Server denial of service
3482| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3483| [33877] Apache Opentaps 0.9.3 cross site scripting
3484| [33876] Apache Open For Business Project unknown vulnerability
3485| [33875] Apache Open For Business Project cross site scripting
3486| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3487| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3488|
3489| MITRE CVE - https://cve.mitre.org:
3490| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3491| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3492| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3493| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3494| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3495| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3496| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3497| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3498| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3499| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3500| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3501| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3502| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3503| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3504| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3505| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3506| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3507| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3508| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3509| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3510| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3511| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3512| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3513| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3514| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3515| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3516| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3517| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3518| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3519| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3520| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3521| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3522| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3523| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3524| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3525| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3526| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3527| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3528| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3529| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3530| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3531| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3532| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3533| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3534| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3535| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3536| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3537| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3538| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3539| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3540| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3541| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3542| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3543| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3544| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3545| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3546| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3547| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3548| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3549| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3550| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3551| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3552| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3553| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3554| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3555| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3556| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3557| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3558| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3559| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3560| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3561| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3562| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3563| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3564| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3565| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3566| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3567| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3568| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3569| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3570| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3571| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3572| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3573| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3574| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3575| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3576| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3577| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3578| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3579| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3580| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3581| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3582| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3583| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3584| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3585| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3586| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3587| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3588| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3589| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3590| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3591| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3592| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3593| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3594| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3595| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3596| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3597| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3598| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3599| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3600| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3601| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3602| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3603| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3604| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3605| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3606| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3607| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3608| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3609| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3610| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3611| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3612| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3613| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3614| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3615| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3616| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3617| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3618| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3619| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3620| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3621| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3622| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3623| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3624| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3625| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3626| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3627| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3628| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3629| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3630| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3631| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3632| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3633| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3634| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3635| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3636| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3637| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3638| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3639| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3640| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3641| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3642| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3643| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3644| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3645| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3646| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3647| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3648| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3649| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3650| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3651| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3652| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3653| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3654| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3655| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3656| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3657| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3658| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3659| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3660| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3661| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3662| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3663| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3664| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3665| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3666| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3667| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3668| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3669| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3670| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3671| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3672| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3673| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3674| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3675| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3676| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3677| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3678| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3679| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3680| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3681| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3682| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3683| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3684| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3685| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3686| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3687| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3688| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3689| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3690| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3691| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3692| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3693| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3694| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3695| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3696| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3697| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3698| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3699| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3700| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3701| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3702| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3703| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3704| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3705| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3706| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3707| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3708| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3709| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3710| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3711| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3712| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3713| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3714| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3715| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3716| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3717| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3718| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3719| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3720| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3721| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3722| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3723| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3724| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3725| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3726| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3727| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3728| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3729| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3730| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3731| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3732| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3733| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3734| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3735| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3736| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3737| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3738| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3739| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3740| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3741| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3742| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3743| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3744| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3745| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3746| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3747| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3748| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3749| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3750| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3751| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3752| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3753| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3754| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3755| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3756| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3757| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3758| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3759| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3760| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3761| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3762| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3763| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3764| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3765| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3766| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3767| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3768| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3769| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3770| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3771| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3772| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3773| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3774| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3775| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3776| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3777| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3778| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3779| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3780| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3781| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3782| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3783| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3784| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3785| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3786| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3787| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3788| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3789| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3790| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3791| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3792| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3793| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3794| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3795| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3796| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3797| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3798| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3799| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3800| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3801| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3802| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3803| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3804| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3805| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3806| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3807| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3808| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3809| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3810| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3811| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3812| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3813| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3814| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3815| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3816| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3817| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3818| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3819| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3820| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3821| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3822| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3823| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3824| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3825| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3826| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3827| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3828| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3829| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3830| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3831| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3832| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3833| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3834| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3835| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3836| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3837| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3838| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3839| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3840| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3841| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3842| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3843| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3844| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3845| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3846| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3847| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3848| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3849| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3850| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3851| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3852| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3853| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3854| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3855| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3856| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3857| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3858| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3859| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3860| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3861| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3862| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3863| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3864| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3865| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3866| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3867| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3868| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3869| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3870| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3871| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3872| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3873| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3874| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3875| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3876| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3877| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3878| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3879| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3880| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3881| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3882| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3883| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3884| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3885| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3886| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3887| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3888| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3889| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3890| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3891| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3892| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3893| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3894| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3895| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3896| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3897| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3898| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3899| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3900| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3901| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3902| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3903| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3904| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3905| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3906| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3907| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3908| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3909| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3910| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3911| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3912| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3913| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3914| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3915| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3916| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3917| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3918| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3919| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3920| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3921| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3922| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3923| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3924| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3925| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3926| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3927| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3928| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3929| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3930| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3931| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3932| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3933| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3934| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3935| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3936| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3937| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3938| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3939| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3940| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3941| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3942| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3943| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3944| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3945| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3946| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3947| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3948| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3949| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3950| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3951| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3952| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3953| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3954| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3955| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3956| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3957| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3958| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3959| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3960| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3961| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3962| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3963| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3964| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3965| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3966| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3967| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3968| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3969| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3970| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3971| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3972| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3973| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3974| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3975| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3976| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3977| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3978| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3979| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3980| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3981| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3982| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3983| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3984| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3985| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3986| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3987| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3988| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3989| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3990| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3991| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3992| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3993| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3994| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3995| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3996| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3997| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3998| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3999| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4000| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4001| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4002| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4003| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4004| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4005| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4006| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4007| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4008| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4009| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4010| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4011| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4012| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4013| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4014| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4015| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4016| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4017| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4018| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4019| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4020| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4021| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
4022| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
4023| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4024| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4025| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4026| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
4027| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4028| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4029| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4030| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4031| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4032| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
4033| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4034| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4035| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4036| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
4037| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
4038| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
4039| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
4040| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
4041| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4042| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4043| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
4044| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
4045| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
4046| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4047| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
4048| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4049| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
4050| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
4051| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4052| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4053| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4054| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4055| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
4056| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
4057| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4058| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4059| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
4060| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4061| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
4062| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
4063| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
4064| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
4065| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
4066| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4067| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
4068| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
4069| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
4070| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
4071| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4072| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
4073| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
4074| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
4075| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
4076| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4077| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
4078| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
4079| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
4080| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
4081| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
4082| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
4083| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
4084| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
4085| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
4086| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4087| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4088| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
4089| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
4090| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4091| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
4092| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
4093| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4094| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
4095| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4096| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
4097| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
4098| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
4099|
4100| SecurityFocus - https://www.securityfocus.com/bid/:
4101| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
4102| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
4103| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
4104| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
4105| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
4106| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
4107| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
4108| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
4109| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
4110| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
4111| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
4112| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
4113| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
4114| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
4115| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
4116| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
4117| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
4118| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
4119| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
4120| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
4121| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
4122| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
4123| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4124| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4125| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4126| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4127| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4128| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4129| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4130| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4131| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4132| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4133| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4134| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4135| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4136| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4137| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4138| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4139| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4140| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4141| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4142| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4143| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4144| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4145| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4146| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4147| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4148| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4149| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4150| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4151| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4152| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4153| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4154| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4155| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4156| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4157| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4158| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4159| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4160| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4161| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4162| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4163| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4164| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4165| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4166| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4167| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4168| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4169| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4170| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4171| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4172| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4173| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4174| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4175| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4176| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4177| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4178| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4179| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4180| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4181| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4182| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4183| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4184| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4185| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4186| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4187| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4188| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4189| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4190| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4191| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4192| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4193| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4194| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4195| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4196| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4197| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4198| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4199| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4200| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4201| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4202| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4203| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4204| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4205| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4206| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4207| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4208| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4209| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4210| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4211| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4212| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4213| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4214| [100447] Apache2Triad Multiple Security Vulnerabilities
4215| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4216| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4217| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4218| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4219| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4220| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4221| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4222| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4223| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4224| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4225| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4226| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4227| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4228| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4229| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4230| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4231| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4232| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4233| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4234| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4235| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4236| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4237| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4238| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4239| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4240| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4241| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4242| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4243| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4244| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4245| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4246| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4247| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4248| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4249| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4250| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4251| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4252| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4253| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4254| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4255| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4256| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4257| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4258| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4259| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4260| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4261| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4262| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4263| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4264| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4265| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4266| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4267| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4268| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4269| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4270| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4271| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4272| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4273| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4274| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4275| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4276| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4277| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4278| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4279| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4280| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4281| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4282| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4283| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4284| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4285| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4286| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4287| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4288| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4289| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4290| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4291| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4292| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4293| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4294| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4295| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4296| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4297| [95675] Apache Struts Remote Code Execution Vulnerability
4298| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4299| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4300| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4301| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4302| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4303| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4304| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4305| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4306| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4307| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4308| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4309| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4310| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4311| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4312| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4313| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4314| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4315| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4316| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4317| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4318| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4319| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4320| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4321| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4322| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4323| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4324| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4325| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4326| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4327| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4328| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4329| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4330| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4331| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4332| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4333| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4334| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4335| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4336| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4337| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4338| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4339| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4340| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4341| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4342| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4343| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4344| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4345| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4346| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4347| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4348| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4349| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4350| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4351| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4352| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4353| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4354| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4355| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4356| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4357| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4358| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4359| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4360| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4361| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4362| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4363| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4364| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4365| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4366| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4367| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4368| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4369| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4370| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4371| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4372| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4373| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4374| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4375| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4376| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4377| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4378| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4379| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4380| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4381| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4382| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4383| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4384| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4385| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4386| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4387| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4388| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4389| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4390| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4391| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4392| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4393| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4394| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4395| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4396| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4397| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4398| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4399| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4400| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4401| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4402| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4403| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4404| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4405| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4406| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4407| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4408| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4409| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4410| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4411| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4412| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4413| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4414| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4415| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4416| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4417| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4418| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4419| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4420| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4421| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4422| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4423| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4424| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4425| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4426| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4427| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4428| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4429| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4430| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4431| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4432| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4433| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4434| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4435| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4436| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4437| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4438| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4439| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4440| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4441| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4442| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4443| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4444| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4445| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4446| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4447| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4448| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4449| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4450| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4451| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4452| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4453| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4454| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4455| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4456| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4457| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4458| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4459| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4460| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4461| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4462| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4463| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4464| [76933] Apache James Server Unspecified Command Execution Vulnerability
4465| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4466| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4467| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4468| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4469| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4470| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4471| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4472| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4473| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4474| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4475| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4476| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4477| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4478| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4479| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4480| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4481| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4482| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4483| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4484| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4485| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4486| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4487| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4488| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4489| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4490| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4491| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4492| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4493| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4494| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4495| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4496| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4497| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4498| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4499| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4500| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4501| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4502| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4503| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4504| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4505| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4506| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4507| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4508| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4509| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4510| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4511| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4512| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4513| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4514| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4515| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4516| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4517| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4518| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4519| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4520| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4521| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4522| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4523| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4524| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4525| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4526| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4527| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4528| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4529| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4530| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4531| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4532| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4533| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4534| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4535| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4536| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4537| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4538| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4539| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4540| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4541| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4542| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4543| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4544| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4545| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4546| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4547| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4548| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4549| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4550| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4551| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4552| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4553| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4554| [68229] Apache Harmony PRNG Entropy Weakness
4555| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4556| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4557| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4558| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4559| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4560| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4561| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4562| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4563| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4564| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4565| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4566| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4567| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4568| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4569| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4570| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4571| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4572| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4573| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4574| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4575| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4576| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4577| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4578| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4579| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4580| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4581| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4582| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4583| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4584| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4585| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4586| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4587| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4588| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4589| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4590| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4591| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4592| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4593| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4594| [64780] Apache CloudStack Unauthorized Access Vulnerability
4595| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4596| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4597| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4598| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4599| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4600| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4601| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4602| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4603| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4604| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4605| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4606| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4607| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4608| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4609| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4610| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4611| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4612| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4613| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4614| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4615| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4616| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4617| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4618| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4619| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4620| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4621| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4622| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4623| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4624| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4625| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4626| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4627| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4628| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4629| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4630| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4631| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4632| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4633| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4634| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4635| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4636| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4637| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4638| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4639| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4640| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4641| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4642| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4643| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4644| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4645| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4646| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4647| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4648| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4649| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4650| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4651| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4652| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4653| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4654| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4655| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4656| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4657| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4658| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4659| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4660| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4661| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4662| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4663| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4664| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4665| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4666| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4667| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4668| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4669| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4670| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4671| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4672| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4673| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4674| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4675| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4676| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4677| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4678| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4679| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4680| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4681| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4682| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4683| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4684| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4685| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4686| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4687| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4688| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4689| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4690| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4691| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4692| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4693| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4694| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4695| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4696| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4697| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4698| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4699| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4700| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4701| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4702| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4703| [54798] Apache Libcloud Man In The Middle Vulnerability
4704| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4705| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4706| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4707| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4708| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4709| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4710| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4711| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4712| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4713| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4714| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4715| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4716| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4717| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4718| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4719| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4720| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4721| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4722| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4723| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4724| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4725| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4726| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4727| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4728| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4729| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4730| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4731| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4732| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4733| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4734| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4735| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4736| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4737| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4738| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4739| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4740| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4741| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4742| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4743| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4744| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4745| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4746| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4747| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4748| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4749| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4750| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4751| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4752| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4753| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4754| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4755| [49290] Apache Wicket Cross Site Scripting Vulnerability
4756| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4757| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4758| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4759| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4760| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4761| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4762| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4763| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4764| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4765| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4766| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4767| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4768| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4769| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4770| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4771| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4772| [46953] Apache MPM-ITK Module Security Weakness
4773| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4774| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4775| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4776| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4777| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4778| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4779| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4780| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4781| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4782| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4783| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4784| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4785| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4786| [44616] Apache Shiro Directory Traversal Vulnerability
4787| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4788| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4789| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4790| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4791| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4792| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4793| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4794| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4795| [42492] Apache CXF XML DTD Processing Security Vulnerability
4796| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4797| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4798| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4799| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4800| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4801| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4802| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4803| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4804| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4805| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4806| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4807| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4808| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4809| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4810| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4811| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4812| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4813| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4814| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4815| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4816| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4817| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4818| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4819| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4820| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4821| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4822| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4823| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4824| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4825| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4826| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4827| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4828| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4829| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4830| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4831| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4832| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4833| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4834| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4835| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4836| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4837| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4838| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4839| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4840| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4841| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4842| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4843| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4844| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4845| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4846| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4847| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4848| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4849| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4850| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4851| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4852| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4853| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4854| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4855| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4856| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4857| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4858| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4859| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4860| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4861| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4862| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4863| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4864| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4865| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4866| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4867| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4868| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4869| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4870| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4871| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4872| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4873| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4874| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4875| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4876| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4877| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4878| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4879| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4880| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4881| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4882| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4883| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4884| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4885| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4886| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4887| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4888| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4889| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4890| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4891| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4892| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4893| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4894| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4895| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4896| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4897| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4898| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4899| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4900| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4901| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4902| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4903| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4904| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4905| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4906| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4907| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4908| [20527] Apache Mod_TCL Remote Format String Vulnerability
4909| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4910| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4911| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4912| [19106] Apache Tomcat Information Disclosure Vulnerability
4913| [18138] Apache James SMTP Denial Of Service Vulnerability
4914| [17342] Apache Struts Multiple Remote Vulnerabilities
4915| [17095] Apache Log4Net Denial Of Service Vulnerability
4916| [16916] Apache mod_python FileSession Code Execution Vulnerability
4917| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4918| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4919| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4920| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4921| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4922| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4923| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4924| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4925| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4926| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4927| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4928| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4929| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4930| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4931| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4932| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4933| [14106] Apache HTTP Request Smuggling Vulnerability
4934| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4935| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4936| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4937| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4938| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4939| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4940| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4941| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4942| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4943| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4944| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4945| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4946| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4947| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4948| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4949| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4950| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4951| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4952| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4953| [11094] Apache mod_ssl Denial Of Service Vulnerability
4954| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4955| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4956| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4957| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4958| [10478] ClueCentral Apache Suexec Patch Security Weakness
4959| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4960| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4961| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4962| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4963| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4964| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4965| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4966| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4967| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4968| [9733] Apache Cygwin Directory Traversal Vulnerability
4969| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4970| [9590] Apache-SSL Client Certificate Forging Vulnerability
4971| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4972| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4973| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4974| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4975| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4976| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4977| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4978| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4979| [8898] Red Hat Apache Directory Index Default Configuration Error
4980| [8883] Apache Cocoon Directory Traversal Vulnerability
4981| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4982| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4983| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4984| [8707] Apache htpasswd Password Entropy Weakness
4985| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4986| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4987| [8226] Apache HTTP Server Multiple Vulnerabilities
4988| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4989| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4990| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4991| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4992| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4993| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4994| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4995| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4996| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4997| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4998| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4999| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5000| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5001| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5002| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5003| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5004| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5005| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5006| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5007| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5008| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5009| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5010| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5011| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5012| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5013| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5014| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5015| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5016| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5017| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5018| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5019| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5020| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5021| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5022| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5023| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5024| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
5025| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
5026| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
5027| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
5028| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5029| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
5030| [5485] Apache 2.0 Path Disclosure Vulnerability
5031| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5032| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
5033| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
5034| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
5035| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
5036| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
5037| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
5038| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
5039| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
5040| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
5041| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
5042| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
5043| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
5044| [4437] Apache Error Message Cross-Site Scripting Vulnerability
5045| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
5046| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
5047| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
5048| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
5049| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
5050| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
5051| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
5052| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
5053| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
5054| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
5055| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
5056| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
5057| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5058| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5059| [3596] Apache Split-Logfile File Append Vulnerability
5060| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
5061| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
5062| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
5063| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
5064| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
5065| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
5066| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
5067| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
5068| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
5069| [3169] Apache Server Address Disclosure Vulnerability
5070| [3009] Apache Possible Directory Index Disclosure Vulnerability
5071| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
5072| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
5073| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5074| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
5075| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
5076| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
5077| [2216] Apache Web Server DoS Vulnerability
5078| [2182] Apache /tmp File Race Vulnerability
5079| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
5080| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5081| [1821] Apache mod_cookies Buffer Overflow Vulnerability
5082| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
5083| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
5084| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
5085| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
5086| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
5087| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
5088| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
5089| [1457] Apache::ASP source.asp Example Script Vulnerability
5090| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5091| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
5092|
5093| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5094| [86258] Apache CloudStack text fields cross-site scripting
5095| [85983] Apache Subversion mod_dav_svn module denial of service
5096| [85875] Apache OFBiz UEL code execution
5097| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
5098| [85871] Apache HTTP Server mod_session_dbd unspecified
5099| [85756] Apache Struts OGNL expression command execution
5100| [85755] Apache Struts DefaultActionMapper class open redirect
5101| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
5102| [85574] Apache HTTP Server mod_dav denial of service
5103| [85573] Apache Struts Showcase App OGNL code execution
5104| [85496] Apache CXF denial of service
5105| [85423] Apache Geronimo RMI classloader code execution
5106| [85326] Apache Santuario XML Security for C++ buffer overflow
5107| [85323] Apache Santuario XML Security for Java spoofing
5108| [85319] Apache Qpid Python client SSL spoofing
5109| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
5110| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
5111| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
5112| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
5113| [84952] Apache Tomcat CVE-2012-3544 denial of service
5114| [84763] Apache Struts CVE-2013-2135 security bypass
5115| [84762] Apache Struts CVE-2013-2134 security bypass
5116| [84719] Apache Subversion CVE-2013-2088 command execution
5117| [84718] Apache Subversion CVE-2013-2112 denial of service
5118| [84717] Apache Subversion CVE-2013-1968 denial of service
5119| [84577] Apache Tomcat security bypass
5120| [84576] Apache Tomcat symlink
5121| [84543] Apache Struts CVE-2013-2115 security bypass
5122| [84542] Apache Struts CVE-2013-1966 security bypass
5123| [84154] Apache Tomcat session hijacking
5124| [84144] Apache Tomcat denial of service
5125| [84143] Apache Tomcat information disclosure
5126| [84111] Apache HTTP Server command execution
5127| [84043] Apache Virtual Computing Lab cross-site scripting
5128| [84042] Apache Virtual Computing Lab cross-site scripting
5129| [83782] Apache CloudStack information disclosure
5130| [83781] Apache CloudStack security bypass
5131| [83720] Apache ActiveMQ cross-site scripting
5132| [83719] Apache ActiveMQ denial of service
5133| [83718] Apache ActiveMQ denial of service
5134| [83263] Apache Subversion denial of service
5135| [83262] Apache Subversion denial of service
5136| [83261] Apache Subversion denial of service
5137| [83259] Apache Subversion denial of service
5138| [83035] Apache mod_ruid2 security bypass
5139| [82852] Apache Qpid federation_tag security bypass
5140| [82851] Apache Qpid qpid::framing::Buffer denial of service
5141| [82758] Apache Rave User RPC API information disclosure
5142| [82663] Apache Subversion svn_fs_file_length() denial of service
5143| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5144| [82641] Apache Qpid AMQP denial of service
5145| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5146| [82618] Apache Commons FileUpload symlink
5147| [82360] Apache HTTP Server manager interface cross-site scripting
5148| [82359] Apache HTTP Server hostnames cross-site scripting
5149| [82338] Apache Tomcat log/logdir information disclosure
5150| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5151| [82268] Apache OpenJPA deserialization command execution
5152| [81981] Apache CXF UsernameTokens security bypass
5153| [81980] Apache CXF WS-Security security bypass
5154| [81398] Apache OFBiz cross-site scripting
5155| [81240] Apache CouchDB directory traversal
5156| [81226] Apache CouchDB JSONP code execution
5157| [81225] Apache CouchDB Futon user interface cross-site scripting
5158| [81211] Apache Axis2/C SSL spoofing
5159| [81167] Apache CloudStack DeployVM information disclosure
5160| [81166] Apache CloudStack AddHost API information disclosure
5161| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5162| [80518] Apache Tomcat cross-site request forgery security bypass
5163| [80517] Apache Tomcat FormAuthenticator security bypass
5164| [80516] Apache Tomcat NIO denial of service
5165| [80408] Apache Tomcat replay-countermeasure security bypass
5166| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5167| [80317] Apache Tomcat slowloris denial of service
5168| [79984] Apache Commons HttpClient SSL spoofing
5169| [79983] Apache CXF SSL spoofing
5170| [79830] Apache Axis2/Java SSL spoofing
5171| [79829] Apache Axis SSL spoofing
5172| [79809] Apache Tomcat DIGEST security bypass
5173| [79806] Apache Tomcat parseHeaders() denial of service
5174| [79540] Apache OFBiz unspecified
5175| [79487] Apache Axis2 SAML security bypass
5176| [79212] Apache Cloudstack code execution
5177| [78734] Apache CXF SOAP Action security bypass
5178| [78730] Apache Qpid broker denial of service
5179| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5180| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5181| [78562] Apache mod_pagespeed module security bypass
5182| [78454] Apache Axis2 security bypass
5183| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5184| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5185| [78321] Apache Wicket unspecified cross-site scripting
5186| [78183] Apache Struts parameters denial of service
5187| [78182] Apache Struts cross-site request forgery
5188| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5189| [77987] mod_rpaf module for Apache denial of service
5190| [77958] Apache Struts skill name code execution
5191| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5192| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5193| [77568] Apache Qpid broker security bypass
5194| [77421] Apache Libcloud spoofing
5195| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5196| [77046] Oracle Solaris Apache HTTP Server information disclosure
5197| [76837] Apache Hadoop information disclosure
5198| [76802] Apache Sling CopyFrom denial of service
5199| [76692] Apache Hadoop symlink
5200| [76535] Apache Roller console cross-site request forgery
5201| [76534] Apache Roller weblog cross-site scripting
5202| [76152] Apache CXF elements security bypass
5203| [76151] Apache CXF child policies security bypass
5204| [75983] MapServer for Windows Apache file include
5205| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5206| [75558] Apache POI denial of service
5207| [75545] PHP apache_request_headers() buffer overflow
5208| [75302] Apache Qpid SASL security bypass
5209| [75211] Debian GNU/Linux apache 2 cross-site scripting
5210| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5211| [74871] Apache OFBiz FlexibleStringExpander code execution
5212| [74870] Apache OFBiz multiple cross-site scripting
5213| [74750] Apache Hadoop unspecified spoofing
5214| [74319] Apache Struts XSLTResult.java file upload
5215| [74313] Apache Traffic Server header buffer overflow
5216| [74276] Apache Wicket directory traversal
5217| [74273] Apache Wicket unspecified cross-site scripting
5218| [74181] Apache HTTP Server mod_fcgid module denial of service
5219| [73690] Apache Struts OGNL code execution
5220| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5221| [73100] Apache MyFaces in directory traversal
5222| [73096] Apache APR hash denial of service
5223| [73052] Apache Struts name cross-site scripting
5224| [73030] Apache CXF UsernameToken security bypass
5225| [72888] Apache Struts lastName cross-site scripting
5226| [72758] Apache HTTP Server httpOnly information disclosure
5227| [72757] Apache HTTP Server MPM denial of service
5228| [72585] Apache Struts ParameterInterceptor security bypass
5229| [72438] Apache Tomcat Digest security bypass
5230| [72437] Apache Tomcat Digest security bypass
5231| [72436] Apache Tomcat DIGEST security bypass
5232| [72425] Apache Tomcat parameter denial of service
5233| [72422] Apache Tomcat request object information disclosure
5234| [72377] Apache HTTP Server scoreboard security bypass
5235| [72345] Apache HTTP Server HTTP request denial of service
5236| [72229] Apache Struts ExceptionDelegator command execution
5237| [72089] Apache Struts ParameterInterceptor directory traversal
5238| [72088] Apache Struts CookieInterceptor command execution
5239| [72047] Apache Geronimo hash denial of service
5240| [72016] Apache Tomcat hash denial of service
5241| [71711] Apache Struts OGNL expression code execution
5242| [71654] Apache Struts interfaces security bypass
5243| [71620] Apache ActiveMQ failover denial of service
5244| [71617] Apache HTTP Server mod_proxy module information disclosure
5245| [71508] Apache MyFaces EL security bypass
5246| [71445] Apache HTTP Server mod_proxy security bypass
5247| [71203] Apache Tomcat servlets privilege escalation
5248| [71181] Apache HTTP Server ap_pregsub() denial of service
5249| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5250| [70336] Apache HTTP Server mod_proxy information disclosure
5251| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5252| [69472] Apache Tomcat AJP security bypass
5253| [69396] Apache HTTP Server ByteRange filter denial of service
5254| [69394] Apache Wicket multi window support cross-site scripting
5255| [69176] Apache Tomcat XML information disclosure
5256| [69161] Apache Tomcat jsvc information disclosure
5257| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5258| [68541] Apache Tomcat sendfile information disclosure
5259| [68420] Apache XML Security denial of service
5260| [68238] Apache Tomcat JMX information disclosure
5261| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5262| [67804] Apache Subversion control rules information disclosure
5263| [67803] Apache Subversion control rules denial of service
5264| [67802] Apache Subversion baselined denial of service
5265| [67672] Apache Archiva multiple cross-site scripting
5266| [67671] Apache Archiva multiple cross-site request forgery
5267| [67564] Apache APR apr_fnmatch() denial of service
5268| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5269| [67515] Apache Tomcat annotations security bypass
5270| [67480] Apache Struts s:submit information disclosure
5271| [67414] Apache APR apr_fnmatch() denial of service
5272| [67356] Apache Struts javatemplates cross-site scripting
5273| [67354] Apache Struts Xwork cross-site scripting
5274| [66676] Apache Tomcat HTTP BIO information disclosure
5275| [66675] Apache Tomcat web.xml security bypass
5276| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5277| [66241] Apache HttpComponents information disclosure
5278| [66154] Apache Tomcat ServletSecurity security bypass
5279| [65971] Apache Tomcat ServletSecurity security bypass
5280| [65876] Apache Subversion mod_dav_svn denial of service
5281| [65343] Apache Continuum unspecified cross-site scripting
5282| [65162] Apache Tomcat NIO connector denial of service
5283| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5284| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5285| [65159] Apache Tomcat ServletContect security bypass
5286| [65050] Apache CouchDB web-based administration UI cross-site scripting
5287| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5288| [64473] Apache Subversion blame -g denial of service
5289| [64472] Apache Subversion walk() denial of service
5290| [64407] Apache Axis2 CVE-2010-0219 code execution
5291| [63926] Apache Archiva password privilege escalation
5292| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5293| [63493] Apache Archiva credentials cross-site request forgery
5294| [63477] Apache Tomcat HttpOnly session hijacking
5295| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5296| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5297| [62959] Apache Shiro filters security bypass
5298| [62790] Apache Perl cgi module denial of service
5299| [62576] Apache Qpid exchange denial of service
5300| [62575] Apache Qpid AMQP denial of service
5301| [62354] Apache Qpid SSL denial of service
5302| [62235] Apache APR-util apr_brigade_split_line() denial of service
5303| [62181] Apache XML-RPC SAX Parser information disclosure
5304| [61721] Apache Traffic Server cache poisoning
5305| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5306| [61186] Apache CouchDB Futon cross-site request forgery
5307| [61169] Apache CXF DTD denial of service
5308| [61070] Apache Jackrabbit search.jsp SQL injection
5309| [61006] Apache SLMS Quoting cross-site request forgery
5310| [60962] Apache Tomcat time cross-site scripting
5311| [60883] Apache mod_proxy_http information disclosure
5312| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5313| [60264] Apache Tomcat Transfer-Encoding denial of service
5314| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5315| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5316| [59413] Apache mod_proxy_http timeout information disclosure
5317| [59058] Apache MyFaces unencrypted view state cross-site scripting
5318| [58827] Apache Axis2 xsd file include
5319| [58790] Apache Axis2 modules cross-site scripting
5320| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5321| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5322| [58056] Apache ActiveMQ .jsp source code disclosure
5323| [58055] Apache Tomcat realm name information disclosure
5324| [58046] Apache HTTP Server mod_auth_shadow security bypass
5325| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5326| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5327| [57429] Apache CouchDB algorithms information disclosure
5328| [57398] Apache ActiveMQ Web console cross-site request forgery
5329| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5330| [56653] Apache HTTP Server DNS spoofing
5331| [56652] Apache HTTP Server DNS cross-site scripting
5332| [56625] Apache HTTP Server request header information disclosure
5333| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5334| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5335| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5336| [55857] Apache Tomcat WAR files directory traversal
5337| [55856] Apache Tomcat autoDeploy attribute security bypass
5338| [55855] Apache Tomcat WAR directory traversal
5339| [55210] Intuit component for Joomla! Apache information disclosure
5340| [54533] Apache Tomcat 404 error page cross-site scripting
5341| [54182] Apache Tomcat admin default password
5342| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5343| [53666] Apache HTTP Server Solaris pollset support denial of service
5344| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5345| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5346| [53041] mod_proxy_ftp module for Apache denial of service
5347| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5348| [51953] Apache Tomcat Path Disclosure
5349| [51952] Apache Tomcat Path Traversal
5350| [51951] Apache stronghold-status Information Disclosure
5351| [51950] Apache stronghold-info Information Disclosure
5352| [51949] Apache PHP Source Code Disclosure
5353| [51948] Apache Multiviews Attack
5354| [51946] Apache JServ Environment Status Information Disclosure
5355| [51945] Apache error_log Information Disclosure
5356| [51944] Apache Default Installation Page Pattern Found
5357| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5358| [51942] Apache AXIS XML External Entity File Retrieval
5359| [51941] Apache AXIS Sample Servlet Information Leak
5360| [51940] Apache access_log Information Disclosure
5361| [51626] Apache mod_deflate denial of service
5362| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5363| [51365] Apache Tomcat RequestDispatcher security bypass
5364| [51273] Apache HTTP Server Incomplete Request denial of service
5365| [51195] Apache Tomcat XML information disclosure
5366| [50994] Apache APR-util xml/apr_xml.c denial of service
5367| [50993] Apache APR-util apr_brigade_vprintf denial of service
5368| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5369| [50930] Apache Tomcat j_security_check information disclosure
5370| [50928] Apache Tomcat AJP denial of service
5371| [50884] Apache HTTP Server XML ENTITY denial of service
5372| [50808] Apache HTTP Server AllowOverride privilege escalation
5373| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5374| [50059] Apache mod_proxy_ajp information disclosure
5375| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5376| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5377| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5378| [49921] Apache ActiveMQ Web interface cross-site scripting
5379| [49898] Apache Geronimo Services/Repository directory traversal
5380| [49725] Apache Tomcat mod_jk module information disclosure
5381| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5382| [49712] Apache Struts unspecified cross-site scripting
5383| [49213] Apache Tomcat cal2.jsp cross-site scripting
5384| [48934] Apache Tomcat POST doRead method information disclosure
5385| [48211] Apache Tomcat header HTTP request smuggling
5386| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5387| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5388| [47709] Apache Roller "
5389| [47104] Novell Netware ApacheAdmin console security bypass
5390| [47086] Apache HTTP Server OS fingerprinting unspecified
5391| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5392| [45791] Apache Tomcat RemoteFilterValve security bypass
5393| [44435] Oracle WebLogic Apache Connector buffer overflow
5394| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5395| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5396| [44156] Apache Tomcat RequestDispatcher directory traversal
5397| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5398| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5399| [42987] Apache HTTP Server mod_proxy module denial of service
5400| [42915] Apache Tomcat JSP files path disclosure
5401| [42914] Apache Tomcat MS-DOS path disclosure
5402| [42892] Apache Tomcat unspecified unauthorized access
5403| [42816] Apache Tomcat Host Manager cross-site scripting
5404| [42303] Apache 403 error cross-site scripting
5405| [41618] Apache-SSL ExpandCert() authentication bypass
5406| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5407| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5408| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5409| [40562] Apache Geronimo init information disclosure
5410| [40478] Novell Web Manager webadmin-apache.conf security bypass
5411| [40411] Apache Tomcat exception handling information disclosure
5412| [40409] Apache Tomcat native (APR based) connector weak security
5413| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5414| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5415| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5416| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5417| [39804] Apache Tomcat SingleSignOn information disclosure
5418| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5419| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5420| [39608] Apache HTTP Server balancer manager cross-site request forgery
5421| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5422| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5423| [39472] Apache HTTP Server mod_status cross-site scripting
5424| [39201] Apache Tomcat JULI logging weak security
5425| [39158] Apache HTTP Server Windows SMB shares information disclosure
5426| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5427| [38951] Apache::AuthCAS Perl module cookie SQL injection
5428| [38800] Apache HTTP Server 413 error page cross-site scripting
5429| [38211] Apache Geronimo SQLLoginModule authentication bypass
5430| [37243] Apache Tomcat WebDAV directory traversal
5431| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5432| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5433| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5434| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5435| [36782] Apache Geronimo MEJB unauthorized access
5436| [36586] Apache HTTP Server UTF-7 cross-site scripting
5437| [36468] Apache Geronimo LoginModule security bypass
5438| [36467] Apache Tomcat functions.jsp cross-site scripting
5439| [36402] Apache Tomcat calendar cross-site request forgery
5440| [36354] Apache HTTP Server mod_proxy module denial of service
5441| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5442| [36336] Apache Derby lock table privilege escalation
5443| [36335] Apache Derby schema privilege escalation
5444| [36006] Apache Tomcat "
5445| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5446| [35999] Apache Tomcat \"
5447| [35795] Apache Tomcat CookieExample cross-site scripting
5448| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5449| [35384] Apache HTTP Server mod_cache module denial of service
5450| [35097] Apache HTTP Server mod_status module cross-site scripting
5451| [35095] Apache HTTP Server Prefork MPM module denial of service
5452| [34984] Apache HTTP Server recall_headers information disclosure
5453| [34966] Apache HTTP Server MPM content spoofing
5454| [34965] Apache HTTP Server MPM information disclosure
5455| [34963] Apache HTTP Server MPM multiple denial of service
5456| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5457| [34869] Apache Tomcat JSP example Web application cross-site scripting
5458| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5459| [34496] Apache Tomcat JK Connector security bypass
5460| [34377] Apache Tomcat hello.jsp cross-site scripting
5461| [34212] Apache Tomcat SSL configuration security bypass
5462| [34210] Apache Tomcat Accept-Language cross-site scripting
5463| [34209] Apache Tomcat calendar application cross-site scripting
5464| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5465| [34167] Apache Axis WSDL file path disclosure
5466| [34068] Apache Tomcat AJP connector information disclosure
5467| [33584] Apache HTTP Server suEXEC privilege escalation
5468| [32988] Apache Tomcat proxy module directory traversal
5469| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5470| [32708] Debian Apache tty privilege escalation
5471| [32441] ApacheStats extract() PHP call unspecified
5472| [32128] Apache Tomcat default account
5473| [31680] Apache Tomcat RequestParamExample cross-site scripting
5474| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5475| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5476| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5477| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5478| [29550] Apache mod_tcl set_var() format string
5479| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5480| [28357] Apache HTTP Server mod_alias script source information disclosure
5481| [28063] Apache mod_rewrite off-by-one buffer overflow
5482| [27902] Apache Tomcat URL information disclosure
5483| [26786] Apache James SMTP server denial of service
5484| [25680] libapache2 /tmp/svn file upload
5485| [25614] Apache Struts lookupMap cross-site scripting
5486| [25613] Apache Struts ActionForm denial of service
5487| [25612] Apache Struts isCancelled() security bypass
5488| [24965] Apache mod_python FileSession command execution
5489| [24716] Apache James spooler memory leak denial of service
5490| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5491| [24158] Apache Geronimo jsp-examples cross-site scripting
5492| [24030] Apache auth_ldap module multiple format strings
5493| [24008] Apache mod_ssl custom error message denial of service
5494| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5495| [23612] Apache mod_imap referer field cross-site scripting
5496| [23173] Apache Struts error message cross-site scripting
5497| [22942] Apache Tomcat directory listing denial of service
5498| [22858] Apache Multi-Processing Module code allows denial of service
5499| [22602] RHSA-2005:582 updates for Apache httpd not installed
5500| [22520] Apache mod-auth-shadow "
5501| [22466] ApacheTop symlink
5502| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5503| [22006] Apache HTTP Server byte-range filter denial of service
5504| [21567] Apache mod_ssl off-by-one buffer overflow
5505| [21195] Apache HTTP Server header HTTP request smuggling
5506| [20383] Apache HTTP Server htdigest buffer overflow
5507| [19681] Apache Tomcat AJP12 request denial of service
5508| [18993] Apache HTTP server check_forensic symlink attack
5509| [18790] Apache Tomcat Manager cross-site scripting
5510| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5511| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5512| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5513| [17961] Apache Web server ServerTokens has not been set
5514| [17930] Apache HTTP Server HTTP GET request denial of service
5515| [17785] Apache mod_include module buffer overflow
5516| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5517| [17473] Apache HTTP Server Satisfy directive allows access to resources
5518| [17413] Apache htpasswd buffer overflow
5519| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5520| [17382] Apache HTTP Server IPv6 apr_util denial of service
5521| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5522| [17273] Apache HTTP Server speculative mode denial of service
5523| [17200] Apache HTTP Server mod_ssl denial of service
5524| [16890] Apache HTTP Server server-info request has been detected
5525| [16889] Apache HTTP Server server-status request has been detected
5526| [16705] Apache mod_ssl format string attack
5527| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5528| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5529| [16230] Apache HTTP Server PHP denial of service
5530| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5531| [15958] Apache HTTP Server authentication modules memory corruption
5532| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5533| [15540] Apache HTTP Server socket starvation denial of service
5534| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5535| [15422] Apache HTTP Server mod_access information disclosure
5536| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5537| [15293] Apache for Cygwin "
5538| [15065] Apache-SSL has a default password
5539| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5540| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5541| [14751] Apache Mod_python output filter information disclosure
5542| [14125] Apache HTTP Server mod_userdir module information disclosure
5543| [14075] Apache HTTP Server mod_php file descriptor leak
5544| [13703] Apache HTTP Server account
5545| [13689] Apache HTTP Server configuration allows symlinks
5546| [13688] Apache HTTP Server configuration allows SSI
5547| [13687] Apache HTTP Server Server: header value
5548| [13685] Apache HTTP Server ServerTokens value
5549| [13684] Apache HTTP Server ServerSignature value
5550| [13672] Apache HTTP Server config allows directory autoindexing
5551| [13671] Apache HTTP Server default content
5552| [13670] Apache HTTP Server config file directive references outside content root
5553| [13668] Apache HTTP Server httpd not running in chroot environment
5554| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5555| [13664] Apache HTTP Server config file contains ScriptAlias entry
5556| [13663] Apache HTTP Server CGI support modules loaded
5557| [13661] Apache HTTP Server config file contains AddHandler entry
5558| [13660] Apache HTTP Server 500 error page not CGI script
5559| [13659] Apache HTTP Server 413 error page not CGI script
5560| [13658] Apache HTTP Server 403 error page not CGI script
5561| [13657] Apache HTTP Server 401 error page not CGI script
5562| [13552] Apache HTTP Server mod_cgid module information disclosure
5563| [13550] Apache GET request directory traversal
5564| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5565| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5566| [13429] Apache Tomcat non-HTTP request denial of service
5567| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5568| [13295] Apache weak password encryption
5569| [13254] Apache Tomcat .jsp cross-site scripting
5570| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5571| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5572| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5573| [12662] Apache HTTP Server rotatelogs denial of service
5574| [12554] Apache Tomcat stores password in plain text
5575| [12553] Apache HTTP Server redirects and subrequests denial of service
5576| [12552] Apache HTTP Server FTP proxy server denial of service
5577| [12551] Apache HTTP Server prefork MPM denial of service
5578| [12550] Apache HTTP Server weaker than expected encryption
5579| [12549] Apache HTTP Server type-map file denial of service
5580| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5581| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5582| [12091] Apache HTTP Server apr_password_validate denial of service
5583| [12090] Apache HTTP Server apr_psprintf code execution
5584| [11804] Apache HTTP Server mod_access_referer denial of service
5585| [11750] Apache HTTP Server could leak sensitive file descriptors
5586| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5587| [11703] Apache long slash path allows directory listing
5588| [11695] Apache HTTP Server LF (Line Feed) denial of service
5589| [11694] Apache HTTP Server filestat.c denial of service
5590| [11438] Apache HTTP Server MIME message boundaries information disclosure
5591| [11412] Apache HTTP Server error log terminal escape sequence injection
5592| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5593| [11195] Apache Tomcat web.xml could be used to read files
5594| [11194] Apache Tomcat URL appended with a null character could list directories
5595| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5596| [11126] Apache HTTP Server illegal character file disclosure
5597| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5598| [11124] Apache HTTP Server DOS device name denial of service
5599| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5600| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5601| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5602| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5603| [10499] Apache HTTP Server WebDAV HTTP POST view source
5604| [10457] Apache HTTP Server mod_ssl "
5605| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5606| [10414] Apache HTTP Server htdigest multiple buffer overflows
5607| [10413] Apache HTTP Server htdigest temporary file race condition
5608| [10412] Apache HTTP Server htpasswd temporary file race condition
5609| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5610| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5611| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5612| [10280] Apache HTTP Server shared memory scorecard overwrite
5613| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5614| [10241] Apache HTTP Server Host: header cross-site scripting
5615| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5616| [10208] Apache HTTP Server mod_dav denial of service
5617| [10206] HP VVOS Apache mod_ssl denial of service
5618| [10200] Apache HTTP Server stderr denial of service
5619| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5620| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5621| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5622| [10098] Slapper worm targets OpenSSL/Apache systems
5623| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5624| [9875] Apache HTTP Server .var file request could disclose installation path
5625| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5626| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5627| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5628| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5629| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5630| [9396] Apache Tomcat null character to threads denial of service
5631| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5632| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5633| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5634| [8932] Apache Tomcat example class information disclosure
5635| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5636| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5637| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5638| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5639| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5640| [8400] Apache HTTP Server mod_frontpage buffer overflows
5641| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5642| [8308] Apache "
5643| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5644| [8119] Apache and PHP OPTIONS request reveals "
5645| [8054] Apache is running on the system
5646| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5647| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5648| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5649| [7836] Apache HTTP Server log directory denial of service
5650| [7815] Apache for Windows "
5651| [7810] Apache HTTP request could result in unexpected behavior
5652| [7599] Apache Tomcat reveals installation path
5653| [7494] Apache "
5654| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5655| [7363] Apache Web Server hidden HTTP requests
5656| [7249] Apache mod_proxy denial of service
5657| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5658| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5659| [7059] Apache "
5660| [7057] Apache "
5661| [7056] Apache "
5662| [7055] Apache "
5663| [7054] Apache "
5664| [6997] Apache Jakarta Tomcat error message may reveal information
5665| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5666| [6970] Apache crafted HTTP request could reveal the internal IP address
5667| [6921] Apache long slash path allows directory listing
5668| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5669| [6527] Apache Web Server for Windows and OS2 denial of service
5670| [6316] Apache Jakarta Tomcat may reveal JSP source code
5671| [6305] Apache Jakarta Tomcat directory traversal
5672| [5926] Linux Apache symbolic link
5673| [5659] Apache Web server discloses files when used with php script
5674| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5675| [5204] Apache WebDAV directory listings
5676| [5197] Apache Web server reveals CGI script source code
5677| [5160] Apache Jakarta Tomcat default installation
5678| [5099] Trustix Secure Linux installs Apache with world writable access
5679| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5680| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5681| [4931] Apache source.asp example file allows users to write to files
5682| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5683| [4205] Apache Jakarta Tomcat delivers file contents
5684| [2084] Apache on Debian by default serves the /usr/doc directory
5685| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5686| [697] Apache HTTP server beck exploit
5687| [331] Apache cookies buffer overflow
5688|
5689| Exploit-DB - https://www.exploit-db.com:
5690| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5691| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5692| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5693| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5694| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5695| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5696| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5697| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5698| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5699| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5700| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5701| [29859] Apache Roller OGNL Injection
5702| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5703| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5704| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5705| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5706| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5707| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5708| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5709| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5710| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5711| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5712| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5713| [27096] Apache Geronimo 1.0 Error Page XSS
5714| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5715| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5716| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5717| [25986] Plesk Apache Zeroday Remote Exploit
5718| [25980] Apache Struts includeParams Remote Code Execution
5719| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5720| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5721| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5722| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5723| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5724| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5725| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5726| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5727| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5728| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5729| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5730| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5731| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5732| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5733| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5734| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5735| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5736| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5737| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5738| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5739| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5740| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5741| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5742| [21719] Apache 2.0 Path Disclosure Vulnerability
5743| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5744| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5745| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5746| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5747| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5748| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5749| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5750| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5751| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5752| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5753| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5754| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5755| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5756| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5757| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5758| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5759| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5760| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5761| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5762| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5763| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5764| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5765| [20558] Apache 1.2 Web Server DoS Vulnerability
5766| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5767| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5768| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5769| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5770| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5771| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5772| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5773| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5774| [19231] PHP apache_request_headers Function Buffer Overflow
5775| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5776| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5777| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5778| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5779| [18442] Apache httpOnly Cookie Disclosure
5780| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5781| [18221] Apache HTTP Server Denial of Service
5782| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5783| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5784| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5785| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5786| [16782] Apache Win32 Chunked Encoding
5787| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5788| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5789| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5790| [15319] Apache 2.2 (Windows) Local Denial of Service
5791| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5792| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5793| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5794| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5795| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5796| [12330] Apache OFBiz - Multiple XSS
5797| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5798| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5799| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5800| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5801| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5802| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5803| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5804| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5805| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5806| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5807| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5808| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5809| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5810| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5811| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5812| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5813| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5814| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5815| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5816| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5817| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5818| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5819| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5820| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5821| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5822| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5823| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5824| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5825| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5826| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5827| [466] htpasswd Apache 1.3.31 - Local Exploit
5828| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5829| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5830| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5831| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5832| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5833| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5834| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5835| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5836| [9] Apache HTTP Server 2.x Memory Leak Exploit
5837|
5838| OpenVAS (Nessus) - http://www.openvas.org:
5839| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5840| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5841| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5842| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5843| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5844| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5845| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5846| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5847| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5848| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5849| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5850| [900571] Apache APR-Utils Version Detection
5851| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5852| [900496] Apache Tiles Multiple XSS Vulnerability
5853| [900493] Apache Tiles Version Detection
5854| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5855| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5856| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5857| [870175] RedHat Update for apache RHSA-2008:0004-01
5858| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5859| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5860| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5861| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5862| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5863| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5864| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5865| [855821] Solaris Update for Apache 1.3 122912-19
5866| [855812] Solaris Update for Apache 1.3 122911-19
5867| [855737] Solaris Update for Apache 1.3 122911-17
5868| [855731] Solaris Update for Apache 1.3 122912-17
5869| [855695] Solaris Update for Apache 1.3 122911-16
5870| [855645] Solaris Update for Apache 1.3 122912-16
5871| [855587] Solaris Update for kernel update and Apache 108529-29
5872| [855566] Solaris Update for Apache 116973-07
5873| [855531] Solaris Update for Apache 116974-07
5874| [855524] Solaris Update for Apache 2 120544-14
5875| [855494] Solaris Update for Apache 1.3 122911-15
5876| [855478] Solaris Update for Apache Security 114145-11
5877| [855472] Solaris Update for Apache Security 113146-12
5878| [855179] Solaris Update for Apache 1.3 122912-15
5879| [855147] Solaris Update for kernel update and Apache 108528-29
5880| [855077] Solaris Update for Apache 2 120543-14
5881| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5882| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5883| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5884| [841209] Ubuntu Update for apache2 USN-1627-1
5885| [840900] Ubuntu Update for apache2 USN-1368-1
5886| [840798] Ubuntu Update for apache2 USN-1259-1
5887| [840734] Ubuntu Update for apache2 USN-1199-1
5888| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5889| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5890| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5891| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5892| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5893| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5894| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5895| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5896| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5897| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5898| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5899| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5900| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5901| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5902| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5903| [835188] HP-UX Update for Apache HPSBUX02308
5904| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5905| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5906| [835172] HP-UX Update for Apache HPSBUX02365
5907| [835168] HP-UX Update for Apache HPSBUX02313
5908| [835148] HP-UX Update for Apache HPSBUX01064
5909| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5910| [835131] HP-UX Update for Apache HPSBUX00256
5911| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5912| [835104] HP-UX Update for Apache HPSBUX00224
5913| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5914| [835101] HP-UX Update for Apache HPSBUX01232
5915| [835080] HP-UX Update for Apache HPSBUX02273
5916| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5917| [835044] HP-UX Update for Apache HPSBUX01019
5918| [835040] HP-UX Update for Apache PHP HPSBUX00207
5919| [835025] HP-UX Update for Apache HPSBUX00197
5920| [835023] HP-UX Update for Apache HPSBUX01022
5921| [835022] HP-UX Update for Apache HPSBUX02292
5922| [835005] HP-UX Update for Apache HPSBUX02262
5923| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5924| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5925| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5926| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5927| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5928| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5929| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5930| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5931| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5932| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5933| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5934| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5935| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5936| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5937| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5938| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5939| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5940| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5941| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5942| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5943| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5944| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5945| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5946| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5947| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5948| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5949| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5950| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5951| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5952| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5953| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5954| [801942] Apache Archiva Multiple Vulnerabilities
5955| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5956| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5957| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5958| [801284] Apache Derby Information Disclosure Vulnerability
5959| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5960| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5961| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5962| [800680] Apache APR Version Detection
5963| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5964| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5965| [800677] Apache Roller Version Detection
5966| [800279] Apache mod_jk Module Version Detection
5967| [800278] Apache Struts Cross Site Scripting Vulnerability
5968| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5969| [800276] Apache Struts Version Detection
5970| [800271] Apache Struts Directory Traversal Vulnerability
5971| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5972| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5973| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5974| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5975| [103074] Apache Continuum Cross Site Scripting Vulnerability
5976| [103073] Apache Continuum Detection
5977| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5978| [101023] Apache Open For Business Weak Password security check
5979| [101020] Apache Open For Business HTML injection vulnerability
5980| [101019] Apache Open For Business service detection
5981| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5982| [100923] Apache Archiva Detection
5983| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5984| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5985| [100813] Apache Axis2 Detection
5986| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5987| [100795] Apache Derby Detection
5988| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5989| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5990| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5991| [100514] Apache Multiple Security Vulnerabilities
5992| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5993| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5994| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5995| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5996| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5997| [72612] FreeBSD Ports: apache22
5998| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5999| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6000| [71512] FreeBSD Ports: apache
6001| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6002| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6003| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6004| [70737] FreeBSD Ports: apache
6005| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6006| [70600] FreeBSD Ports: apache
6007| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6008| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6009| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6010| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6011| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6012| [67868] FreeBSD Ports: apache
6013| [66816] FreeBSD Ports: apache
6014| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6015| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6016| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6017| [66081] SLES11: Security update for Apache 2
6018| [66074] SLES10: Security update for Apache 2
6019| [66070] SLES9: Security update for Apache 2
6020| [65998] SLES10: Security update for apache2-mod_python
6021| [65893] SLES10: Security update for Apache 2
6022| [65888] SLES10: Security update for Apache 2
6023| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
6024| [65510] SLES9: Security update for Apache 2
6025| [65472] SLES9: Security update for Apache
6026| [65467] SLES9: Security update for Apache
6027| [65450] SLES9: Security update for apache2
6028| [65390] SLES9: Security update for Apache2
6029| [65363] SLES9: Security update for Apache2
6030| [65309] SLES9: Security update for Apache and mod_ssl
6031| [65296] SLES9: Security update for webdav apache module
6032| [65283] SLES9: Security update for Apache2
6033| [65249] SLES9: Security update for Apache 2
6034| [65230] SLES9: Security update for Apache 2
6035| [65228] SLES9: Security update for Apache 2
6036| [65212] SLES9: Security update for apache2-mod_python
6037| [65209] SLES9: Security update for apache2-worker
6038| [65207] SLES9: Security update for Apache 2
6039| [65168] SLES9: Security update for apache2-mod_python
6040| [65142] SLES9: Security update for Apache2
6041| [65136] SLES9: Security update for Apache 2
6042| [65132] SLES9: Security update for apache
6043| [65131] SLES9: Security update for Apache 2 oes/CORE
6044| [65113] SLES9: Security update for apache2
6045| [65072] SLES9: Security update for apache and mod_ssl
6046| [65017] SLES9: Security update for Apache 2
6047| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
6048| [64783] FreeBSD Ports: apache
6049| [64774] Ubuntu USN-802-2 (apache2)
6050| [64653] Ubuntu USN-813-2 (apache2)
6051| [64559] Debian Security Advisory DSA 1834-2 (apache2)
6052| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
6053| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
6054| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
6055| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
6056| [64443] Ubuntu USN-802-1 (apache2)
6057| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
6058| [64423] Debian Security Advisory DSA 1834-1 (apache2)
6059| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
6060| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
6061| [64251] Debian Security Advisory DSA 1816-1 (apache2)
6062| [64201] Ubuntu USN-787-1 (apache2)
6063| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
6064| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
6065| [63565] FreeBSD Ports: apache
6066| [63562] Ubuntu USN-731-1 (apache2)
6067| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
6068| [61185] FreeBSD Ports: apache
6069| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
6070| [60387] Slackware Advisory SSA:2008-045-02 apache
6071| [58826] FreeBSD Ports: apache-tomcat
6072| [58825] FreeBSD Ports: apache-tomcat
6073| [58804] FreeBSD Ports: apache
6074| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
6075| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
6076| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
6077| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
6078| [57335] Debian Security Advisory DSA 1167-1 (apache)
6079| [57201] Debian Security Advisory DSA 1131-1 (apache)
6080| [57200] Debian Security Advisory DSA 1132-1 (apache2)
6081| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
6082| [57145] FreeBSD Ports: apache
6083| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
6084| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
6085| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
6086| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
6087| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
6088| [56067] FreeBSD Ports: apache
6089| [55803] Slackware Advisory SSA:2005-310-04 apache
6090| [55519] Debian Security Advisory DSA 839-1 (apachetop)
6091| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
6092| [55355] FreeBSD Ports: apache
6093| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
6094| [55261] Debian Security Advisory DSA 805-1 (apache2)
6095| [55259] Debian Security Advisory DSA 803-1 (apache)
6096| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
6097| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
6098| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
6099| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
6100| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
6101| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
6102| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
6103| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
6104| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
6105| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
6106| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
6107| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
6108| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
6109| [54439] FreeBSD Ports: apache
6110| [53931] Slackware Advisory SSA:2004-133-01 apache
6111| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
6112| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
6113| [53878] Slackware Advisory SSA:2003-308-01 apache security update
6114| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
6115| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
6116| [53848] Debian Security Advisory DSA 131-1 (apache)
6117| [53784] Debian Security Advisory DSA 021-1 (apache)
6118| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
6119| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
6120| [53735] Debian Security Advisory DSA 187-1 (apache)
6121| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
6122| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
6123| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
6124| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6125| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6126| [53282] Debian Security Advisory DSA 594-1 (apache)
6127| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6128| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6129| [53215] Debian Security Advisory DSA 525-1 (apache)
6130| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6131| [52529] FreeBSD Ports: apache+ssl
6132| [52501] FreeBSD Ports: apache
6133| [52461] FreeBSD Ports: apache
6134| [52390] FreeBSD Ports: apache
6135| [52389] FreeBSD Ports: apache
6136| [52388] FreeBSD Ports: apache
6137| [52383] FreeBSD Ports: apache
6138| [52339] FreeBSD Ports: apache+mod_ssl
6139| [52331] FreeBSD Ports: apache
6140| [52329] FreeBSD Ports: ru-apache+mod_ssl
6141| [52314] FreeBSD Ports: apache
6142| [52310] FreeBSD Ports: apache
6143| [15588] Detect Apache HTTPS
6144| [15555] Apache mod_proxy content-length buffer overflow
6145| [15554] Apache mod_include priviledge escalation
6146| [14771] Apache <= 1.3.33 htpasswd local overflow
6147| [14177] Apache mod_access rule bypass
6148| [13644] Apache mod_rootme Backdoor
6149| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6150| [12280] Apache Connection Blocking Denial of Service
6151| [12239] Apache Error Log Escape Sequence Injection
6152| [12123] Apache Tomcat source.jsp malformed request information disclosure
6153| [12085] Apache Tomcat servlet/JSP container default files
6154| [11438] Apache Tomcat Directory Listing and File disclosure
6155| [11204] Apache Tomcat Default Accounts
6156| [11092] Apache 2.0.39 Win32 directory traversal
6157| [11046] Apache Tomcat TroubleShooter Servlet Installed
6158| [11042] Apache Tomcat DOS Device Name XSS
6159| [11041] Apache Tomcat /servlet Cross Site Scripting
6160| [10938] Apache Remote Command Execution via .bat files
6161| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6162| [10773] MacOS X Finder reveals contents of Apache Web files
6163| [10766] Apache UserDir Sensitive Information Disclosure
6164| [10756] MacOS X Finder reveals contents of Apache Web directories
6165| [10752] Apache Auth Module SQL Insertion Attack
6166| [10704] Apache Directory Listing
6167| [10678] Apache /server-info accessible
6168| [10677] Apache /server-status accessible
6169| [10440] Check for Apache Multiple / vulnerability
6170|
6171| SecurityTracker - https://www.securitytracker.com:
6172| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6173| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6174| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6175| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6176| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6177| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6178| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6179| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6180| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6181| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6182| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6183| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6184| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6185| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6186| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6187| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6188| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6189| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6190| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6191| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6192| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6193| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6194| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6195| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6196| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6197| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6198| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6199| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6200| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6201| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6202| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6203| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6204| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6205| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6206| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6207| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6208| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6209| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6210| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6211| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6212| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6213| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6214| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6215| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6216| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6217| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6218| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6219| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6220| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6221| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6222| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6223| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6224| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6225| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6226| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6227| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6228| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6229| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6230| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6231| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6232| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6233| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6234| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6235| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6236| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6237| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6238| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6239| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6240| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6241| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6242| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6243| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6244| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6245| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6246| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6247| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6248| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6249| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6250| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6251| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6252| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6253| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6254| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6255| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6256| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6257| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6258| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6259| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6260| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6261| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6262| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6263| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6264| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6265| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6266| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6267| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6268| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6269| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6270| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6271| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6272| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6273| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6274| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6275| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6276| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6277| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6278| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6279| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6280| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6281| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6282| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6283| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6284| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6285| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6286| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6287| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6288| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6289| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6290| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6291| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6292| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6293| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6294| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6295| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6296| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6297| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6298| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6299| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6300| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6301| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6302| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6303| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6304| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6305| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6306| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6307| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6308| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6309| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6310| [1008920] Apache mod_digest May Validate Replayed Client Responses
6311| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6312| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6313| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6314| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6315| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6316| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6317| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6318| [1008029] Apache mod_alias Contains a Buffer Overflow
6319| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6320| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6321| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6322| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6323| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6324| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6325| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6326| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6327| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6328| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6329| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6330| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6331| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6332| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6333| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6334| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6335| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6336| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6337| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6338| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6339| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6340| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6341| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6342| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6343| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6344| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6345| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6346| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6347| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6348| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6349| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6350| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6351| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6352| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6353| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6354| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6355| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6356| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6357| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6358| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6359| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6360| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6361| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6362| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6363| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6364| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6365| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6366| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6367| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6368| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6369| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6370| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6371| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6372| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6373| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6374| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6375|
6376| OSVDB - http://www.osvdb.org:
6377| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6378| [96077] Apache CloudStack Global Settings Multiple Field XSS
6379| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6380| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6381| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6382| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6383| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6384| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6385| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6386| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6387| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6388| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6389| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6390| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6391| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6392| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6393| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6394| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6395| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6396| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6397| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6398| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6399| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6400| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6401| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6402| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6403| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6404| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6405| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6406| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6407| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6408| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6409| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6410| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6411| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6412| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6413| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6414| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6415| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6416| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6417| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6418| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6419| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6420| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6421| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6422| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6423| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6424| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6425| [94279] Apache Qpid CA Certificate Validation Bypass
6426| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6427| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6428| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6429| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6430| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6431| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6432| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6433| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6434| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6435| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6436| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6437| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6438| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6439| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6440| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6441| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6442| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6443| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6444| [93541] Apache Solr json.wrf Callback XSS
6445| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6446| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6447| [93520] Apache CloudStack Default SSL Key Weakness
6448| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6449| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6450| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6451| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6452| [93515] Apache HBase table.jsp name Parameter XSS
6453| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6454| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6455| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6456| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6457| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6458| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6459| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6460| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6461| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6462| [93252] Apache Tomcat FORM Authenticator Session Fixation
6463| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6464| [93171] Apache Sling HtmlResponse Error Message XSS
6465| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6466| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6467| [93168] Apache Click ErrorReport.java id Parameter XSS
6468| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6469| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6470| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6471| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6472| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6473| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6474| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6475| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6476| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6477| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6478| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6479| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6480| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6481| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6482| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6483| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6484| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6485| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6486| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6487| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6488| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6489| [93144] Apache Solr Admin Command Execution CSRF
6490| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6491| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6492| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6493| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6494| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6495| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6496| [92748] Apache CloudStack VM Console Access Restriction Bypass
6497| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6498| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6499| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6500| [92706] Apache ActiveMQ Debug Log Rendering XSS
6501| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6502| [92270] Apache Tomcat Unspecified CSRF
6503| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6504| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6505| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6506| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6507| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6508| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6509| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6510| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6511| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6512| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6513| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6514| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6515| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6516| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6517| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6518| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6519| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6520| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6521| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6522| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6523| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6524| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6525| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6526| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6527| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6528| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6529| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6530| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6531| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6532| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6533| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6534| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6535| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6536| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6537| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6538| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6539| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6540| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6541| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6542| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6543| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6544| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6545| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6546| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6547| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6548| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6549| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6550| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6551| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6552| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6553| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6554| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6555| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6556| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6557| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6558| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6559| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6560| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6561| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6562| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6563| [86901] Apache Tomcat Error Message Path Disclosure
6564| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6565| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6566| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6567| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6568| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6569| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6570| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6571| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6572| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6573| [85430] Apache mod_pagespeed Module Unspecified XSS
6574| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6575| [85249] Apache Wicket Unspecified XSS
6576| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6577| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6578| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6579| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6580| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6581| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6582| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6583| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6584| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6585| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6586| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6587| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6588| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6589| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6590| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6591| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6592| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6593| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6594| [83339] Apache Roller Blogger Roll Unspecified XSS
6595| [83270] Apache Roller Unspecified Admin Action CSRF
6596| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6597| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6598| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6599| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6600| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6601| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6602| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6603| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6604| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6605| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6606| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6607| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6608| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6609| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6610| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6611| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6612| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6613| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6614| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6615| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6616| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6617| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6618| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6619| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6620| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6621| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6622| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6623| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6624| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6625| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6626| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6627| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6628| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6629| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6630| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6631| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6632| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6633| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6634| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6635| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6636| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6637| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6638| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6639| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6640| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6641| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6642| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6643| [77593] Apache Struts Conversion Error OGNL Expression Injection
6644| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6645| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6646| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6647| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6648| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6649| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6650| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6651| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6652| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6653| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6654| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6655| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6656| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6657| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6658| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6659| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6660| [74725] Apache Wicket Multi Window Support Unspecified XSS
6661| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6662| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6663| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6664| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6665| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6666| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6667| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6668| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6669| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6670| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6671| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6672| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6673| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6674| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6675| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6676| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6677| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6678| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6679| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6680| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6681| [73154] Apache Archiva Multiple Unspecified CSRF
6682| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6683| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6684| [72238] Apache Struts Action / Method Names <
6685| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6686| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6687| [71557] Apache Tomcat HTML Manager Multiple XSS
6688| [71075] Apache Archiva User Management Page XSS
6689| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6690| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6691| [70924] Apache Continuum Multiple Admin Function CSRF
6692| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6693| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6694| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6695| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6696| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6697| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6698| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6699| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6700| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6701| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6702| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6703| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6704| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6705| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6706| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6707| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6708| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6709| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6710| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6711| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6712| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6713| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6714| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6715| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6716| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6717| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6718| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6719| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6720| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6721| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6722| [65054] Apache ActiveMQ Jetty Error Handler XSS
6723| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6724| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6725| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6726| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6727| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6728| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6729| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6730| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6731| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6732| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6733| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6734| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6735| [63895] Apache HTTP Server mod_headers Unspecified Issue
6736| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6737| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6738| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6739| [63140] Apache Thrift Service Malformed Data Remote DoS
6740| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6741| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6742| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6743| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6744| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6745| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6746| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6747| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6748| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6749| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6750| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6751| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6752| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6753| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6754| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6755| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6756| [60678] Apache Roller Comment Email Notification Manipulation DoS
6757| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6758| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6759| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6760| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6761| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6762| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6763| [60232] PHP on Apache php.exe Direct Request Remote DoS
6764| [60176] Apache Tomcat Windows Installer Admin Default Password
6765| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6766| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6767| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6768| [59944] Apache Hadoop jobhistory.jsp XSS
6769| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6770| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6771| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6772| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6773| [59019] Apache mod_python Cookie Salting Weakness
6774| [59018] Apache Harmony Error Message Handling Overflow
6775| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6776| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6777| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6778| [59010] Apache Solr get-file.jsp XSS
6779| [59009] Apache Solr action.jsp XSS
6780| [59008] Apache Solr analysis.jsp XSS
6781| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6782| [59006] Apache Beehive select / checkbox Tag XSS
6783| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6784| [59004] Apache Beehive Error Message XSS
6785| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6786| [59002] Apache Jetspeed default-page.psml URI XSS
6787| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6788| [59000] Apache CXF Unsigned Message Policy Bypass
6789| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6790| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6791| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6792| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6793| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6794| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6795| [58993] Apache Hadoop browseBlock.jsp XSS
6796| [58991] Apache Hadoop browseDirectory.jsp XSS
6797| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6798| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6799| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6800| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6801| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6802| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6803| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6804| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6805| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6806| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6807| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6808| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6809| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6810| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6811| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6812| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6813| [58974] Apache Sling /apps Script User Session Management Access Weakness
6814| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6815| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6816| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6817| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6818| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6819| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6820| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6821| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6822| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6823| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6824| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6825| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6826| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6827| [58805] Apache Derby Unauthenticated Database / Admin Access
6828| [58804] Apache Wicket Header Contribution Unspecified Issue
6829| [58803] Apache Wicket Session Fixation
6830| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6831| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6832| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6833| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6834| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6835| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6836| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6837| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6838| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6839| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6840| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6841| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6842| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6843| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6844| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6845| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6846| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6847| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6848| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6849| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6850| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6851| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6852| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6853| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6854| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6855| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6856| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6857| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6858| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6859| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6860| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6861| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6862| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6863| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6864| [58755] Apache Harmony DRLVM Non-public Class Member Access
6865| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6866| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6867| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6868| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6869| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6870| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6871| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6872| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6873| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6874| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6875| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6876| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6877| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6878| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6879| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6880| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6881| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6882| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6883| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6884| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6885| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6886| [58724] Apache Roller Logout Functionality Failure Session Persistence
6887| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6888| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6889| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6890| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6891| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6892| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6893| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6894| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6895| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6896| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6897| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6898| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6899| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6900| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6901| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6902| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6903| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6904| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6905| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6906| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6907| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6908| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6909| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6910| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6911| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6912| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6913| [58687] Apache Axis Invalid wsdl Request XSS
6914| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6915| [58685] Apache Velocity Template Designer Privileged Code Execution
6916| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6917| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6918| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6919| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6920| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6921| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6922| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6923| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6924| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6925| [58667] Apache Roller Database Cleartext Passwords Disclosure
6926| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6927| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6928| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6929| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6930| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6931| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6932| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6933| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6934| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6935| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6936| [56984] Apache Xerces2 Java Malformed XML Input DoS
6937| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6938| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6939| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6940| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6941| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6942| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6943| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6944| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6945| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6946| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6947| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6948| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6949| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6950| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6951| [55056] Apache Tomcat Cross-application TLD File Manipulation
6952| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6953| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6954| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6955| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6956| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6957| [54589] Apache Jserv Nonexistent JSP Request XSS
6958| [54122] Apache Struts s:a / s:url Tag href Element XSS
6959| [54093] Apache ActiveMQ Web Console JMS Message XSS
6960| [53932] Apache Geronimo Multiple Admin Function CSRF
6961| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6962| [53930] Apache Geronimo /console/portal/ URI XSS
6963| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6964| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6965| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6966| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6967| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6968| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6969| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6970| [53380] Apache Struts Unspecified XSS
6971| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6972| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6973| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6974| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6975| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6976| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6977| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6978| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6979| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6980| [51151] Apache Roller Search Function q Parameter XSS
6981| [50482] PHP with Apache php_value Order Unspecified Issue
6982| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6983| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6984| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6985| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6986| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6987| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6988| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6989| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6990| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6991| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6992| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6993| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6994| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6995| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6996| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6997| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6998| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6999| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7000| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7001| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7002| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7003| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7004| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7005| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7006| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7007| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7008| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7009| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7010| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7011| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7012| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7013| [43452] Apache Tomcat HTTP Request Smuggling
7014| [43309] Apache Geronimo LoginModule Login Method Bypass
7015| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7016| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7017| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7018| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7019| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7020| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7021| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
7022| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7023| [42091] Apache Maven Site Plugin Installation Permission Weakness
7024| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
7025| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
7026| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
7027| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7028| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
7029| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
7030| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
7031| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
7032| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
7033| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
7034| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7035| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7036| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
7037| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7038| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7039| [40262] Apache HTTP Server mod_status refresh XSS
7040| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
7041| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
7042| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
7043| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
7044| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
7045| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
7046| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7047| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
7048| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7049| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
7050| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
7051| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
7052| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7053| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7054| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7055| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7056| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7057| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
7058| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7059| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
7060| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
7061| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7062| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7063| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7064| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
7065| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
7066| [36080] Apache Tomcat JSP Examples Crafted URI XSS
7067| [36079] Apache Tomcat Manager Uploaded Filename XSS
7068| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
7069| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
7070| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
7071| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
7072| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
7073| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
7074| [34881] Apache Tomcat Malformed Accept-Language Header XSS
7075| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
7076| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
7077| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
7078| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7079| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7080| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
7081| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
7082| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
7083| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7084| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
7085| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7086| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7087| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
7088| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
7089| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7090| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7091| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7092| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
7093| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7094| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7095| [32724] Apache mod_python _filter_read Freed Memory Disclosure
7096| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
7097| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
7098| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
7099| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
7100| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
7101| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
7102| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
7103| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
7104| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7105| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7106| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7107| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
7108| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7109| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
7110| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
7111| [24365] Apache Struts Multiple Function Error Message XSS
7112| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
7113| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
7114| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
7115| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7116| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
7117| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
7118| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
7119| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7120| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
7121| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
7122| [22459] Apache Geronimo Error Page XSS
7123| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
7124| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7125| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7126| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7127| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7128| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7129| [21021] Apache Struts Error Message XSS
7130| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7131| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7132| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7133| [20439] Apache Tomcat Directory Listing Saturation DoS
7134| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7135| [20285] Apache HTTP Server Log File Control Character Injection
7136| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7137| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7138| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7139| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7140| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7141| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7142| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7143| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7144| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7145| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7146| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7147| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7148| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7149| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7150| [18233] Apache HTTP Server htdigest user Variable Overfow
7151| [17738] Apache HTTP Server HTTP Request Smuggling
7152| [16586] Apache HTTP Server Win32 GET Overflow DoS
7153| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7154| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7155| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7156| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7157| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7158| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7159| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7160| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7161| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7162| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7163| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7164| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7165| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7166| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7167| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7168| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7169| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7170| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7171| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7172| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7173| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7174| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7175| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7176| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7177| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7178| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7179| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7180| [13304] Apache Tomcat realPath.jsp Path Disclosure
7181| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7182| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7183| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7184| [12848] Apache HTTP Server htdigest realm Variable Overflow
7185| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7186| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7187| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7188| [12557] Apache HTTP Server prefork MPM accept Error DoS
7189| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7190| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7191| [12231] Apache Tomcat web.xml Arbitrary File Access
7192| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7193| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7194| [12178] Apache Jakarta Lucene results.jsp XSS
7195| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7196| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7197| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7198| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7199| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7200| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7201| [10471] Apache Xerces-C++ XML Parser DoS
7202| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7203| [10068] Apache HTTP Server htpasswd Local Overflow
7204| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7205| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7206| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7207| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7208| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7209| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7210| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7211| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7212| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7213| [9714] Apache Authentication Module Threaded MPM DoS
7214| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7215| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7216| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7217| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7218| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7219| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7220| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7221| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7222| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7223| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7224| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7225| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7226| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7227| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7228| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7229| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7230| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7231| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7232| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7233| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7234| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7235| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7236| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7237| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7238| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7239| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7240| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7241| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7242| [9208] Apache Tomcat .jsp Encoded Newline XSS
7243| [9204] Apache Tomcat ROOT Application XSS
7244| [9203] Apache Tomcat examples Application XSS
7245| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7246| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7247| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7248| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7249| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7250| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7251| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7252| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7253| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7254| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7255| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7256| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7257| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7258| [7611] Apache HTTP Server mod_alias Local Overflow
7259| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7260| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7261| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7262| [6882] Apache mod_python Malformed Query String Variant DoS
7263| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7264| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7265| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7266| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7267| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7268| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7269| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7270| [5278] Apache Tomcat web.xml Restriction Bypass
7271| [5051] Apache Tomcat Null Character DoS
7272| [4973] Apache Tomcat servlet Mapping XSS
7273| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7274| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7275| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7276| [4568] mod_survey For Apache ENV Tags SQL Injection
7277| [4553] Apache HTTP Server ApacheBench Overflow DoS
7278| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7279| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7280| [4383] Apache HTTP Server Socket Race Condition DoS
7281| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7282| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7283| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7284| [4231] Apache Cocoon Error Page Server Path Disclosure
7285| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7286| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7287| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7288| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7289| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7290| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7291| [3322] mod_php for Apache HTTP Server Process Hijack
7292| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7293| [2885] Apache mod_python Malformed Query String DoS
7294| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7295| [2733] Apache HTTP Server mod_rewrite Local Overflow
7296| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7297| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7298| [2149] Apache::Gallery Privilege Escalation
7299| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7300| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7301| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7302| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7303| [872] Apache Tomcat Multiple Default Accounts
7304| [862] Apache HTTP Server SSI Error Page XSS
7305| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7306| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7307| [845] Apache Tomcat MSDOS Device XSS
7308| [844] Apache Tomcat Java Servlet Error Page XSS
7309| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7310| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7311| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7312| [775] Apache mod_python Module Importing Privilege Function Execution
7313| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7314| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7315| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7316| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7317| [637] Apache HTTP Server UserDir Directive Username Enumeration
7318| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7319| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7320| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7321| [561] Apache Web Servers mod_status /server-status Information Disclosure
7322| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7323| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7324| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7325| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7326| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7327| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7328| [376] Apache Tomcat contextAdmin Arbitrary File Access
7329| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7330| [222] Apache HTTP Server test-cgi Arbitrary File Access
7331| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7332| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7333|_
7334139/tcp closed netbios-ssn
7335443/tcp open ssl/http Apache httpd
7336|_http-server-header: Apache
7337| vulscan: VulDB - https://vuldb.com:
7338| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7339| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7340| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7341| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7342| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7343| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7344| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7345| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7346| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7347| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7348| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7349| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7350| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7351| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7352| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7353| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7354| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7355| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7356| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7357| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7358| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7359| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7360| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7361| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7362| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7363| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7364| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7365| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7366| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7367| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7368| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7369| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7370| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7371| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7372| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7373| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7374| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7375| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7376| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7377| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7378| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7379| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7380| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7381| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7382| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7383| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7384| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7385| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7386| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7387| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7388| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7389| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7390| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7391| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7392| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7393| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7394| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7395| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7396| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7397| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7398| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7399| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7400| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7401| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7402| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7403| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7404| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7405| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7406| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7407| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7408| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7409| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7410| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7411| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7412| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7413| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7414| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7415| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7416| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7417| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7418| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7419| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7420| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7421| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7422| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7423| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7424| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7425| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7426| [136370] Apache Fineract up to 1.2.x sql injection
7427| [136369] Apache Fineract up to 1.2.x sql injection
7428| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7429| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7430| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7431| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7432| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7433| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7434| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7435| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7436| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7437| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7438| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7439| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7440| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7441| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7442| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7443| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7444| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7445| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7446| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7447| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7448| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7449| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7450| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7451| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7452| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7453| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7454| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7455| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7456| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7457| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7458| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7459| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7460| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7461| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7462| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7463| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7464| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7465| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7466| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7467| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7468| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7469| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7470| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7471| [130629] Apache Guacamole Cookie Flag weak encryption
7472| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7473| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7474| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7475| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7476| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7477| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7478| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7479| [130123] Apache Airflow up to 1.8.2 information disclosure
7480| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7481| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7482| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7483| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7484| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7485| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7486| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7487| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7488| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7489| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7490| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7491| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7492| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7493| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7494| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7495| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7496| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7497| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7498| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7499| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7500| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7501| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7502| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7503| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7504| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7505| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7506| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7507| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7508| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7509| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7510| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7511| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7512| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7513| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7514| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7515| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7516| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7517| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7518| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7519| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7520| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7521| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7522| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7523| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7524| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7525| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7526| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7527| [127007] Apache Spark Request Code Execution
7528| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7529| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7530| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7531| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7532| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7533| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7534| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7535| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7536| [126346] Apache Tomcat Path privilege escalation
7537| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7538| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7539| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7540| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7541| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7542| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7543| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7544| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7545| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7546| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7547| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7548| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7549| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7550| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7551| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7552| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7553| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7554| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7555| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7556| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7557| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7558| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7559| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7560| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7561| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7562| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7563| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7564| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7565| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7566| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7567| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7568| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7569| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7570| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7571| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7572| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7573| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7574| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7575| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7576| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7577| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7578| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7579| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7580| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7581| [123197] Apache Sentry up to 2.0.0 privilege escalation
7582| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7583| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7584| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7585| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7586| [122800] Apache Spark 1.3.0 REST API weak authentication
7587| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7588| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7589| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7590| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7591| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7592| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7593| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7594| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7595| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7596| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7597| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7598| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7599| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7600| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7601| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7602| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7603| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7604| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7605| [121354] Apache CouchDB HTTP API Code Execution
7606| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7607| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7608| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7609| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7610| [120168] Apache CXF weak authentication
7611| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7612| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7613| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7614| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7615| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7616| [119306] Apache MXNet Network Interface privilege escalation
7617| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7618| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7619| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7620| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7621| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7622| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7623| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7624| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7625| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7626| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7627| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7628| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7629| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7630| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7631| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7632| [117115] Apache Tika up to 1.17 tika-server command injection
7633| [116929] Apache Fineract getReportType Parameter privilege escalation
7634| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7635| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7636| [116926] Apache Fineract REST Parameter privilege escalation
7637| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7638| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7639| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7640| [115883] Apache Hive up to 2.3.2 privilege escalation
7641| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7642| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7643| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7644| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7645| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7646| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7647| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7648| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7649| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7650| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7651| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7652| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7653| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7654| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7655| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7656| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7657| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7658| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7659| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7660| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7661| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7662| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7663| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7664| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7665| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7666| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7667| [113895] Apache Geode up to 1.3.x Code Execution
7668| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7669| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7670| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7671| [113747] Apache Tomcat Servlets privilege escalation
7672| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7673| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7674| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7675| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7676| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7677| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7678| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7679| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7680| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7681| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7682| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7683| [112885] Apache Allura up to 1.8.0 File information disclosure
7684| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7685| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7686| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7687| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7688| [112625] Apache POI up to 3.16 Loop denial of service
7689| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7690| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7691| [112339] Apache NiFi 1.5.0 Header privilege escalation
7692| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7693| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7694| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7695| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7696| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7697| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7698| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7699| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7700| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7701| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7702| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7703| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7704| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7705| [112114] Oracle 9.1 Apache Log4j privilege escalation
7706| [112113] Oracle 9.1 Apache Log4j privilege escalation
7707| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7708| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7709| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7710| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7711| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7712| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7713| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7714| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7715| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7716| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7717| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7718| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7719| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7720| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7721| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7722| [110701] Apache Fineract Query Parameter sql injection
7723| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7724| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7725| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7726| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7727| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7728| [110106] Apache CXF Fediz Spring cross site request forgery
7729| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7730| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7731| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7732| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7733| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7734| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7735| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7736| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7737| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7738| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7739| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7740| [108938] Apple macOS up to 10.13.1 apache denial of service
7741| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7742| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7743| [108935] Apple macOS up to 10.13.1 apache denial of service
7744| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7745| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7746| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7747| [108931] Apple macOS up to 10.13.1 apache denial of service
7748| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7749| [108929] Apple macOS up to 10.13.1 apache denial of service
7750| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7751| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7752| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7753| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7754| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7755| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7756| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7757| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7758| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7759| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7760| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7761| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7762| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7763| [108782] Apache Xerces2 XML Service denial of service
7764| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7765| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7766| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7767| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7768| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7769| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7770| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7771| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7772| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7773| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7774| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7775| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7776| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7777| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7778| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7779| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7780| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7781| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7782| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7783| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7784| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7785| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7786| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7787| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7788| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7789| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7790| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7791| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7792| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7793| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7794| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7795| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7796| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7797| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7798| [107639] Apache NiFi 1.4.0 XML External Entity
7799| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7800| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7801| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7802| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7803| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7804| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7805| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7806| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7807| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7808| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7809| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7810| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7811| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7812| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7813| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7814| [107084] Apache Struts up to 2.3.19 cross site scripting
7815| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7816| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7817| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7818| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7819| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7820| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7821| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7822| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7823| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7824| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7825| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7826| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7827| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7828| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7829| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7830| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7831| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7832| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7833| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7834| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7835| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7836| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7837| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7838| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7839| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7840| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7841| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7842| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7843| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7844| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7845| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7846| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7847| [105643] Apache Pony Mail up to 0.8b weak authentication
7848| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7849| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7850| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7851| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7852| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7853| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7854| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7855| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7856| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7857| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7858| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7859| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7860| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7861| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7862| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7863| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7864| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7865| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7866| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7867| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7868| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7869| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7870| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7871| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7872| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7873| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7874| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7875| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7876| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7877| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7878| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7879| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7880| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7881| [103690] Apache OpenMeetings 1.0.0 sql injection
7882| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7883| [103688] Apache OpenMeetings 1.0.0 weak encryption
7884| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7885| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7886| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7887| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7888| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7889| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7890| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7891| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7892| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7893| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7894| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7895| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7896| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7897| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7898| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7899| [103352] Apache Solr Node weak authentication
7900| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7901| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7902| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7903| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7904| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7905| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7906| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7907| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7908| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7909| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7910| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7911| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7912| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7913| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7914| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7915| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7916| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7917| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7918| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7919| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7920| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7921| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7922| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7923| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7924| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7925| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7926| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7927| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7928| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7929| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7930| [99937] Apache Batik up to 1.8 privilege escalation
7931| [99936] Apache FOP up to 2.1 privilege escalation
7932| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7933| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7934| [99930] Apache Traffic Server up to 6.2.0 denial of service
7935| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7936| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7937| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7938| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7939| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7940| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7941| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7942| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7943| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7944| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7945| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7946| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7947| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7948| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7949| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7950| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7951| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7952| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7953| [98605] Apple macOS up to 10.12.3 Apache denial of service
7954| [98604] Apple macOS up to 10.12.3 Apache denial of service
7955| [98603] Apple macOS up to 10.12.3 Apache denial of service
7956| [98602] Apple macOS up to 10.12.3 Apache denial of service
7957| [98601] Apple macOS up to 10.12.3 Apache denial of service
7958| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7959| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7960| [98199] Apache Camel Validation XML External Entity
7961| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7962| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7963| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7964| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7965| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7966| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7967| [97081] Apache Tomcat HTTPS Request denial of service
7968| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7969| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7970| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7971| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7972| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7973| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7974| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7975| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7976| [95311] Apache Storm UI Daemon privilege escalation
7977| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7978| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7979| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7980| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7981| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7982| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7983| [94540] Apache Tika 1.9 tika-server File information disclosure
7984| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7985| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7986| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7987| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7988| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7989| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7990| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7991| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7992| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7993| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7994| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7995| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7996| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7997| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7998| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7999| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8000| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8001| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8002| [93532] Apache Commons Collections Library Java privilege escalation
8003| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8004| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8005| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8006| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8007| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8008| [93098] Apache Commons FileUpload privilege escalation
8009| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8010| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8011| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8012| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8013| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8014| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8015| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8016| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8017| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8018| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8019| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8020| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8021| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8022| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8023| [92549] Apache Tomcat on Red Hat privilege escalation
8024| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8025| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8026| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8027| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8028| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8029| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8030| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8031| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8032| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8033| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8034| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8035| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8036| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8037| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8038| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8039| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8040| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8041| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8042| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8043| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8044| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8045| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8046| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8047| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8048| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8049| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8050| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8051| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8052| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8053| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8054| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8055| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8056| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8057| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8058| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8059| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8060| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8061| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8062| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8063| [90263] Apache Archiva Header denial of service
8064| [90262] Apache Archiva Deserialize privilege escalation
8065| [90261] Apache Archiva XML DTD Connection privilege escalation
8066| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8067| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8068| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8069| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8070| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8071| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8072| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8073| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8074| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8075| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8076| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8077| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8078| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8079| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8080| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8081| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8082| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8083| [87765] Apache James Server 2.3.2 Command privilege escalation
8084| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8085| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8086| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8087| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8088| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8089| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8090| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8091| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8092| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8093| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8094| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8095| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8096| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8097| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8098| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8099| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8100| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8101| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8102| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8103| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8104| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8105| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8106| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8107| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8108| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8109| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8110| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8111| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8112| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8113| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8114| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8115| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8116| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8117| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8118| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8119| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8120| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8121| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8122| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8123| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8124| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8125| [82076] Apache Ranger up to 0.5.1 privilege escalation
8126| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8127| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8128| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8129| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8130| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8131| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8132| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8133| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8134| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8135| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8136| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8137| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8138| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8139| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8140| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8141| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8142| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8143| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8144| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8145| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8146| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8147| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8148| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8149| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8150| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8151| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8152| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8153| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8154| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8155| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8156| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8157| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8158| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8159| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8160| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8161| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8162| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8163| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8164| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8165| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8166| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8167| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8168| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8169| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8170| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8171| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8172| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8173| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8174| [78989] Apache Ambari up to 2.1.1 Open Redirect
8175| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8176| [78987] Apache Ambari up to 2.0.x cross site scripting
8177| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8178| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8179| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8180| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8181| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8182| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8183| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8184| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8185| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8186| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8187| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8188| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8189| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8190| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8191| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8192| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8193| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8194| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8195| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8196| [76567] Apache Struts 2.3.20 unknown vulnerability
8197| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8198| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8199| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8200| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8201| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8202| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8203| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8204| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8205| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8206| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8207| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8208| [74793] Apache Tomcat File Upload denial of service
8209| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8210| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8211| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8212| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8213| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8214| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8215| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8216| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8217| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8218| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8219| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8220| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8221| [74468] Apache Batik up to 1.6 denial of service
8222| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8223| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8224| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8225| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8226| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8227| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8228| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8229| [73731] Apache XML Security unknown vulnerability
8230| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8231| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8232| [73593] Apache Traffic Server up to 5.1.0 denial of service
8233| [73511] Apache POI up to 3.10 Deadlock denial of service
8234| [73510] Apache Solr up to 4.3.0 cross site scripting
8235| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8236| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8237| [73173] Apache CloudStack Stack-Based unknown vulnerability
8238| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8239| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8240| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8241| [72890] Apache Qpid 0.30 unknown vulnerability
8242| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8243| [72878] Apache Cordova 3.5.0 cross site request forgery
8244| [72877] Apache Cordova 3.5.0 cross site request forgery
8245| [72876] Apache Cordova 3.5.0 cross site request forgery
8246| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8247| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8248| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8249| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8250| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8251| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8252| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8253| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8254| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8255| [71629] Apache Axis2/C spoofing
8256| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8257| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8258| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8259| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8260| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8261| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8262| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8263| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8264| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8265| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8266| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8267| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8268| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8269| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8270| [70809] Apache POI up to 3.11 Crash denial of service
8271| [70808] Apache POI up to 3.10 unknown vulnerability
8272| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8273| [70749] Apache Axis up to 1.4 getCN spoofing
8274| [70701] Apache Traffic Server up to 3.3.5 denial of service
8275| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8276| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8277| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8278| [70661] Apache Subversion up to 1.6.17 denial of service
8279| [70660] Apache Subversion up to 1.6.17 spoofing
8280| [70659] Apache Subversion up to 1.6.17 spoofing
8281| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8282| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8283| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8284| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8285| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8286| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8287| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8288| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8289| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8290| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8291| [69846] Apache HBase up to 0.94.8 information disclosure
8292| [69783] Apache CouchDB up to 1.2.0 memory corruption
8293| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8294| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8295| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8296| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8297| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8298| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8299| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8300| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8301| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8302| [69431] Apache Archiva up to 1.3.6 cross site scripting
8303| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8304| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8305| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8306| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8307| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8308| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8309| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8310| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8311| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8312| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8313| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8314| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8315| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8316| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8317| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8318| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8319| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8320| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8321| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8322| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8323| [66356] Apache Wicket up to 6.8.0 information disclosure
8324| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8325| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8326| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8327| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8328| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8329| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8330| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8331| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8332| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8333| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8334| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8335| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8336| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8337| [65668] Apache Solr 4.0.0 Updater denial of service
8338| [65665] Apache Solr up to 4.3.0 denial of service
8339| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8340| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8341| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8342| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8343| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8344| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8345| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8346| [65410] Apache Struts 2.3.15.3 cross site scripting
8347| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8348| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8349| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8350| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8351| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8352| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8353| [65340] Apache Shindig 2.5.0 information disclosure
8354| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8355| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8356| [10826] Apache Struts 2 File privilege escalation
8357| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8358| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8359| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8360| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8361| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8362| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8363| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8364| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8365| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8366| [64722] Apache XML Security for C++ Heap-based memory corruption
8367| [64719] Apache XML Security for C++ Heap-based memory corruption
8368| [64718] Apache XML Security for C++ verify denial of service
8369| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8370| [64716] Apache XML Security for C++ spoofing
8371| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8372| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8373| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8374| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8375| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8376| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8377| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8378| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8379| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8380| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8381| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8382| [64467] Apache Geronimo 3.0 memory corruption
8383| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8384| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8385| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8386| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8387| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8388| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8389| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8390| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8391| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8392| [8873] Apache Struts 2.3.14 privilege escalation
8393| [8872] Apache Struts 2.3.14 privilege escalation
8394| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8395| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8396| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8397| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8398| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8399| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8400| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8401| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8402| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8403| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8404| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8405| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8406| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8407| [8427] Apache Tomcat Session Transaction weak authentication
8408| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8409| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8410| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8411| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8412| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8413| [63747] Apache Rave up to 0.20 User Account information disclosure
8414| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8415| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8416| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8417| [7687] Apache CXF up to 2.7.2 Token weak authentication
8418| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8419| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8420| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8421| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8422| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8423| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8424| [63090] Apache Tomcat up to 4.1.24 denial of service
8425| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8426| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8427| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8428| [62833] Apache CXF -/2.6.0 spoofing
8429| [62832] Apache Axis2 up to 1.6.2 spoofing
8430| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8431| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8432| [62826] Apache Libcloud up to 0.11.0 spoofing
8433| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8434| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8435| [62661] Apache Axis2 unknown vulnerability
8436| [62658] Apache Axis2 unknown vulnerability
8437| [62467] Apache Qpid up to 0.17 denial of service
8438| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8439| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8440| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8441| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8442| [62035] Apache Struts up to 2.3.4 denial of service
8443| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8444| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8445| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8446| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8447| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8448| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8449| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8450| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8451| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8452| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8453| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8454| [61229] Apache Sling up to 2.1.1 denial of service
8455| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8456| [61094] Apache Roller up to 5.0 cross site scripting
8457| [61093] Apache Roller up to 5.0 cross site request forgery
8458| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8459| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8460| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8461| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8462| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8463| [60708] Apache Qpid 0.12 unknown vulnerability
8464| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8465| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8466| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8467| [4882] Apache Wicket up to 1.5.4 directory traversal
8468| [4881] Apache Wicket up to 1.4.19 cross site scripting
8469| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8470| [60352] Apache Struts up to 2.2.3 memory corruption
8471| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8472| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8473| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8474| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8475| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8476| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8477| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8478| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8479| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8480| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8481| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8482| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8483| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8484| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8485| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8486| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8487| [59888] Apache Tomcat up to 6.0.6 denial of service
8488| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8489| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8490| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8491| [59850] Apache Geronimo up to 2.2.1 denial of service
8492| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8493| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8494| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8495| [58413] Apache Tomcat up to 6.0.10 spoofing
8496| [58381] Apache Wicket up to 1.4.17 cross site scripting
8497| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8498| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8499| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8500| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8501| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8502| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8503| [57568] Apache Archiva up to 1.3.4 cross site scripting
8504| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8505| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8506| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8507| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8508| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8509| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8510| [57025] Apache Tomcat up to 7.0.11 information disclosure
8511| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8512| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8513| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8514| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8515| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8516| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8517| [56512] Apache Continuum up to 1.4.0 cross site scripting
8518| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8519| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8520| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8521| [56441] Apache Tomcat up to 7.0.6 denial of service
8522| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8523| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8524| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8525| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8526| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8527| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8528| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8529| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8530| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8531| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8532| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8533| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8534| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8535| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8536| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8537| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8538| [54012] Apache Tomcat up to 6.0.10 denial of service
8539| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8540| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8541| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8542| [52894] Apache Tomcat up to 6.0.7 information disclosure
8543| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8544| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8545| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8546| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8547| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8548| [52584] Apache CouchDB up to 0.10.1 information disclosure
8549| [51757] Apache HTTP Server 2.0.44 cross site scripting
8550| [51756] Apache HTTP Server 2.0.44 spoofing
8551| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8552| [51690] Apache Tomcat up to 6.0 directory traversal
8553| [51689] Apache Tomcat up to 6.0 information disclosure
8554| [51688] Apache Tomcat up to 6.0 directory traversal
8555| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8556| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8557| [50626] Apache Solr 1.0.0 cross site scripting
8558| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8559| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8560| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8561| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8562| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8563| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8564| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8565| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8566| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8567| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8568| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8569| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8570| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8571| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8572| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8573| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8574| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8575| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8576| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8577| [47214] Apachefriends xampp 1.6.8 spoofing
8578| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8579| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8580| [47065] Apache Tomcat 4.1.23 cross site scripting
8581| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8582| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8583| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8584| [86625] Apache Struts directory traversal
8585| [44461] Apache Tomcat up to 5.5.0 information disclosure
8586| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8587| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8588| [43663] Apache Tomcat up to 6.0.16 directory traversal
8589| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8590| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8591| [43516] Apache Tomcat up to 4.1.20 directory traversal
8592| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8593| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8594| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8595| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8596| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8597| [40924] Apache Tomcat up to 6.0.15 information disclosure
8598| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8599| [40922] Apache Tomcat up to 6.0 information disclosure
8600| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8601| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8602| [40656] Apache Tomcat 5.5.20 information disclosure
8603| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8604| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8605| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8606| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8607| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8608| [40234] Apache Tomcat up to 6.0.15 directory traversal
8609| [40221] Apache HTTP Server 2.2.6 information disclosure
8610| [40027] David Castro Apache Authcas 0.4 sql injection
8611| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8612| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8613| [3414] Apache Tomcat WebDAV Stored privilege escalation
8614| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8615| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8616| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8617| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8618| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8619| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8620| [38524] Apache Geronimo 2.0 unknown vulnerability
8621| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8622| [38331] Apache Tomcat 4.1.24 information disclosure
8623| [38330] Apache Tomcat 4.1.24 information disclosure
8624| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8625| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8626| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8627| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8628| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8629| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8630| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8631| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8632| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8633| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8634| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8635| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8636| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8637| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8638| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8639| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8640| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8641| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8642| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8643| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8644| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8645| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8646| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8647| [34252] Apache HTTP Server denial of service
8648| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8649| [33877] Apache Opentaps 0.9.3 cross site scripting
8650| [33876] Apache Open For Business Project unknown vulnerability
8651| [33875] Apache Open For Business Project cross site scripting
8652| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8653| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8654|
8655| MITRE CVE - https://cve.mitre.org:
8656| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8657| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8658| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8659| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8660| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8661| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8662| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8663| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8664| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8665| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8666| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8667| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8668| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8669| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8670| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8671| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8672| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8673| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8674| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8675| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8676| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8677| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8678| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8679| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8680| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8681| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8682| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8683| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8684| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8685| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8686| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8687| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8688| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8689| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8690| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8691| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8692| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8693| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8694| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8695| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8696| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8697| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8698| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8699| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8700| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8701| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8702| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8703| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8704| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8705| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8706| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8707| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8708| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8709| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8710| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8711| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8712| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8713| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8714| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8715| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8716| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8717| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8718| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8719| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8720| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8721| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8722| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8723| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8724| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8725| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8726| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8727| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8728| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8729| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8730| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8731| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8732| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8733| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8734| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8735| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8736| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8737| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8738| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8739| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8740| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8741| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8742| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8743| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8744| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8745| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8746| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8747| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8748| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8749| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8750| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8751| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8752| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8753| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8754| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8755| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8756| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8757| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8758| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8759| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8760| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8761| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8762| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8763| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8764| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8765| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8766| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8767| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8768| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8769| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8770| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8771| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8772| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8773| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8774| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8775| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8776| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8777| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8778| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8779| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8780| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8781| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8782| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8783| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8784| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8785| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8786| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8787| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8788| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8789| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8790| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8791| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8792| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8793| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8794| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8795| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8796| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8797| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8798| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8799| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8800| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8801| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8802| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8803| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8804| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8805| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8806| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8807| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8808| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8809| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8810| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8811| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8812| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8813| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8814| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8815| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8816| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8817| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8818| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8819| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8820| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8821| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8822| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8823| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8824| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8825| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8826| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8827| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8828| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8829| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8830| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8831| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8832| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8833| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8834| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8835| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8836| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8837| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8838| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8839| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8840| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8841| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8842| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8843| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8844| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8845| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8846| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8847| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8848| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8849| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8850| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8851| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8852| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8853| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8854| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8855| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8856| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8857| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8858| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8859| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8860| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8861| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8862| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8863| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8864| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8865| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8866| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8867| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8868| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8869| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8870| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8871| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8872| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8873| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8874| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8875| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8876| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8877| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8878| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8879| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8880| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8881| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8882| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8883| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8884| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8885| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8886| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8887| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8888| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8889| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8890| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8891| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8892| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8893| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8894| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8895| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8896| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8897| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8898| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8899| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8900| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8901| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8902| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8903| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8904| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8905| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8906| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8907| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8908| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8909| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8910| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8911| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8912| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8913| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8914| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8915| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8916| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8917| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8918| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8919| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8920| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8921| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8922| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8923| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8924| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8925| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8926| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8927| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8928| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8929| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8930| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8931| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8932| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8933| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8934| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8935| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8936| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8937| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8938| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8939| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8940| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8941| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8942| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8943| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8944| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8945| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8946| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8947| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8948| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8949| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8950| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8951| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8952| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8953| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8954| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8955| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8956| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8957| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8958| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8959| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8960| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8961| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8962| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8963| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8964| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8965| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8966| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8967| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8968| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8969| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8970| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8971| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8972| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8973| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8974| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8975| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8976| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8977| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8978| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8979| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8980| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8981| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8982| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8983| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8984| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8985| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8986| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8987| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8988| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8989| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8990| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8991| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8992| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8993| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8994| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8995| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8996| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8997| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8998| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8999| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9000| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9001| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9002| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9003| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9004| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9005| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9006| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9007| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9008| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9009| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9010| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9011| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9012| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9013| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9014| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9015| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9016| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9017| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9018| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9019| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9020| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9021| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9022| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9023| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9024| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9025| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9026| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9027| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9028| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9029| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9030| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9031| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9032| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9033| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9034| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9035| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9036| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9037| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9038| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9039| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9040| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9041| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9042| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9043| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9044| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9045| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9046| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9047| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9048| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9049| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9050| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9051| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9052| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9053| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9054| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9055| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9056| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9057| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9058| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9059| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9060| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9061| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9062| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9063| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9064| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9065| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9066| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9067| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9068| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9069| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9070| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9071| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9072| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9073| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9074| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9075| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9076| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9077| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9078| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9079| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9080| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9081| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9082| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9083| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9084| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9085| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9086| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9087| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9088| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9089| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9090| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9091| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9092| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9093| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9094| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9095| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9096| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9097| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9098| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9099| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9100| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9101| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9102| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9103| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9104| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9105| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9106| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9107| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9108| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9109| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9110| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9111| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9112| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9113| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9114| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9115| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9116| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9117| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9118| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9119| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9120| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9121| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9122| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9123| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9124| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9125| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9126| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9127| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9128| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9129| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9130| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9131| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9132| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9133| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9134| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9135| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9136| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9137| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9138| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9139| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9140| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9141| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9142| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9143| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9144| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9145| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9146| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9147| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9148| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9149| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9150| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9151| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9152| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9153| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9154| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9155| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9156| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9157| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9158| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9159| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9160| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9161| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9162| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9163| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9164| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9165| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9166| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9167| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9168| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9169| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9170| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9171| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9172| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9173| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9174| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9175| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9176| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9177| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9178| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9179| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9180| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9181| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9182| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9183| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9184| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9185| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9186| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9187| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9188| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9189| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9190| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9191| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9192| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9193| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9194| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9195| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9196| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9197| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9198| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9199| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9200| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9201| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9202| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9203| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9204| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9205| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9206| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9207| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9208| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9209| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9210| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9211| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9212| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9213| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9214| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9215| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9216| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9217| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9218| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9219| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9220| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9221| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9222| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9223| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9224| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9225| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9226| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9227| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9228| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9229| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9230| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9231| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9232| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9233| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9234| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9235| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9236| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9237| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9238| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9239| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9240| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9241| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9242| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9243| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9244| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9245| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9246| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9247| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9248| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9249| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9250| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9251| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9252| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9253| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9254| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9255| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9256| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9257| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9258| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9259| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9260| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9261| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9262| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9263| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9264| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9265|
9266| SecurityFocus - https://www.securityfocus.com/bid/:
9267| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9268| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9269| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9270| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9271| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9272| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9273| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9274| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9275| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9276| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9277| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9278| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9279| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9280| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9281| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9282| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9283| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9284| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9285| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9286| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9287| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9288| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9289| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9290| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9291| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9292| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9293| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9294| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9295| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9296| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9297| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9298| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9299| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9300| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9301| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9302| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9303| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9304| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9305| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9306| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9307| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9308| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9309| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9310| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9311| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9312| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9313| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9314| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9315| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9316| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9317| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9318| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9319| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9320| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9321| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9322| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9323| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9324| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9325| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9326| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9327| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9328| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9329| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9330| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9331| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9332| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9333| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9334| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9335| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9336| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9337| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9338| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9339| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9340| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9341| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9342| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9343| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9344| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9345| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9346| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9347| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9348| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9349| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9350| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9351| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9352| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9353| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9354| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9355| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9356| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9357| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9358| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9359| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9360| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9361| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9362| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9363| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9364| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9365| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9366| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9367| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9368| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9369| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9370| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9371| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9372| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9373| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9374| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9375| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9376| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9377| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9378| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9379| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9380| [100447] Apache2Triad Multiple Security Vulnerabilities
9381| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9382| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9383| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9384| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9385| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9386| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9387| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9388| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9389| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9390| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9391| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9392| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9393| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9394| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9395| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9396| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9397| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9398| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9399| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9400| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9401| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9402| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9403| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9404| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9405| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9406| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9407| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9408| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9409| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9410| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9411| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9412| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9413| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9414| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9415| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9416| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9417| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9418| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9419| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9420| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9421| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9422| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9423| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9424| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9425| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9426| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9427| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9428| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9429| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9430| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9431| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9432| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9433| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9434| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9435| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9436| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9437| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9438| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9439| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9440| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9441| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9442| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9443| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9444| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9445| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9446| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9447| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9448| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9449| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9450| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9451| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9452| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9453| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9454| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9455| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9456| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9457| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9458| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9459| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9460| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9461| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9462| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9463| [95675] Apache Struts Remote Code Execution Vulnerability
9464| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9465| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9466| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9467| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9468| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9469| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9470| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9471| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9472| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9473| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9474| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9475| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9476| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9477| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9478| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9479| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9480| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9481| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9482| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9483| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9484| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9485| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9486| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9487| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9488| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9489| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9490| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9491| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9492| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9493| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9494| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9495| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9496| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9497| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9498| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9499| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9500| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9501| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9502| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9503| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9504| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9505| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9506| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9507| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9508| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9509| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9510| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9511| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9512| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9513| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9514| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9515| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9516| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9517| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9518| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9519| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9520| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9521| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9522| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9523| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9524| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9525| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9526| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9527| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9528| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9529| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9530| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9531| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9532| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9533| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9534| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9535| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9536| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9537| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9538| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9539| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9540| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9541| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9542| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9543| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9544| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9545| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9546| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9547| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9548| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9549| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9550| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9551| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9552| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9553| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9554| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9555| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9556| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9557| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9558| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9559| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9560| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9561| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9562| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9563| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9564| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9565| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9566| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9567| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9568| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9569| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9570| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9571| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9572| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9573| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9574| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9575| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9576| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9577| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9578| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9579| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9580| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9581| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9582| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9583| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9584| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9585| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9586| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9587| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9588| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9589| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9590| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9591| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9592| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9593| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9594| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9595| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9596| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9597| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9598| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9599| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9600| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9601| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9602| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9603| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9604| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9605| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9606| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9607| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9608| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9609| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9610| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9611| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9612| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9613| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9614| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9615| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9616| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9617| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9618| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9619| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9620| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9621| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9622| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9623| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9624| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9625| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9626| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9627| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9628| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9629| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9630| [76933] Apache James Server Unspecified Command Execution Vulnerability
9631| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9632| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9633| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9634| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9635| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9636| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9637| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9638| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9639| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9640| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9641| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9642| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9643| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9644| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9645| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9646| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9647| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9648| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9649| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9650| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9651| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9652| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9653| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9654| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9655| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9656| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9657| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9658| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9659| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9660| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9661| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9662| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9663| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9664| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9665| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9666| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9667| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9668| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9669| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9670| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9671| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9672| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9673| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9674| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9675| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9676| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9677| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9678| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9679| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9680| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9681| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9682| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9683| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9684| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9685| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9686| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9687| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9688| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9689| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9690| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9691| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9692| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9693| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9694| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9695| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9696| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9697| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9698| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9699| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9700| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9701| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9702| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9703| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9704| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9705| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9706| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9707| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9708| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9709| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9710| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9711| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9712| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9713| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9714| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9715| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9716| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9717| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9718| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9719| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9720| [68229] Apache Harmony PRNG Entropy Weakness
9721| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9722| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9723| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9724| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9725| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9726| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9727| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9728| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9729| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9730| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9731| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9732| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9733| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9734| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9735| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9736| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9737| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9738| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9739| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9740| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9741| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9742| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9743| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9744| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9745| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9746| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9747| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9748| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9749| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9750| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9751| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9752| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9753| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9754| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9755| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9756| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9757| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9758| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9759| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9760| [64780] Apache CloudStack Unauthorized Access Vulnerability
9761| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9762| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9763| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9764| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9765| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9766| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9767| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9768| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9769| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9770| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9771| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9772| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9773| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9774| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9775| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9776| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9777| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9778| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9779| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9780| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9781| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9782| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9783| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9784| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9785| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9786| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9787| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9788| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9789| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9790| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9791| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9792| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9793| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9794| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9795| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9796| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9797| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9798| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9799| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9800| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9801| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9802| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9803| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9804| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9805| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9806| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9807| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9808| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9809| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9810| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9811| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9812| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9813| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9814| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9815| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9816| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9817| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9818| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9819| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9820| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9821| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9822| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9823| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9824| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9825| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9826| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9827| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9828| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9829| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9830| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9831| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9832| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9833| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9834| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9835| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9836| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9837| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9838| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9839| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9840| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9841| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9842| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9843| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9844| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9845| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9846| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9847| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9848| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9849| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9850| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9851| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9852| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9853| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9854| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9855| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9856| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9857| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9858| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9859| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9860| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9861| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9862| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9863| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9864| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9865| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9866| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9867| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9868| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9869| [54798] Apache Libcloud Man In The Middle Vulnerability
9870| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9871| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9872| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9873| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9874| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9875| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9876| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9877| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9878| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9879| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9880| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9881| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9882| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9883| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9884| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9885| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9886| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9887| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9888| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9889| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9890| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9891| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9892| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9893| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9894| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9895| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9896| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9897| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9898| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9899| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9900| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9901| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9902| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9903| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9904| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9905| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9906| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9907| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9908| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9909| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9910| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9911| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9912| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9913| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9914| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9915| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9916| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9917| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9918| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9919| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9920| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9921| [49290] Apache Wicket Cross Site Scripting Vulnerability
9922| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9923| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9924| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9925| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9926| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9927| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9928| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9929| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9930| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9931| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9932| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9933| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9934| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9935| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9936| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9937| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9938| [46953] Apache MPM-ITK Module Security Weakness
9939| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9940| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9941| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9942| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9943| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9944| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9945| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9946| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9947| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9948| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9949| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9950| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9951| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9952| [44616] Apache Shiro Directory Traversal Vulnerability
9953| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9954| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9955| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9956| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9957| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9958| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9959| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9960| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9961| [42492] Apache CXF XML DTD Processing Security Vulnerability
9962| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9963| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9964| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9965| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9966| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9967| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9968| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9969| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9970| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9971| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9972| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9973| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9974| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9975| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9976| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9977| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9978| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9979| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9980| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9981| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9982| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9983| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9984| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9985| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9986| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9987| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9988| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9989| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9990| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9991| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9992| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9993| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9994| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9995| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9996| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9997| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9998| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9999| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10000| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10001| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10002| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10003| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10004| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10005| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10006| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10007| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10008| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10009| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10010| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10011| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10012| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10013| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10014| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10015| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10016| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10017| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10018| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10019| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10020| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10021| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10022| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10023| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10024| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10025| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10026| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10027| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10028| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10029| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10030| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10031| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10032| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10033| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10034| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10035| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10036| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10037| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10038| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10039| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10040| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10041| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10042| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10043| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10044| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10045| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10046| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10047| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10048| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10049| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10050| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10051| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10052| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10053| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10054| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10055| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10056| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10057| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10058| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10059| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10060| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10061| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10062| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10063| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10064| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10065| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10066| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10067| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10068| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10069| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10070| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10071| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10072| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10073| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10074| [20527] Apache Mod_TCL Remote Format String Vulnerability
10075| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10076| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10077| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10078| [19106] Apache Tomcat Information Disclosure Vulnerability
10079| [18138] Apache James SMTP Denial Of Service Vulnerability
10080| [17342] Apache Struts Multiple Remote Vulnerabilities
10081| [17095] Apache Log4Net Denial Of Service Vulnerability
10082| [16916] Apache mod_python FileSession Code Execution Vulnerability
10083| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10084| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10085| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10086| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10087| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10088| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10089| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10090| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10091| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10092| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10093| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10094| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10095| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10096| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10097| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10098| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10099| [14106] Apache HTTP Request Smuggling Vulnerability
10100| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10101| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10102| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10103| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10104| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10105| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10106| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10107| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10108| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10109| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10110| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10111| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10112| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10113| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10114| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10115| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10116| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10117| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10118| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10119| [11094] Apache mod_ssl Denial Of Service Vulnerability
10120| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10121| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10122| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10123| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10124| [10478] ClueCentral Apache Suexec Patch Security Weakness
10125| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10126| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10127| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10128| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10129| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10130| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10131| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10132| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10133| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10134| [9733] Apache Cygwin Directory Traversal Vulnerability
10135| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10136| [9590] Apache-SSL Client Certificate Forging Vulnerability
10137| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10138| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10139| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10140| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10141| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10142| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10143| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10144| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10145| [8898] Red Hat Apache Directory Index Default Configuration Error
10146| [8883] Apache Cocoon Directory Traversal Vulnerability
10147| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10148| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10149| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10150| [8707] Apache htpasswd Password Entropy Weakness
10151| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10152| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10153| [8226] Apache HTTP Server Multiple Vulnerabilities
10154| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10155| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10156| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10157| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10158| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10159| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10160| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10161| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10162| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10163| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10164| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10165| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10166| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10167| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10168| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10169| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10170| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10171| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10172| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10173| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10174| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10175| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10176| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10177| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10178| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10179| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10180| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10181| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10182| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10183| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10184| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10185| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10186| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10187| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10188| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10189| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10190| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10191| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10192| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10193| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10194| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10195| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10196| [5485] Apache 2.0 Path Disclosure Vulnerability
10197| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10198| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10199| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10200| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10201| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10202| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10203| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10204| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10205| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10206| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10207| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10208| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10209| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10210| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10211| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10212| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10213| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10214| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10215| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10216| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10217| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10218| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10219| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10220| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10221| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10222| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10223| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10224| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10225| [3596] Apache Split-Logfile File Append Vulnerability
10226| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10227| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10228| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10229| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10230| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10231| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10232| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10233| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10234| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10235| [3169] Apache Server Address Disclosure Vulnerability
10236| [3009] Apache Possible Directory Index Disclosure Vulnerability
10237| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10238| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10239| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10240| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10241| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10242| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10243| [2216] Apache Web Server DoS Vulnerability
10244| [2182] Apache /tmp File Race Vulnerability
10245| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10246| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10247| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10248| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10249| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10250| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10251| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10252| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10253| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10254| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10255| [1457] Apache::ASP source.asp Example Script Vulnerability
10256| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10257| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10258|
10259| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10260| [86258] Apache CloudStack text fields cross-site scripting
10261| [85983] Apache Subversion mod_dav_svn module denial of service
10262| [85875] Apache OFBiz UEL code execution
10263| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10264| [85871] Apache HTTP Server mod_session_dbd unspecified
10265| [85756] Apache Struts OGNL expression command execution
10266| [85755] Apache Struts DefaultActionMapper class open redirect
10267| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10268| [85574] Apache HTTP Server mod_dav denial of service
10269| [85573] Apache Struts Showcase App OGNL code execution
10270| [85496] Apache CXF denial of service
10271| [85423] Apache Geronimo RMI classloader code execution
10272| [85326] Apache Santuario XML Security for C++ buffer overflow
10273| [85323] Apache Santuario XML Security for Java spoofing
10274| [85319] Apache Qpid Python client SSL spoofing
10275| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10276| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10277| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10278| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10279| [84952] Apache Tomcat CVE-2012-3544 denial of service
10280| [84763] Apache Struts CVE-2013-2135 security bypass
10281| [84762] Apache Struts CVE-2013-2134 security bypass
10282| [84719] Apache Subversion CVE-2013-2088 command execution
10283| [84718] Apache Subversion CVE-2013-2112 denial of service
10284| [84717] Apache Subversion CVE-2013-1968 denial of service
10285| [84577] Apache Tomcat security bypass
10286| [84576] Apache Tomcat symlink
10287| [84543] Apache Struts CVE-2013-2115 security bypass
10288| [84542] Apache Struts CVE-2013-1966 security bypass
10289| [84154] Apache Tomcat session hijacking
10290| [84144] Apache Tomcat denial of service
10291| [84143] Apache Tomcat information disclosure
10292| [84111] Apache HTTP Server command execution
10293| [84043] Apache Virtual Computing Lab cross-site scripting
10294| [84042] Apache Virtual Computing Lab cross-site scripting
10295| [83782] Apache CloudStack information disclosure
10296| [83781] Apache CloudStack security bypass
10297| [83720] Apache ActiveMQ cross-site scripting
10298| [83719] Apache ActiveMQ denial of service
10299| [83718] Apache ActiveMQ denial of service
10300| [83263] Apache Subversion denial of service
10301| [83262] Apache Subversion denial of service
10302| [83261] Apache Subversion denial of service
10303| [83259] Apache Subversion denial of service
10304| [83035] Apache mod_ruid2 security bypass
10305| [82852] Apache Qpid federation_tag security bypass
10306| [82851] Apache Qpid qpid::framing::Buffer denial of service
10307| [82758] Apache Rave User RPC API information disclosure
10308| [82663] Apache Subversion svn_fs_file_length() denial of service
10309| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10310| [82641] Apache Qpid AMQP denial of service
10311| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10312| [82618] Apache Commons FileUpload symlink
10313| [82360] Apache HTTP Server manager interface cross-site scripting
10314| [82359] Apache HTTP Server hostnames cross-site scripting
10315| [82338] Apache Tomcat log/logdir information disclosure
10316| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10317| [82268] Apache OpenJPA deserialization command execution
10318| [81981] Apache CXF UsernameTokens security bypass
10319| [81980] Apache CXF WS-Security security bypass
10320| [81398] Apache OFBiz cross-site scripting
10321| [81240] Apache CouchDB directory traversal
10322| [81226] Apache CouchDB JSONP code execution
10323| [81225] Apache CouchDB Futon user interface cross-site scripting
10324| [81211] Apache Axis2/C SSL spoofing
10325| [81167] Apache CloudStack DeployVM information disclosure
10326| [81166] Apache CloudStack AddHost API information disclosure
10327| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10328| [80518] Apache Tomcat cross-site request forgery security bypass
10329| [80517] Apache Tomcat FormAuthenticator security bypass
10330| [80516] Apache Tomcat NIO denial of service
10331| [80408] Apache Tomcat replay-countermeasure security bypass
10332| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10333| [80317] Apache Tomcat slowloris denial of service
10334| [79984] Apache Commons HttpClient SSL spoofing
10335| [79983] Apache CXF SSL spoofing
10336| [79830] Apache Axis2/Java SSL spoofing
10337| [79829] Apache Axis SSL spoofing
10338| [79809] Apache Tomcat DIGEST security bypass
10339| [79806] Apache Tomcat parseHeaders() denial of service
10340| [79540] Apache OFBiz unspecified
10341| [79487] Apache Axis2 SAML security bypass
10342| [79212] Apache Cloudstack code execution
10343| [78734] Apache CXF SOAP Action security bypass
10344| [78730] Apache Qpid broker denial of service
10345| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10346| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10347| [78562] Apache mod_pagespeed module security bypass
10348| [78454] Apache Axis2 security bypass
10349| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10350| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10351| [78321] Apache Wicket unspecified cross-site scripting
10352| [78183] Apache Struts parameters denial of service
10353| [78182] Apache Struts cross-site request forgery
10354| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10355| [77987] mod_rpaf module for Apache denial of service
10356| [77958] Apache Struts skill name code execution
10357| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10358| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10359| [77568] Apache Qpid broker security bypass
10360| [77421] Apache Libcloud spoofing
10361| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10362| [77046] Oracle Solaris Apache HTTP Server information disclosure
10363| [76837] Apache Hadoop information disclosure
10364| [76802] Apache Sling CopyFrom denial of service
10365| [76692] Apache Hadoop symlink
10366| [76535] Apache Roller console cross-site request forgery
10367| [76534] Apache Roller weblog cross-site scripting
10368| [76152] Apache CXF elements security bypass
10369| [76151] Apache CXF child policies security bypass
10370| [75983] MapServer for Windows Apache file include
10371| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10372| [75558] Apache POI denial of service
10373| [75545] PHP apache_request_headers() buffer overflow
10374| [75302] Apache Qpid SASL security bypass
10375| [75211] Debian GNU/Linux apache 2 cross-site scripting
10376| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10377| [74871] Apache OFBiz FlexibleStringExpander code execution
10378| [74870] Apache OFBiz multiple cross-site scripting
10379| [74750] Apache Hadoop unspecified spoofing
10380| [74319] Apache Struts XSLTResult.java file upload
10381| [74313] Apache Traffic Server header buffer overflow
10382| [74276] Apache Wicket directory traversal
10383| [74273] Apache Wicket unspecified cross-site scripting
10384| [74181] Apache HTTP Server mod_fcgid module denial of service
10385| [73690] Apache Struts OGNL code execution
10386| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10387| [73100] Apache MyFaces in directory traversal
10388| [73096] Apache APR hash denial of service
10389| [73052] Apache Struts name cross-site scripting
10390| [73030] Apache CXF UsernameToken security bypass
10391| [72888] Apache Struts lastName cross-site scripting
10392| [72758] Apache HTTP Server httpOnly information disclosure
10393| [72757] Apache HTTP Server MPM denial of service
10394| [72585] Apache Struts ParameterInterceptor security bypass
10395| [72438] Apache Tomcat Digest security bypass
10396| [72437] Apache Tomcat Digest security bypass
10397| [72436] Apache Tomcat DIGEST security bypass
10398| [72425] Apache Tomcat parameter denial of service
10399| [72422] Apache Tomcat request object information disclosure
10400| [72377] Apache HTTP Server scoreboard security bypass
10401| [72345] Apache HTTP Server HTTP request denial of service
10402| [72229] Apache Struts ExceptionDelegator command execution
10403| [72089] Apache Struts ParameterInterceptor directory traversal
10404| [72088] Apache Struts CookieInterceptor command execution
10405| [72047] Apache Geronimo hash denial of service
10406| [72016] Apache Tomcat hash denial of service
10407| [71711] Apache Struts OGNL expression code execution
10408| [71654] Apache Struts interfaces security bypass
10409| [71620] Apache ActiveMQ failover denial of service
10410| [71617] Apache HTTP Server mod_proxy module information disclosure
10411| [71508] Apache MyFaces EL security bypass
10412| [71445] Apache HTTP Server mod_proxy security bypass
10413| [71203] Apache Tomcat servlets privilege escalation
10414| [71181] Apache HTTP Server ap_pregsub() denial of service
10415| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10416| [70336] Apache HTTP Server mod_proxy information disclosure
10417| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10418| [69472] Apache Tomcat AJP security bypass
10419| [69396] Apache HTTP Server ByteRange filter denial of service
10420| [69394] Apache Wicket multi window support cross-site scripting
10421| [69176] Apache Tomcat XML information disclosure
10422| [69161] Apache Tomcat jsvc information disclosure
10423| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10424| [68541] Apache Tomcat sendfile information disclosure
10425| [68420] Apache XML Security denial of service
10426| [68238] Apache Tomcat JMX information disclosure
10427| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10428| [67804] Apache Subversion control rules information disclosure
10429| [67803] Apache Subversion control rules denial of service
10430| [67802] Apache Subversion baselined denial of service
10431| [67672] Apache Archiva multiple cross-site scripting
10432| [67671] Apache Archiva multiple cross-site request forgery
10433| [67564] Apache APR apr_fnmatch() denial of service
10434| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10435| [67515] Apache Tomcat annotations security bypass
10436| [67480] Apache Struts s:submit information disclosure
10437| [67414] Apache APR apr_fnmatch() denial of service
10438| [67356] Apache Struts javatemplates cross-site scripting
10439| [67354] Apache Struts Xwork cross-site scripting
10440| [66676] Apache Tomcat HTTP BIO information disclosure
10441| [66675] Apache Tomcat web.xml security bypass
10442| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10443| [66241] Apache HttpComponents information disclosure
10444| [66154] Apache Tomcat ServletSecurity security bypass
10445| [65971] Apache Tomcat ServletSecurity security bypass
10446| [65876] Apache Subversion mod_dav_svn denial of service
10447| [65343] Apache Continuum unspecified cross-site scripting
10448| [65162] Apache Tomcat NIO connector denial of service
10449| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10450| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10451| [65159] Apache Tomcat ServletContect security bypass
10452| [65050] Apache CouchDB web-based administration UI cross-site scripting
10453| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10454| [64473] Apache Subversion blame -g denial of service
10455| [64472] Apache Subversion walk() denial of service
10456| [64407] Apache Axis2 CVE-2010-0219 code execution
10457| [63926] Apache Archiva password privilege escalation
10458| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10459| [63493] Apache Archiva credentials cross-site request forgery
10460| [63477] Apache Tomcat HttpOnly session hijacking
10461| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10462| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10463| [62959] Apache Shiro filters security bypass
10464| [62790] Apache Perl cgi module denial of service
10465| [62576] Apache Qpid exchange denial of service
10466| [62575] Apache Qpid AMQP denial of service
10467| [62354] Apache Qpid SSL denial of service
10468| [62235] Apache APR-util apr_brigade_split_line() denial of service
10469| [62181] Apache XML-RPC SAX Parser information disclosure
10470| [61721] Apache Traffic Server cache poisoning
10471| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10472| [61186] Apache CouchDB Futon cross-site request forgery
10473| [61169] Apache CXF DTD denial of service
10474| [61070] Apache Jackrabbit search.jsp SQL injection
10475| [61006] Apache SLMS Quoting cross-site request forgery
10476| [60962] Apache Tomcat time cross-site scripting
10477| [60883] Apache mod_proxy_http information disclosure
10478| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10479| [60264] Apache Tomcat Transfer-Encoding denial of service
10480| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10481| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10482| [59413] Apache mod_proxy_http timeout information disclosure
10483| [59058] Apache MyFaces unencrypted view state cross-site scripting
10484| [58827] Apache Axis2 xsd file include
10485| [58790] Apache Axis2 modules cross-site scripting
10486| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10487| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10488| [58056] Apache ActiveMQ .jsp source code disclosure
10489| [58055] Apache Tomcat realm name information disclosure
10490| [58046] Apache HTTP Server mod_auth_shadow security bypass
10491| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10492| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10493| [57429] Apache CouchDB algorithms information disclosure
10494| [57398] Apache ActiveMQ Web console cross-site request forgery
10495| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10496| [56653] Apache HTTP Server DNS spoofing
10497| [56652] Apache HTTP Server DNS cross-site scripting
10498| [56625] Apache HTTP Server request header information disclosure
10499| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10500| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10501| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10502| [55857] Apache Tomcat WAR files directory traversal
10503| [55856] Apache Tomcat autoDeploy attribute security bypass
10504| [55855] Apache Tomcat WAR directory traversal
10505| [55210] Intuit component for Joomla! Apache information disclosure
10506| [54533] Apache Tomcat 404 error page cross-site scripting
10507| [54182] Apache Tomcat admin default password
10508| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10509| [53666] Apache HTTP Server Solaris pollset support denial of service
10510| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10511| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10512| [53041] mod_proxy_ftp module for Apache denial of service
10513| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10514| [51953] Apache Tomcat Path Disclosure
10515| [51952] Apache Tomcat Path Traversal
10516| [51951] Apache stronghold-status Information Disclosure
10517| [51950] Apache stronghold-info Information Disclosure
10518| [51949] Apache PHP Source Code Disclosure
10519| [51948] Apache Multiviews Attack
10520| [51946] Apache JServ Environment Status Information Disclosure
10521| [51945] Apache error_log Information Disclosure
10522| [51944] Apache Default Installation Page Pattern Found
10523| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10524| [51942] Apache AXIS XML External Entity File Retrieval
10525| [51941] Apache AXIS Sample Servlet Information Leak
10526| [51940] Apache access_log Information Disclosure
10527| [51626] Apache mod_deflate denial of service
10528| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10529| [51365] Apache Tomcat RequestDispatcher security bypass
10530| [51273] Apache HTTP Server Incomplete Request denial of service
10531| [51195] Apache Tomcat XML information disclosure
10532| [50994] Apache APR-util xml/apr_xml.c denial of service
10533| [50993] Apache APR-util apr_brigade_vprintf denial of service
10534| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10535| [50930] Apache Tomcat j_security_check information disclosure
10536| [50928] Apache Tomcat AJP denial of service
10537| [50884] Apache HTTP Server XML ENTITY denial of service
10538| [50808] Apache HTTP Server AllowOverride privilege escalation
10539| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10540| [50059] Apache mod_proxy_ajp information disclosure
10541| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10542| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10543| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10544| [49921] Apache ActiveMQ Web interface cross-site scripting
10545| [49898] Apache Geronimo Services/Repository directory traversal
10546| [49725] Apache Tomcat mod_jk module information disclosure
10547| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10548| [49712] Apache Struts unspecified cross-site scripting
10549| [49213] Apache Tomcat cal2.jsp cross-site scripting
10550| [48934] Apache Tomcat POST doRead method information disclosure
10551| [48211] Apache Tomcat header HTTP request smuggling
10552| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10553| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10554| [47709] Apache Roller "
10555| [47104] Novell Netware ApacheAdmin console security bypass
10556| [47086] Apache HTTP Server OS fingerprinting unspecified
10557| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10558| [45791] Apache Tomcat RemoteFilterValve security bypass
10559| [44435] Oracle WebLogic Apache Connector buffer overflow
10560| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10561| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10562| [44156] Apache Tomcat RequestDispatcher directory traversal
10563| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10564| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10565| [42987] Apache HTTP Server mod_proxy module denial of service
10566| [42915] Apache Tomcat JSP files path disclosure
10567| [42914] Apache Tomcat MS-DOS path disclosure
10568| [42892] Apache Tomcat unspecified unauthorized access
10569| [42816] Apache Tomcat Host Manager cross-site scripting
10570| [42303] Apache 403 error cross-site scripting
10571| [41618] Apache-SSL ExpandCert() authentication bypass
10572| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10573| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10574| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10575| [40562] Apache Geronimo init information disclosure
10576| [40478] Novell Web Manager webadmin-apache.conf security bypass
10577| [40411] Apache Tomcat exception handling information disclosure
10578| [40409] Apache Tomcat native (APR based) connector weak security
10579| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10580| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10581| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10582| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10583| [39804] Apache Tomcat SingleSignOn information disclosure
10584| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10585| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10586| [39608] Apache HTTP Server balancer manager cross-site request forgery
10587| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10588| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10589| [39472] Apache HTTP Server mod_status cross-site scripting
10590| [39201] Apache Tomcat JULI logging weak security
10591| [39158] Apache HTTP Server Windows SMB shares information disclosure
10592| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10593| [38951] Apache::AuthCAS Perl module cookie SQL injection
10594| [38800] Apache HTTP Server 413 error page cross-site scripting
10595| [38211] Apache Geronimo SQLLoginModule authentication bypass
10596| [37243] Apache Tomcat WebDAV directory traversal
10597| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10598| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10599| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10600| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10601| [36782] Apache Geronimo MEJB unauthorized access
10602| [36586] Apache HTTP Server UTF-7 cross-site scripting
10603| [36468] Apache Geronimo LoginModule security bypass
10604| [36467] Apache Tomcat functions.jsp cross-site scripting
10605| [36402] Apache Tomcat calendar cross-site request forgery
10606| [36354] Apache HTTP Server mod_proxy module denial of service
10607| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10608| [36336] Apache Derby lock table privilege escalation
10609| [36335] Apache Derby schema privilege escalation
10610| [36006] Apache Tomcat "
10611| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10612| [35999] Apache Tomcat \"
10613| [35795] Apache Tomcat CookieExample cross-site scripting
10614| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10615| [35384] Apache HTTP Server mod_cache module denial of service
10616| [35097] Apache HTTP Server mod_status module cross-site scripting
10617| [35095] Apache HTTP Server Prefork MPM module denial of service
10618| [34984] Apache HTTP Server recall_headers information disclosure
10619| [34966] Apache HTTP Server MPM content spoofing
10620| [34965] Apache HTTP Server MPM information disclosure
10621| [34963] Apache HTTP Server MPM multiple denial of service
10622| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10623| [34869] Apache Tomcat JSP example Web application cross-site scripting
10624| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10625| [34496] Apache Tomcat JK Connector security bypass
10626| [34377] Apache Tomcat hello.jsp cross-site scripting
10627| [34212] Apache Tomcat SSL configuration security bypass
10628| [34210] Apache Tomcat Accept-Language cross-site scripting
10629| [34209] Apache Tomcat calendar application cross-site scripting
10630| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10631| [34167] Apache Axis WSDL file path disclosure
10632| [34068] Apache Tomcat AJP connector information disclosure
10633| [33584] Apache HTTP Server suEXEC privilege escalation
10634| [32988] Apache Tomcat proxy module directory traversal
10635| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10636| [32708] Debian Apache tty privilege escalation
10637| [32441] ApacheStats extract() PHP call unspecified
10638| [32128] Apache Tomcat default account
10639| [31680] Apache Tomcat RequestParamExample cross-site scripting
10640| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10641| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10642| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10643| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10644| [29550] Apache mod_tcl set_var() format string
10645| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10646| [28357] Apache HTTP Server mod_alias script source information disclosure
10647| [28063] Apache mod_rewrite off-by-one buffer overflow
10648| [27902] Apache Tomcat URL information disclosure
10649| [26786] Apache James SMTP server denial of service
10650| [25680] libapache2 /tmp/svn file upload
10651| [25614] Apache Struts lookupMap cross-site scripting
10652| [25613] Apache Struts ActionForm denial of service
10653| [25612] Apache Struts isCancelled() security bypass
10654| [24965] Apache mod_python FileSession command execution
10655| [24716] Apache James spooler memory leak denial of service
10656| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10657| [24158] Apache Geronimo jsp-examples cross-site scripting
10658| [24030] Apache auth_ldap module multiple format strings
10659| [24008] Apache mod_ssl custom error message denial of service
10660| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10661| [23612] Apache mod_imap referer field cross-site scripting
10662| [23173] Apache Struts error message cross-site scripting
10663| [22942] Apache Tomcat directory listing denial of service
10664| [22858] Apache Multi-Processing Module code allows denial of service
10665| [22602] RHSA-2005:582 updates for Apache httpd not installed
10666| [22520] Apache mod-auth-shadow "
10667| [22466] ApacheTop symlink
10668| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10669| [22006] Apache HTTP Server byte-range filter denial of service
10670| [21567] Apache mod_ssl off-by-one buffer overflow
10671| [21195] Apache HTTP Server header HTTP request smuggling
10672| [20383] Apache HTTP Server htdigest buffer overflow
10673| [19681] Apache Tomcat AJP12 request denial of service
10674| [18993] Apache HTTP server check_forensic symlink attack
10675| [18790] Apache Tomcat Manager cross-site scripting
10676| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10677| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10678| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10679| [17961] Apache Web server ServerTokens has not been set
10680| [17930] Apache HTTP Server HTTP GET request denial of service
10681| [17785] Apache mod_include module buffer overflow
10682| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10683| [17473] Apache HTTP Server Satisfy directive allows access to resources
10684| [17413] Apache htpasswd buffer overflow
10685| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10686| [17382] Apache HTTP Server IPv6 apr_util denial of service
10687| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10688| [17273] Apache HTTP Server speculative mode denial of service
10689| [17200] Apache HTTP Server mod_ssl denial of service
10690| [16890] Apache HTTP Server server-info request has been detected
10691| [16889] Apache HTTP Server server-status request has been detected
10692| [16705] Apache mod_ssl format string attack
10693| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10694| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10695| [16230] Apache HTTP Server PHP denial of service
10696| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10697| [15958] Apache HTTP Server authentication modules memory corruption
10698| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10699| [15540] Apache HTTP Server socket starvation denial of service
10700| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10701| [15422] Apache HTTP Server mod_access information disclosure
10702| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10703| [15293] Apache for Cygwin "
10704| [15065] Apache-SSL has a default password
10705| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10706| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10707| [14751] Apache Mod_python output filter information disclosure
10708| [14125] Apache HTTP Server mod_userdir module information disclosure
10709| [14075] Apache HTTP Server mod_php file descriptor leak
10710| [13703] Apache HTTP Server account
10711| [13689] Apache HTTP Server configuration allows symlinks
10712| [13688] Apache HTTP Server configuration allows SSI
10713| [13687] Apache HTTP Server Server: header value
10714| [13685] Apache HTTP Server ServerTokens value
10715| [13684] Apache HTTP Server ServerSignature value
10716| [13672] Apache HTTP Server config allows directory autoindexing
10717| [13671] Apache HTTP Server default content
10718| [13670] Apache HTTP Server config file directive references outside content root
10719| [13668] Apache HTTP Server httpd not running in chroot environment
10720| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10721| [13664] Apache HTTP Server config file contains ScriptAlias entry
10722| [13663] Apache HTTP Server CGI support modules loaded
10723| [13661] Apache HTTP Server config file contains AddHandler entry
10724| [13660] Apache HTTP Server 500 error page not CGI script
10725| [13659] Apache HTTP Server 413 error page not CGI script
10726| [13658] Apache HTTP Server 403 error page not CGI script
10727| [13657] Apache HTTP Server 401 error page not CGI script
10728| [13552] Apache HTTP Server mod_cgid module information disclosure
10729| [13550] Apache GET request directory traversal
10730| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10731| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10732| [13429] Apache Tomcat non-HTTP request denial of service
10733| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10734| [13295] Apache weak password encryption
10735| [13254] Apache Tomcat .jsp cross-site scripting
10736| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10737| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10738| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10739| [12662] Apache HTTP Server rotatelogs denial of service
10740| [12554] Apache Tomcat stores password in plain text
10741| [12553] Apache HTTP Server redirects and subrequests denial of service
10742| [12552] Apache HTTP Server FTP proxy server denial of service
10743| [12551] Apache HTTP Server prefork MPM denial of service
10744| [12550] Apache HTTP Server weaker than expected encryption
10745| [12549] Apache HTTP Server type-map file denial of service
10746| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10747| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10748| [12091] Apache HTTP Server apr_password_validate denial of service
10749| [12090] Apache HTTP Server apr_psprintf code execution
10750| [11804] Apache HTTP Server mod_access_referer denial of service
10751| [11750] Apache HTTP Server could leak sensitive file descriptors
10752| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10753| [11703] Apache long slash path allows directory listing
10754| [11695] Apache HTTP Server LF (Line Feed) denial of service
10755| [11694] Apache HTTP Server filestat.c denial of service
10756| [11438] Apache HTTP Server MIME message boundaries information disclosure
10757| [11412] Apache HTTP Server error log terminal escape sequence injection
10758| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10759| [11195] Apache Tomcat web.xml could be used to read files
10760| [11194] Apache Tomcat URL appended with a null character could list directories
10761| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10762| [11126] Apache HTTP Server illegal character file disclosure
10763| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10764| [11124] Apache HTTP Server DOS device name denial of service
10765| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10766| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10767| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10768| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10769| [10499] Apache HTTP Server WebDAV HTTP POST view source
10770| [10457] Apache HTTP Server mod_ssl "
10771| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10772| [10414] Apache HTTP Server htdigest multiple buffer overflows
10773| [10413] Apache HTTP Server htdigest temporary file race condition
10774| [10412] Apache HTTP Server htpasswd temporary file race condition
10775| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10776| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10777| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10778| [10280] Apache HTTP Server shared memory scorecard overwrite
10779| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10780| [10241] Apache HTTP Server Host: header cross-site scripting
10781| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10782| [10208] Apache HTTP Server mod_dav denial of service
10783| [10206] HP VVOS Apache mod_ssl denial of service
10784| [10200] Apache HTTP Server stderr denial of service
10785| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10786| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10787| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10788| [10098] Slapper worm targets OpenSSL/Apache systems
10789| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10790| [9875] Apache HTTP Server .var file request could disclose installation path
10791| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10792| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10793| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10794| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10795| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10796| [9396] Apache Tomcat null character to threads denial of service
10797| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10798| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10799| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10800| [8932] Apache Tomcat example class information disclosure
10801| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10802| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10803| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10804| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10805| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10806| [8400] Apache HTTP Server mod_frontpage buffer overflows
10807| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10808| [8308] Apache "
10809| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10810| [8119] Apache and PHP OPTIONS request reveals "
10811| [8054] Apache is running on the system
10812| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10813| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10814| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10815| [7836] Apache HTTP Server log directory denial of service
10816| [7815] Apache for Windows "
10817| [7810] Apache HTTP request could result in unexpected behavior
10818| [7599] Apache Tomcat reveals installation path
10819| [7494] Apache "
10820| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10821| [7363] Apache Web Server hidden HTTP requests
10822| [7249] Apache mod_proxy denial of service
10823| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10824| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10825| [7059] Apache "
10826| [7057] Apache "
10827| [7056] Apache "
10828| [7055] Apache "
10829| [7054] Apache "
10830| [6997] Apache Jakarta Tomcat error message may reveal information
10831| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10832| [6970] Apache crafted HTTP request could reveal the internal IP address
10833| [6921] Apache long slash path allows directory listing
10834| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10835| [6527] Apache Web Server for Windows and OS2 denial of service
10836| [6316] Apache Jakarta Tomcat may reveal JSP source code
10837| [6305] Apache Jakarta Tomcat directory traversal
10838| [5926] Linux Apache symbolic link
10839| [5659] Apache Web server discloses files when used with php script
10840| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10841| [5204] Apache WebDAV directory listings
10842| [5197] Apache Web server reveals CGI script source code
10843| [5160] Apache Jakarta Tomcat default installation
10844| [5099] Trustix Secure Linux installs Apache with world writable access
10845| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10846| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10847| [4931] Apache source.asp example file allows users to write to files
10848| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10849| [4205] Apache Jakarta Tomcat delivers file contents
10850| [2084] Apache on Debian by default serves the /usr/doc directory
10851| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10852| [697] Apache HTTP server beck exploit
10853| [331] Apache cookies buffer overflow
10854|
10855| Exploit-DB - https://www.exploit-db.com:
10856| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10857| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10858| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10859| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10860| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10861| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10862| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10863| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10864| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10865| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10866| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10867| [29859] Apache Roller OGNL Injection
10868| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10869| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10870| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10871| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10872| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10873| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10874| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10875| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10876| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10877| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10878| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10879| [27096] Apache Geronimo 1.0 Error Page XSS
10880| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10881| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10882| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10883| [25986] Plesk Apache Zeroday Remote Exploit
10884| [25980] Apache Struts includeParams Remote Code Execution
10885| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10886| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10887| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10888| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10889| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10890| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10891| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10892| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10893| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10894| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10895| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10896| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10897| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10898| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10899| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10900| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10901| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10902| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10903| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10904| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10905| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10906| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10907| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10908| [21719] Apache 2.0 Path Disclosure Vulnerability
10909| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10910| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10911| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10912| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10913| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10914| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10915| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10916| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10917| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10918| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10919| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10920| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10921| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10922| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10923| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10924| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10925| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10926| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10927| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10928| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10929| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10930| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10931| [20558] Apache 1.2 Web Server DoS Vulnerability
10932| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10933| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10934| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10935| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10936| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10937| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10938| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10939| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10940| [19231] PHP apache_request_headers Function Buffer Overflow
10941| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10942| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10943| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10944| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10945| [18442] Apache httpOnly Cookie Disclosure
10946| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10947| [18221] Apache HTTP Server Denial of Service
10948| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10949| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10950| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10951| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10952| [16782] Apache Win32 Chunked Encoding
10953| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10954| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10955| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10956| [15319] Apache 2.2 (Windows) Local Denial of Service
10957| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10958| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10959| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10960| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10961| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10962| [12330] Apache OFBiz - Multiple XSS
10963| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10964| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10965| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10966| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10967| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10968| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10969| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10970| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10971| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10972| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10973| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10974| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10975| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10976| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10977| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10978| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10979| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10980| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10981| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10982| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10983| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10984| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10985| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10986| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10987| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10988| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10989| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10990| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10991| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10992| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10993| [466] htpasswd Apache 1.3.31 - Local Exploit
10994| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10995| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10996| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10997| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10998| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10999| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11000| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11001| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11002| [9] Apache HTTP Server 2.x Memory Leak Exploit
11003|
11004| OpenVAS (Nessus) - http://www.openvas.org:
11005| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11006| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11007| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11008| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11009| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11010| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11011| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11012| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11013| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11014| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11015| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11016| [900571] Apache APR-Utils Version Detection
11017| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11018| [900496] Apache Tiles Multiple XSS Vulnerability
11019| [900493] Apache Tiles Version Detection
11020| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11021| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11022| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11023| [870175] RedHat Update for apache RHSA-2008:0004-01
11024| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11025| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11026| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11027| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11028| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11029| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11030| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11031| [855821] Solaris Update for Apache 1.3 122912-19
11032| [855812] Solaris Update for Apache 1.3 122911-19
11033| [855737] Solaris Update for Apache 1.3 122911-17
11034| [855731] Solaris Update for Apache 1.3 122912-17
11035| [855695] Solaris Update for Apache 1.3 122911-16
11036| [855645] Solaris Update for Apache 1.3 122912-16
11037| [855587] Solaris Update for kernel update and Apache 108529-29
11038| [855566] Solaris Update for Apache 116973-07
11039| [855531] Solaris Update for Apache 116974-07
11040| [855524] Solaris Update for Apache 2 120544-14
11041| [855494] Solaris Update for Apache 1.3 122911-15
11042| [855478] Solaris Update for Apache Security 114145-11
11043| [855472] Solaris Update for Apache Security 113146-12
11044| [855179] Solaris Update for Apache 1.3 122912-15
11045| [855147] Solaris Update for kernel update and Apache 108528-29
11046| [855077] Solaris Update for Apache 2 120543-14
11047| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11048| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11049| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11050| [841209] Ubuntu Update for apache2 USN-1627-1
11051| [840900] Ubuntu Update for apache2 USN-1368-1
11052| [840798] Ubuntu Update for apache2 USN-1259-1
11053| [840734] Ubuntu Update for apache2 USN-1199-1
11054| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11055| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11056| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11057| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11058| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11059| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11060| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11061| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11062| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11063| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11064| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11065| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11066| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11067| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11068| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11069| [835188] HP-UX Update for Apache HPSBUX02308
11070| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11071| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11072| [835172] HP-UX Update for Apache HPSBUX02365
11073| [835168] HP-UX Update for Apache HPSBUX02313
11074| [835148] HP-UX Update for Apache HPSBUX01064
11075| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11076| [835131] HP-UX Update for Apache HPSBUX00256
11077| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11078| [835104] HP-UX Update for Apache HPSBUX00224
11079| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11080| [835101] HP-UX Update for Apache HPSBUX01232
11081| [835080] HP-UX Update for Apache HPSBUX02273
11082| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11083| [835044] HP-UX Update for Apache HPSBUX01019
11084| [835040] HP-UX Update for Apache PHP HPSBUX00207
11085| [835025] HP-UX Update for Apache HPSBUX00197
11086| [835023] HP-UX Update for Apache HPSBUX01022
11087| [835022] HP-UX Update for Apache HPSBUX02292
11088| [835005] HP-UX Update for Apache HPSBUX02262
11089| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11090| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11091| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11092| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11093| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11094| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11095| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11096| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11097| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11098| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11099| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11100| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11101| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11102| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11103| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11104| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11105| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11106| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11107| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11108| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11109| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11110| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11111| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11112| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11113| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11114| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11115| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11116| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11117| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11118| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11119| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11120| [801942] Apache Archiva Multiple Vulnerabilities
11121| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11122| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11123| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11124| [801284] Apache Derby Information Disclosure Vulnerability
11125| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11126| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11127| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11128| [800680] Apache APR Version Detection
11129| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11130| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11131| [800677] Apache Roller Version Detection
11132| [800279] Apache mod_jk Module Version Detection
11133| [800278] Apache Struts Cross Site Scripting Vulnerability
11134| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11135| [800276] Apache Struts Version Detection
11136| [800271] Apache Struts Directory Traversal Vulnerability
11137| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11138| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11139| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11140| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11141| [103074] Apache Continuum Cross Site Scripting Vulnerability
11142| [103073] Apache Continuum Detection
11143| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11144| [101023] Apache Open For Business Weak Password security check
11145| [101020] Apache Open For Business HTML injection vulnerability
11146| [101019] Apache Open For Business service detection
11147| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11148| [100923] Apache Archiva Detection
11149| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11150| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11151| [100813] Apache Axis2 Detection
11152| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11153| [100795] Apache Derby Detection
11154| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11155| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11156| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11157| [100514] Apache Multiple Security Vulnerabilities
11158| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11159| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11160| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11161| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11162| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11163| [72612] FreeBSD Ports: apache22
11164| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11165| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11166| [71512] FreeBSD Ports: apache
11167| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11168| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11169| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11170| [70737] FreeBSD Ports: apache
11171| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11172| [70600] FreeBSD Ports: apache
11173| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11174| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11175| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11176| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11177| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11178| [67868] FreeBSD Ports: apache
11179| [66816] FreeBSD Ports: apache
11180| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11181| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11182| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11183| [66081] SLES11: Security update for Apache 2
11184| [66074] SLES10: Security update for Apache 2
11185| [66070] SLES9: Security update for Apache 2
11186| [65998] SLES10: Security update for apache2-mod_python
11187| [65893] SLES10: Security update for Apache 2
11188| [65888] SLES10: Security update for Apache 2
11189| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11190| [65510] SLES9: Security update for Apache 2
11191| [65472] SLES9: Security update for Apache
11192| [65467] SLES9: Security update for Apache
11193| [65450] SLES9: Security update for apache2
11194| [65390] SLES9: Security update for Apache2
11195| [65363] SLES9: Security update for Apache2
11196| [65309] SLES9: Security update for Apache and mod_ssl
11197| [65296] SLES9: Security update for webdav apache module
11198| [65283] SLES9: Security update for Apache2
11199| [65249] SLES9: Security update for Apache 2
11200| [65230] SLES9: Security update for Apache 2
11201| [65228] SLES9: Security update for Apache 2
11202| [65212] SLES9: Security update for apache2-mod_python
11203| [65209] SLES9: Security update for apache2-worker
11204| [65207] SLES9: Security update for Apache 2
11205| [65168] SLES9: Security update for apache2-mod_python
11206| [65142] SLES9: Security update for Apache2
11207| [65136] SLES9: Security update for Apache 2
11208| [65132] SLES9: Security update for apache
11209| [65131] SLES9: Security update for Apache 2 oes/CORE
11210| [65113] SLES9: Security update for apache2
11211| [65072] SLES9: Security update for apache and mod_ssl
11212| [65017] SLES9: Security update for Apache 2
11213| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11214| [64783] FreeBSD Ports: apache
11215| [64774] Ubuntu USN-802-2 (apache2)
11216| [64653] Ubuntu USN-813-2 (apache2)
11217| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11218| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11219| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11220| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11221| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11222| [64443] Ubuntu USN-802-1 (apache2)
11223| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11224| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11225| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11226| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11227| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11228| [64201] Ubuntu USN-787-1 (apache2)
11229| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11230| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11231| [63565] FreeBSD Ports: apache
11232| [63562] Ubuntu USN-731-1 (apache2)
11233| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11234| [61185] FreeBSD Ports: apache
11235| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11236| [60387] Slackware Advisory SSA:2008-045-02 apache
11237| [58826] FreeBSD Ports: apache-tomcat
11238| [58825] FreeBSD Ports: apache-tomcat
11239| [58804] FreeBSD Ports: apache
11240| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11241| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11242| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11243| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11244| [57335] Debian Security Advisory DSA 1167-1 (apache)
11245| [57201] Debian Security Advisory DSA 1131-1 (apache)
11246| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11247| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11248| [57145] FreeBSD Ports: apache
11249| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11250| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11251| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11252| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11253| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11254| [56067] FreeBSD Ports: apache
11255| [55803] Slackware Advisory SSA:2005-310-04 apache
11256| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11257| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11258| [55355] FreeBSD Ports: apache
11259| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11260| [55261] Debian Security Advisory DSA 805-1 (apache2)
11261| [55259] Debian Security Advisory DSA 803-1 (apache)
11262| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11263| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11264| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11265| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11266| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11267| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11268| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11269| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11270| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11271| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11272| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11273| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11274| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11275| [54439] FreeBSD Ports: apache
11276| [53931] Slackware Advisory SSA:2004-133-01 apache
11277| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11278| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11279| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11280| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11281| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11282| [53848] Debian Security Advisory DSA 131-1 (apache)
11283| [53784] Debian Security Advisory DSA 021-1 (apache)
11284| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11285| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11286| [53735] Debian Security Advisory DSA 187-1 (apache)
11287| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11288| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11289| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11290| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11291| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11292| [53282] Debian Security Advisory DSA 594-1 (apache)
11293| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11294| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11295| [53215] Debian Security Advisory DSA 525-1 (apache)
11296| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11297| [52529] FreeBSD Ports: apache+ssl
11298| [52501] FreeBSD Ports: apache
11299| [52461] FreeBSD Ports: apache
11300| [52390] FreeBSD Ports: apache
11301| [52389] FreeBSD Ports: apache
11302| [52388] FreeBSD Ports: apache
11303| [52383] FreeBSD Ports: apache
11304| [52339] FreeBSD Ports: apache+mod_ssl
11305| [52331] FreeBSD Ports: apache
11306| [52329] FreeBSD Ports: ru-apache+mod_ssl
11307| [52314] FreeBSD Ports: apache
11308| [52310] FreeBSD Ports: apache
11309| [15588] Detect Apache HTTPS
11310| [15555] Apache mod_proxy content-length buffer overflow
11311| [15554] Apache mod_include priviledge escalation
11312| [14771] Apache <= 1.3.33 htpasswd local overflow
11313| [14177] Apache mod_access rule bypass
11314| [13644] Apache mod_rootme Backdoor
11315| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11316| [12280] Apache Connection Blocking Denial of Service
11317| [12239] Apache Error Log Escape Sequence Injection
11318| [12123] Apache Tomcat source.jsp malformed request information disclosure
11319| [12085] Apache Tomcat servlet/JSP container default files
11320| [11438] Apache Tomcat Directory Listing and File disclosure
11321| [11204] Apache Tomcat Default Accounts
11322| [11092] Apache 2.0.39 Win32 directory traversal
11323| [11046] Apache Tomcat TroubleShooter Servlet Installed
11324| [11042] Apache Tomcat DOS Device Name XSS
11325| [11041] Apache Tomcat /servlet Cross Site Scripting
11326| [10938] Apache Remote Command Execution via .bat files
11327| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11328| [10773] MacOS X Finder reveals contents of Apache Web files
11329| [10766] Apache UserDir Sensitive Information Disclosure
11330| [10756] MacOS X Finder reveals contents of Apache Web directories
11331| [10752] Apache Auth Module SQL Insertion Attack
11332| [10704] Apache Directory Listing
11333| [10678] Apache /server-info accessible
11334| [10677] Apache /server-status accessible
11335| [10440] Check for Apache Multiple / vulnerability
11336|
11337| SecurityTracker - https://www.securitytracker.com:
11338| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11339| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11340| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11341| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11342| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11343| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11344| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11345| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11346| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11347| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11348| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11349| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11350| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11351| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11352| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11353| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11354| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11355| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11356| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11357| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11358| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11359| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11360| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11361| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11362| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11363| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11364| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11365| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11366| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11367| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11368| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11369| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11370| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11371| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11372| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11373| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11374| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11375| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11376| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11377| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11378| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11379| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11380| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11381| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11382| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11383| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11384| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11385| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11386| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11387| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11388| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11389| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11390| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11391| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11392| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11393| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11394| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11395| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11396| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11397| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11398| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11399| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11400| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11401| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11402| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11403| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11404| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11405| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11406| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11407| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11408| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11409| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11410| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11411| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11412| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11413| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11414| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11415| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11416| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11417| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11418| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11419| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11420| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11421| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11422| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11423| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11424| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11425| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11426| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11427| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11428| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11429| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11430| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11431| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11432| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11433| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11434| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11435| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11436| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11437| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11438| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11439| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11440| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11441| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11442| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11443| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11444| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11445| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11446| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11447| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11448| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11449| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11450| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11451| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11452| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11453| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11454| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11455| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11456| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11457| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11458| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11459| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11460| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11461| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11462| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11463| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11464| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11465| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11466| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11467| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11468| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11469| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11470| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11471| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11472| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11473| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11474| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11475| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11476| [1008920] Apache mod_digest May Validate Replayed Client Responses
11477| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11478| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11479| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11480| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11481| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11482| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11483| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11484| [1008029] Apache mod_alias Contains a Buffer Overflow
11485| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11486| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11487| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11488| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11489| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11490| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11491| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11492| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11493| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11494| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11495| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11496| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11497| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11498| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11499| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11500| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11501| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11502| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11503| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11504| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11505| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11506| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11507| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11508| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11509| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11510| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11511| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11512| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11513| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11514| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11515| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11516| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11517| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11518| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11519| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11520| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11521| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11522| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11523| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11524| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11525| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11526| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11527| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11528| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11529| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11530| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11531| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11532| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11533| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11534| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11535| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11536| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11537| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11538| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11539| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11540| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11541|
11542| OSVDB - http://www.osvdb.org:
11543| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11544| [96077] Apache CloudStack Global Settings Multiple Field XSS
11545| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11546| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11547| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11548| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11549| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11550| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11551| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11552| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11553| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11554| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11555| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11556| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11557| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11558| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11559| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11560| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11561| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11562| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11563| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11564| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11565| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11566| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11567| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11568| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11569| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11570| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11571| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11572| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11573| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11574| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11575| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11576| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11577| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11578| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11579| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11580| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11581| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11582| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11583| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11584| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11585| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11586| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11587| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11588| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11589| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11590| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11591| [94279] Apache Qpid CA Certificate Validation Bypass
11592| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11593| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11594| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11595| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11596| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11597| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11598| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11599| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11600| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11601| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11602| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11603| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11604| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11605| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11606| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11607| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11608| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11609| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11610| [93541] Apache Solr json.wrf Callback XSS
11611| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11612| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11613| [93520] Apache CloudStack Default SSL Key Weakness
11614| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11615| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11616| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11617| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11618| [93515] Apache HBase table.jsp name Parameter XSS
11619| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11620| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11621| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11622| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11623| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11624| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11625| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11626| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11627| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11628| [93252] Apache Tomcat FORM Authenticator Session Fixation
11629| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11630| [93171] Apache Sling HtmlResponse Error Message XSS
11631| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11632| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11633| [93168] Apache Click ErrorReport.java id Parameter XSS
11634| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11635| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11636| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11637| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11638| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11639| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11640| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11641| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11642| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11643| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11644| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11645| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11646| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11647| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11648| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11649| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11650| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11651| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11652| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11653| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11654| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11655| [93144] Apache Solr Admin Command Execution CSRF
11656| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11657| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11658| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11659| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11660| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11661| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11662| [92748] Apache CloudStack VM Console Access Restriction Bypass
11663| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11664| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11665| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11666| [92706] Apache ActiveMQ Debug Log Rendering XSS
11667| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11668| [92270] Apache Tomcat Unspecified CSRF
11669| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11670| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11671| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11672| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11673| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11674| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11675| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11676| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11677| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11678| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11679| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11680| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11681| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11682| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11683| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11684| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11685| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11686| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11687| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11688| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11689| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11690| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11691| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11692| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11693| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11694| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11695| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11696| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11697| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11698| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11699| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11700| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11701| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11702| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11703| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11704| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11705| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11706| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11707| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11708| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11709| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11710| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11711| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11712| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11713| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11714| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11715| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11716| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11717| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11718| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11719| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11720| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11721| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11722| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11723| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11724| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11725| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11726| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11727| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11728| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11729| [86901] Apache Tomcat Error Message Path Disclosure
11730| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11731| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11732| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11733| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11734| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11735| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11736| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11737| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11738| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11739| [85430] Apache mod_pagespeed Module Unspecified XSS
11740| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11741| [85249] Apache Wicket Unspecified XSS
11742| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11743| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11744| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11745| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11746| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11747| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11748| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11749| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11750| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11751| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11752| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11753| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11754| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11755| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11756| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11757| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11758| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11759| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11760| [83339] Apache Roller Blogger Roll Unspecified XSS
11761| [83270] Apache Roller Unspecified Admin Action CSRF
11762| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11763| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11764| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11765| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11766| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11767| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11768| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11769| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11770| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11771| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11772| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11773| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11774| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11775| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11776| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11777| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11778| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11779| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11780| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11781| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11782| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11783| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11784| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11785| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11786| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11787| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11788| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11789| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11790| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11791| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11792| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11793| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11794| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11795| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11796| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11797| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11798| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11799| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11800| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11801| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11802| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11803| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11804| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11805| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11806| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11807| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11808| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11809| [77593] Apache Struts Conversion Error OGNL Expression Injection
11810| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11811| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11812| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11813| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11814| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11815| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11816| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11817| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11818| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11819| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11820| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11821| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11822| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11823| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11824| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11825| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11826| [74725] Apache Wicket Multi Window Support Unspecified XSS
11827| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11828| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11829| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11830| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11831| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11832| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11833| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11834| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11835| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11836| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11837| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11838| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11839| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11840| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11841| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11842| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11843| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11844| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11845| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11846| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11847| [73154] Apache Archiva Multiple Unspecified CSRF
11848| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11849| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11850| [72238] Apache Struts Action / Method Names <
11851| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11852| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11853| [71557] Apache Tomcat HTML Manager Multiple XSS
11854| [71075] Apache Archiva User Management Page XSS
11855| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11856| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11857| [70924] Apache Continuum Multiple Admin Function CSRF
11858| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11859| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11860| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11861| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11862| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11863| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11864| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11865| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11866| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11867| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11868| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11869| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11870| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11871| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11872| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11873| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11874| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11875| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11876| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11877| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11878| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11879| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11880| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11881| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11882| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11883| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11884| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11885| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11886| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11887| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11888| [65054] Apache ActiveMQ Jetty Error Handler XSS
11889| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11890| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11891| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11892| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11893| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11894| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11895| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11896| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11897| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11898| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11899| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11900| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11901| [63895] Apache HTTP Server mod_headers Unspecified Issue
11902| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11903| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11904| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11905| [63140] Apache Thrift Service Malformed Data Remote DoS
11906| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11907| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11908| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11909| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11910| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11911| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11912| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11913| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11914| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11915| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11916| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11917| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11918| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11919| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11920| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11921| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11922| [60678] Apache Roller Comment Email Notification Manipulation DoS
11923| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11924| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11925| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11926| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11927| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11928| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11929| [60232] PHP on Apache php.exe Direct Request Remote DoS
11930| [60176] Apache Tomcat Windows Installer Admin Default Password
11931| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11932| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11933| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11934| [59944] Apache Hadoop jobhistory.jsp XSS
11935| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11936| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11937| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11938| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11939| [59019] Apache mod_python Cookie Salting Weakness
11940| [59018] Apache Harmony Error Message Handling Overflow
11941| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11942| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11943| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11944| [59010] Apache Solr get-file.jsp XSS
11945| [59009] Apache Solr action.jsp XSS
11946| [59008] Apache Solr analysis.jsp XSS
11947| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11948| [59006] Apache Beehive select / checkbox Tag XSS
11949| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11950| [59004] Apache Beehive Error Message XSS
11951| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11952| [59002] Apache Jetspeed default-page.psml URI XSS
11953| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11954| [59000] Apache CXF Unsigned Message Policy Bypass
11955| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11956| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11957| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11958| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11959| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11960| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11961| [58993] Apache Hadoop browseBlock.jsp XSS
11962| [58991] Apache Hadoop browseDirectory.jsp XSS
11963| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11964| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11965| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11966| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11967| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11968| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11969| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11970| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11971| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11972| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11973| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11974| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11975| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11976| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11977| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11978| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11979| [58974] Apache Sling /apps Script User Session Management Access Weakness
11980| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11981| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11982| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11983| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11984| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11985| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11986| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11987| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11988| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11989| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11990| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11991| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11992| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11993| [58805] Apache Derby Unauthenticated Database / Admin Access
11994| [58804] Apache Wicket Header Contribution Unspecified Issue
11995| [58803] Apache Wicket Session Fixation
11996| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11997| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11998| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11999| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12000| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12001| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12002| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12003| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12004| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12005| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12006| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12007| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12008| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12009| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12010| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12011| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12012| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12013| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12014| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12015| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12016| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12017| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12018| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12019| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12020| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12021| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12022| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12023| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12024| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12025| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12026| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12027| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12028| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12029| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12030| [58755] Apache Harmony DRLVM Non-public Class Member Access
12031| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12032| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12033| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12034| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12035| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12036| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12037| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12038| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12039| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12040| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12041| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12042| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12043| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12044| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12045| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12046| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12047| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12048| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12049| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12050| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12051| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12052| [58724] Apache Roller Logout Functionality Failure Session Persistence
12053| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12054| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12055| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12056| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12057| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12058| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12059| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12060| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12061| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12062| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12063| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12064| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12065| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12066| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12067| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12068| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12069| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12070| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12071| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12072| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12073| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12074| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12075| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12076| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12077| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12078| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12079| [58687] Apache Axis Invalid wsdl Request XSS
12080| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12081| [58685] Apache Velocity Template Designer Privileged Code Execution
12082| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12083| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12084| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12085| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12086| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12087| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12088| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12089| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12090| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12091| [58667] Apache Roller Database Cleartext Passwords Disclosure
12092| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12093| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12094| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12095| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12096| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12097| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12098| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12099| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12100| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12101| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12102| [56984] Apache Xerces2 Java Malformed XML Input DoS
12103| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12104| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12105| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12106| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12107| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12108| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12109| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12110| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12111| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12112| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12113| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12114| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12115| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12116| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12117| [55056] Apache Tomcat Cross-application TLD File Manipulation
12118| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12119| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12120| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12121| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12122| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12123| [54589] Apache Jserv Nonexistent JSP Request XSS
12124| [54122] Apache Struts s:a / s:url Tag href Element XSS
12125| [54093] Apache ActiveMQ Web Console JMS Message XSS
12126| [53932] Apache Geronimo Multiple Admin Function CSRF
12127| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12128| [53930] Apache Geronimo /console/portal/ URI XSS
12129| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12130| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12131| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12132| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12133| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12134| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12135| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12136| [53380] Apache Struts Unspecified XSS
12137| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12138| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12139| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12140| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12141| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12142| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12143| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12144| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12145| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12146| [51151] Apache Roller Search Function q Parameter XSS
12147| [50482] PHP with Apache php_value Order Unspecified Issue
12148| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12149| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12150| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12151| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12152| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12153| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12154| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12155| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12156| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12157| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12158| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12159| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12160| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12161| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12162| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12163| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12164| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12165| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12166| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12167| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12168| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12169| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12170| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12171| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12172| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12173| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12174| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12175| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12176| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12177| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12178| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12179| [43452] Apache Tomcat HTTP Request Smuggling
12180| [43309] Apache Geronimo LoginModule Login Method Bypass
12181| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12182| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12183| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12184| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12185| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12186| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12187| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12188| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12189| [42091] Apache Maven Site Plugin Installation Permission Weakness
12190| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12191| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12192| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12193| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12194| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12195| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12196| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12197| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12198| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12199| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12200| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12201| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12202| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12203| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12204| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12205| [40262] Apache HTTP Server mod_status refresh XSS
12206| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12207| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12208| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12209| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12210| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12211| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12212| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12213| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12214| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12215| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12216| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12217| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12218| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12219| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12220| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12221| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12222| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12223| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12224| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12225| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12226| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12227| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12228| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12229| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12230| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12231| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12232| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12233| [36079] Apache Tomcat Manager Uploaded Filename XSS
12234| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12235| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12236| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12237| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12238| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12239| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12240| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12241| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12242| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12243| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12244| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12245| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12246| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12247| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12248| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12249| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12250| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12251| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12252| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12253| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12254| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12255| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12256| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12257| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12258| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12259| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12260| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12261| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12262| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12263| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12264| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12265| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12266| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12267| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12268| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12269| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12270| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12271| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12272| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12273| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12274| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12275| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12276| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12277| [24365] Apache Struts Multiple Function Error Message XSS
12278| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12279| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12280| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12281| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12282| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12283| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12284| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12285| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12286| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12287| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12288| [22459] Apache Geronimo Error Page XSS
12289| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12290| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12291| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12292| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12293| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12294| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12295| [21021] Apache Struts Error Message XSS
12296| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12297| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12298| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12299| [20439] Apache Tomcat Directory Listing Saturation DoS
12300| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12301| [20285] Apache HTTP Server Log File Control Character Injection
12302| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12303| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12304| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12305| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12306| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12307| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12308| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12309| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12310| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12311| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12312| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12313| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12314| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12315| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12316| [18233] Apache HTTP Server htdigest user Variable Overfow
12317| [17738] Apache HTTP Server HTTP Request Smuggling
12318| [16586] Apache HTTP Server Win32 GET Overflow DoS
12319| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12320| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12321| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12322| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12323| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12324| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12325| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12326| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12327| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12328| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12329| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12330| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12331| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12332| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12333| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12334| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12335| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12336| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12337| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12338| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12339| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12340| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12341| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12342| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12343| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12344| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12345| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12346| [13304] Apache Tomcat realPath.jsp Path Disclosure
12347| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12348| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12349| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12350| [12848] Apache HTTP Server htdigest realm Variable Overflow
12351| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12352| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12353| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12354| [12557] Apache HTTP Server prefork MPM accept Error DoS
12355| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12356| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12357| [12231] Apache Tomcat web.xml Arbitrary File Access
12358| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12359| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12360| [12178] Apache Jakarta Lucene results.jsp XSS
12361| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12362| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12363| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12364| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12365| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12366| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12367| [10471] Apache Xerces-C++ XML Parser DoS
12368| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12369| [10068] Apache HTTP Server htpasswd Local Overflow
12370| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12371| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12372| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12373| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12374| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12375| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12376| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12377| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12378| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12379| [9714] Apache Authentication Module Threaded MPM DoS
12380| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12381| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12382| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12383| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12384| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12385| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12386| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12387| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12388| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12389| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12390| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12391| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12392| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12393| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12394| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12395| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12396| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12397| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12398| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12399| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12400| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12401| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12402| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12403| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12404| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12405| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12406| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12407| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12408| [9208] Apache Tomcat .jsp Encoded Newline XSS
12409| [9204] Apache Tomcat ROOT Application XSS
12410| [9203] Apache Tomcat examples Application XSS
12411| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12412| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12413| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12414| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12415| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12416| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12417| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12418| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12419| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12420| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12421| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12422| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12423| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12424| [7611] Apache HTTP Server mod_alias Local Overflow
12425| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12426| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12427| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12428| [6882] Apache mod_python Malformed Query String Variant DoS
12429| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12430| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12431| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12432| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12433| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12434| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12435| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12436| [5278] Apache Tomcat web.xml Restriction Bypass
12437| [5051] Apache Tomcat Null Character DoS
12438| [4973] Apache Tomcat servlet Mapping XSS
12439| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12440| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12441| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12442| [4568] mod_survey For Apache ENV Tags SQL Injection
12443| [4553] Apache HTTP Server ApacheBench Overflow DoS
12444| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12445| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12446| [4383] Apache HTTP Server Socket Race Condition DoS
12447| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12448| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12449| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12450| [4231] Apache Cocoon Error Page Server Path Disclosure
12451| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12452| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12453| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12454| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12455| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12456| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12457| [3322] mod_php for Apache HTTP Server Process Hijack
12458| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12459| [2885] Apache mod_python Malformed Query String DoS
12460| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12461| [2733] Apache HTTP Server mod_rewrite Local Overflow
12462| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12463| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12464| [2149] Apache::Gallery Privilege Escalation
12465| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12466| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12467| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12468| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12469| [872] Apache Tomcat Multiple Default Accounts
12470| [862] Apache HTTP Server SSI Error Page XSS
12471| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12472| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12473| [845] Apache Tomcat MSDOS Device XSS
12474| [844] Apache Tomcat Java Servlet Error Page XSS
12475| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12476| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12477| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12478| [775] Apache mod_python Module Importing Privilege Function Execution
12479| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12480| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12481| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12482| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12483| [637] Apache HTTP Server UserDir Directive Username Enumeration
12484| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12485| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12486| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12487| [561] Apache Web Servers mod_status /server-status Information Disclosure
12488| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12489| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12490| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12491| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12492| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12493| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12494| [376] Apache Tomcat contextAdmin Arbitrary File Access
12495| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12496| [222] Apache HTTP Server test-cgi Arbitrary File Access
12497| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12498| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12499|_
12500445/tcp closed microsoft-ds
125011723/tcp closed pptp
12502######################################################################################################################################
12503 Anonymous JTSEC #OpWhales Full Recon #28